‫ Recommendations: Protecting against mobile malware

Number: IRCAR201408227

Date: 2014-08-05


F-Secure release some recommendations about “how to protect against mobile malware”. In this article we ‘ll look at these recommendations in 4 areas. 

Securing the device

Today most people have their email accounts (personal and/ or work) and other critical services on their mobile devices. This convenience also means that if your device is lost or stolen, your losses could involve more than just the physical device.

And despite concern about online-based attacks, the easiest way for malware to get on a device is still for someone to manually install it while the device is in their possession. In other words, protect your device’s physical security first.


1.     Lock the device

Locking your device prevents anyone else from meddling with its settings and installing an app (such as a monitoring-tool or spyware) while it is out of your possession. For the lock to be effective, make sure the password/passcode/pattern is unique and preferably memorable for you without being easy for someone else to guess.


2.     Set up anti-theft protection

Anti-theft protection typically provides you the ability to remotely wipe the data on your phone, including on any memory cards installed, if you decide your phone is irretrievable.

Some anti-theft solutions also include features such as location mapping or sounding the alarm, to help when attempting to locate the device.


When downloading apps

Once your device’s physical security has been addressed, you can also take the following steps when downloading an app.


3.     Download apps only from the Play Store

By default, Android devices block installation of apps from any source other than the Play Store. you can check to make sure your device only allows Play Store apps by looking in setting > applications > unknown sources. If the checkbox is checked, non-Play Store apps can be installed. Uncheck this.


4.     Check the apps’ permission requests

Whether you’re downloading from the Play Store or other sources, make sure to read the app’s list of requested permissions.

If the requested seem excessive or unrelated to the app’s purpose—for example, a casual game asks to send SMS messages—you can check the developer’s references for more details, as reputable developers usually explain why the permissions are needed. If the use appears justified to you, then you may elect to download the app.


5.     Scan apps with a mobile antivirus

Once downloaded onto your device, use a reputable mobile antivirus to scan the app.


Blocking unwanted services

Lucrative profit-generating mechanisms for mobile malware are to silently send premium rate SMS messages, subscribe the user to continuous premium services, or to force the device to call premium-rate numbers. Blocking premium calls or messages is one way to minimize financial losses, even if malware does get installed.


6.     Set up call or message barring

Most operators allow users to set up a call or SMS barring service to block the device from sending unwanted calls or messages.

Some services also provide a PIN number or other method that allows the user to selectively remove the barring, if they desire.


While online

As websites have evolved to cater for visitors browsing from mobile devices, we’ve also seen malicious sites follow suit.


7.     Use web browsing protection

To avoid stumbling onto a malicious site while surfing on a mobile device, use web browsing protection (available from most antivirus solutions) to block known harmful sites.


بدون نظر
شما برای نظر دادن باید وارد شوید


تاریخ ایجاد: 7 مهر 1393


امتیاز شما
تعداد امتیازها:0