-
add to favourites
Malicious activities “given a green light”
Wednesday, July 20, 2016
Android is an open-source platform which means that any developer can design applications for it. As a result, programs for various Android versions number in the hundreds of thousands. How can a user decide if they need a certain application? After all, one can't test all of them!
Reading user reviews in the store and on forums prior to installation is one of the common recommendations made for solving this problem. A high user rating and lots of downloads are supposed to indicate that an application is useful and user-friendly. And, for some reason, secure, too. But that’s not true!
Malicious applications uploaded by attackers onto Google Play have been downloaded many thousands of times!
Find out more in the Anti-virus Times issues Never trust, always verify! and lves in sheep’s clothing lurk in stores.
- It is also recommended to check the application developer's or the publisher’s official site. Of course, the developer's site will be a more reliable source of information than user reviews, but here criminals have found a way around that, too. Now they are increasingly more often distributing malicious code with legitimate programs. For example, they embed malicious features into harmless applications or create malicious plug-ins for legitimate programs.
- Checking an application's permissions (listed in the manifest file), which are displayed prior to its installation, is another security tip for vigilant users. The user can't grant permission for some things and not for others. If an application appears suspicious, all the user can do is reject it.
Unfortunately, many users tap OK and proceed with an installation without thinking about why the application is requesting access to certain features. Although, naturally, one might wonder: Why does a calculator or a torch app need to make outgoing calls or send SMS messages, or be able to access the camera and take photos? But sometimes developers add certain unnecessary features to a product “just in case”. So this doesn't necessarily mean that a program is malicious—it’s just what the developer decided, and the program may never need the feature that is listed in the program requirements.
It's really hard to determine whether good reasons or malicious intent are behind a permission request.
Here is a complete list of Android permissions: https://developer.android.com/guide/topics/security/permissions.html
But who can really tell whether a program actually needs access to a certain feature or not?
So is there a way?
#Google #AndroidThe Anti-virus Times recommends
An anti-virus will protect your device from common malicious programs, however, that doesn't mean that you don't have to be careful and don’t have to pay attention to what you are doing.
Check the permissions!
You can check the permission list in the application store and view information for previously installed programs.
In the store, open the program's page and in the Developer section, select View permissions.
To view permissions for an installed application, go to Settings, Applications (on some devices, this item can be named differently, e.g. Application Manager), choose the application and scroll down to the section Permissions.
For more information about permissions, visit the Android developer's site.
![[Twitter]](http://st.drweb.com/static/new-www/social/no_radius/twitter.png "Shared 16 times")
Tell us what you think
To leave a comment, you need to log in under your Doctor Web site account. If you don't have an account yet, you can create one.
Comments
vasvet
19:26:22 2018-07-02