Many of us have been conditioned to think that we need to install antivirus or malware protection apps on our phones, lest we become the victim of a shady group of people who want our data.
That’s bad information, which Check Point’s recent report on alleged security apps stealing people’s banking information really drives home.
Yes, you read that right – apps listed as Android antivirus or anti-malware security software were actually stealing banking data from users in Italy and the UK. Around 15,000 people in total were affected before the apps could be removed from the Play Store. .
Since these apps may exist in third-party app stores, I’ll give them some exposure. They are all from three developer accounts: Zbynek Adamcik, Adelmio Pagnotto, and Bingo Like Inc. If you see apps from these developers, steer clear.
The biggest problem here, however, is that these developers were smart enough to tackle the innate FUD that has surrounded Android since day one – it’s filled with security vulnerabilities and there’s malware everywhere just waiting. you to install it.
Nothing could be further from the truth.
Your Android phone can’t even catch a virus
The word virus gets thrown around a lot, but did you know that your Android (and iOS) phones and tablets can’t get one or pass it on?
Both can be infected with other types of malware though, so it’s important to recognize what can and can’t happen.
A virus is a piece of code that can automatically install, replicate, and transfer itself to another device without any help from you. Nothing on Android or iOS can be done automatically unless Google or the company that created your phone’s operating system wants it to.
This is due to the user/group permission model. You are a user, and as a user you are part of a group of other users with similar permissions. the system is also a user and it is in a different group with other permissions. Every file and folder on your phone knows which users and/or groups are allowed to make changes to it. If you don’t have the correct permission as a user or the correct permission as a member of a group, you can’t change anything.
Some users and groups have elevated permissions, like the system level that Google or Samsung would have if you were using a Galaxy S22, for example. And if you like to tinker and you’ve rooted your phone, you can give yourself superuser permissions so you can tweak anything you want.
No app can be installed without a user who has permission to install apps (i.e. you and any other users who have signed in to your phone) saying it’s OK. Once installed, this application can only access its own data and files, so it cannot copy itself elsewhere. And even if it were to be passed to another user, it has the same constraints on another phone – someone has to manually press a button that says yes when it asks to be installed.
But there are other types of malware. Usually the malware tries to collect random data from other apps about you and then sends it back to a centralized server. It might seem harmless, like the apps you have installed and how often you use them, or it might be sensitive, like your banking password. Both are dangerous.
This kind of misuse of our data isn’t supposed to be possible, but there are plenty of people with bad intentions who are just as clever as the people who wrote the operating system on your phone. Software vulnerabilities are common. But they are also regularly patched, which is why security updates are the most important updates of all.
This second type of malware is what smartphone users should be concerned about, not a virus. And once upon a time, you had to be careful or use a third-party app to make sure you didn’t get into trouble with a bad app. But that era is over.
You already have the right malware scanner
Unless your phone is running a fork of Android that has removed everything from Google, you already have the malware scanner you need and it’s called Google Play Protect.
Most people think it exists to scan the apps you downloaded and installed from the Play Store, but that’s not how it works. It regularly scans all the third-party apps installed on your phone and reports anything suspicious directly to you. If you haven’t seen a notification about a bad app, that means you haven’t had one.
Android is very similar to Windows in this regard. At one time, it wasn’t a bad idea to use a third-party malware scanner on either operating system. Those days are over and Microsoft and Google have realized the importance of providing the necessary tools themselves and keeping them up to date automatically.
Most of the time, installing a second malware scanner app won’t do anything wrong – unless it’s a bank account stealing trojan disguised as a security app. – and there are things that Windows Defender or Google Play Protect aren’t going to consider malware.
If you want to know more about tracking cookies or the personal information you automatically share, it is necessary to use a tool to do so, because Microsoft and Google do not consider them to be malware. But if you’re just worried about bad apps stealing data from the best Android phone you just bought, you’re already covered.