5 Ways to Avoid a Fake Installer on your Android
There are two critical things you must do after purchasing an Android smartphone. Firstly, wipe away those tears of joy. And secondly, put in some protections.
This year, a report released by Strategy Analytics found Android smartphones made up 80 per cent of smartphone sales across the globe, and the Malware Threat Center (MTC) found 92 per cent of all detected mobile malware was targeting the Android Operating System.
A report by Juniper revealed 73 per cent of Android malware belongs to the Android.FakeInstaller or OpFake family, which generates revenue by leveraging your Android’s SMS features. The malware disguises itself as a legitimate app, or bundles itself with whatever you think you’re downloading. It places a fake installer on your mobile and displays a user agreement asking for permission to send text messages. Once you’ve agreed, it sends expensive text messages to your attacker, costing you more than you bargained for.
Here are five ways to avoid fake installers on your Android:
1. Check the App Permissions
Sometimes you get carried away and agree to whatever user agreement the app throws at you. Before you install your app, always check what the app is allowed to access, and what it can do with accessed data. Ensure you understand how the list of required permissions corresponds to what the app actually does. For example, if a News app wants permission to access your text messages, it’s a safe bet you’re about to download a fake installer. Even when buying off Google Play, always thoroughly check app permissions.
2. Avoid the Third-party Marketplace
Downloading from unauthorised app stores dramatically increases the possibility of downloading a fake installer. While it’s true Google Play has disseminated apps infected with malware before, the store is obligated to meet your security expectations. Bear in mind they also have their reputation to maintain, and therefore will relentlessly try and protect you from fake installers.
You have no such guarantee regarding the safety of apps from third-party app stores. In fact, Juniper has reported at least 500 non-Google Play stores offering fake installer mobile malware. So unless you’re a veteran at detecting dodgy apps, my advice is to stick to recognised vendors like Google Play and Amazon.
3. Sideload Carefully
One of the reasons you love Android is its open source environment, which lets you source from places other than the sanctioned method. The downside is the platform is more vulnerable to malware, and enabling sideloading makes it even more so.
When it comes to sideloading apps onto your Android, it’s risky business. By default, sideloading is disabled to protect your Android from malevolent malware, which can often be found lurking in pirated apps. Therefore, my advice is to err on the side of caution and download from reputable sources like Google Play, Amazon and Humble Bundle, and avoid unknown sources unless you’re savvy enough to recognise hidden malware.
4. Choose your Anti-malware Wisely
When selecting your anti-malware, you need to choose carefully. It’s important to note AV-Test found the majority of free anti-malware solutions fail to detect more than 10 per cent of malicious apps, while paid solutions are capable of identifying up to 80 per cent of installed threats.
Fake installers are evolving, using server-side polymorphism, obfuscation, and other techniques to avoid detection by antivirus software. As if that’s not bad enough, malware writers purposefully test their code to bypass major scanners anyway. For this reason, some see anti-malware as a waste of money, but leaving your Android naked of protections is akin to leaving your luggage unzipped at the airport. Even though anti-malware can’t fend off everything, they do afford a layer of protection.
If it’s any comfort, not only do anti-malware flag suspicious apps and bring them to your attention, the software is regularly being upgraded. My advice is to purchase software from reliable vendors like Avast, Symantec and Lookout, always check reviews and keep in mind paid versions have a tendency to perform better than free versions when making your decision.
5. Upgrade your OS
Just like a real virus, fake installers evolve and adapt to the changing levels of security in Android smartphones. The reason these OS upgrades roll out is because developers have found ways to improve the device and fix security problems. When you regularly upgrade you reduce your vulnerability to fake installers and other malware. For example, the Android 4.2 notifies you when an app tries to send a text message to a premium service, while the 4.3 offers to automatically scan sideloaded apps for malware. Sometimes repeated upgrading can seem like a hassle, but the trade-off is a couple of minutes, a few times a year for confidence in your financial security.
Avoid a fake installer on your Android
According to Canalys, the number of Android smartphones will have reached one billion by 2017. An upsurge in market share means an adjacent rise in fake installers and other malware designed to attack the Android OS. With projections like that it’s more important than ever to be aware of the hazards of downloading dodgy apps. A good rule of thumb is don’t download anything that looks suspicious, from anywhere that looks suspicious. Be vigilant in upgrading your anti-malware and Android OS, and you’ll radically decrease your chances of downloading a fake installer.
About the Author
At 31 years old, Gordon Tan is the Managing Director of one of Australia’s fastest growing IT Support Companies R & G Technologies which employs over 30 staff. Having started the company 10 years ago he is passionate about educating others on how to grow successful and sustainable businesses.