Proudly serving Virginia, Maryland and DC // Call us today! 703.396.6120
V2 SystemsV2 Systems
Phone App Security in 2022

by Erik Briceno

Just because an application comes from an “official” store, doesn’t mean it’s safe. The Google Play Store has been in the news so many times now that their security policies have been called into question on multiple occasions.

Many of these apps are actually quite popular, and indeed even functional. They’re disguised as useful tools such as currency calculators and device cleaners and are further obfuscated by the fact that they actually work as advertised. They even have rather high review ratings. Lurking behind these applications however are many variants of malware.

So, if you can’t trust the stores and your device is pretty much useless without apps, how in the world do you discover and download apps safely? Here is some advice.

Avoid installing apps from unknown sources.

We just stated that apps from the app store can be just as dangerous as those downloaded from the wild. That being said, some security is better than none. For example, while not all malware is detectable by Google, Google’s “Play Protect” runs automatically whenever you download something from their Play Store. This feature isn’t a catch-all, and some of the most news-worthy incidents have come from apps downloaded directly from the store. But it’s still better than nothing, and it’s not nearly as bad as downloading outside of the store. As a result, this is still safety precaution number one.

To check the status of Play Protect on your device, open the Play Store and tap “Menu,” then “Play Protect.” Then check the section that says “Recently scanned apps” and switch on the “Improve harmful app detection” option to send unknown apps to Google for further review.

Read the app’s summary and description.

How professional does the app’s description on the store page look? Does it describe in detail all the major features and how they work, or does it simply make a list of claims? Does it include a feedback link? (It should.) Are there a lot of grammar and spelling errors?

These things may seem trivial, but they’re signs to watch for. Notice the screenshot previews, too. Are they useful pictures, or are they generic? Are they stolen from a legitimate listing somewhere and kept vague?

Read the app’s reviews.

As a rule, always, ALWAYS read through the reviews before downloading an application. Public opinion can usually give you a good sense of whether an app is safe to use or not. While this wasn’t the case for the Anubis trojan, it’s still a very good practice to follow to help weed out some of the more common bad actors. To get a more accurate read for yourself, change the review filter from “most helpful first” to “newest first.”

Don’t blindly trust the reviews, however. The review system is far from perfect, and many developers buy fake reviews. Signs to look for are whether or not some of the reviews actually contain legitimate problems, such as a partially broken feature. A less-than-perfect rating here and there, rather than a generic five-star score over and over again with vague or little to no input, is likely more credible. An honest developer is more likely to respond to reviews, too.

Compare the app’s release date to the number of downloads.

If the app is practically brand new and is from a tiny developer, it should not have 50,000,000+ downloads. This could very well be an indication of fake downloads.

Read the app’s permissions.

Phone App Security in 2022Should a calculator need access to your contact list? Should a flashlight be allowed to store data on your SD card? The answers of course are a resounding “No.” If the application requires access for things that have very little to do with the actual alleged function of the app, that should immediately be a red flag and prompt you to reconsider trusting it.

It’s unfortunate, but it’s a veritable Wild West out there right now. Until better protections are put into place, it’s largely up to the user to be as cautious and informed as possible. It’s a tremendous burden to expect of the average person. V2 Systems can at least shoulder some of that burden.

 

Since 1995, Manassas Park, VA-based V2 Systems has employed local systems administrators, network engineers, security consultants, help desk technicians and partnering companies to meet a wide range of clients’ IT needs, from research, to implementation, to maintenance. Concentrate on your VISION…We’ll handle the TECHNOLOGY!

ebriceno
About ebriceno
Erik Briceño is the owner of V2 Systems, Inc., one of Northern Virginia’s leading Information Technology Managed Service Providers. He is an inspiring leader for its employees and instrumental business partner for its customers. He is passionate about V2’s purpose, dedicated to exceeding expectations and a consummate professional not afraid of jumping in and getting his hands dirty. Prior to joining V2 Systems in 2002, Erik was a co-founder and COO of Ampcast.com, a leading provider of online resources servicing over 5,000 independent musical artists. At Ampcast.com, Erik spearheaded all aspects of corporate development, funding, strategic vision, and business development for the firm. From 1997 to 1999 Erik held the position of Acoustic Systems Engineer for Electric Boat Corporation, a leading defense contractor. In this role, Erik was responsible for the acoustic fidelity of two noise critical systems and components in the US Navy’s nuclear submarine systems. Erik holds a B.S. in Mechanical Engineering from Vanderbilt University and a Masters of Business Administration from George Mason University. When not working, you will find Erik a dedicated family man, raising two young children with his lovely wife Karen. Together, they enjoy building legos, playing baseball, skiing, riding horses, swimming, traveling, and fixing up old Mopars.
Phone App Security in 2022
Phone App Security in 2022