If Android is as safe as Google says, does your phone or tablet really need antivirus software?
For years now we’ve heard about the importance of antivirus software, but times are changing and whereas previously many of their computing tasks took place on a desktop system they now take place on a phone or tablet.
Android viruses have hit the headlines before, leading users to think installing some sort of security software is a good idea. And it goes almost without saying: the more popular Android becomes the more of a target it is for the bad guys. But do you really need to install a resource- and battery-hogging antivirus app on your phone that is going to plague you with irritating notifications?
In almost all cases, Android phones and tablets do not need antivirus installed. Android viruses are by no means as prevalent as media outlets may have you believe, and your device is much more at risk of theft than it is a virus. But it is true: Android viruses do exist.
The vast majority of known Android viruses have been installed on the back of dubious apps – apps you will no longer find in the Google Play store. By default Android does not allow you to install apps from other sources, so there’s no chance of you accidentally installing something nefarious.
Supposing a dodgy app does find its way into the Google Play market, Google will quickly pull the app and uninstall it from your device. But what if it comes back? Symantec has found at least seven malicious apps on the US Play Store that were pulled and then reappeared under new developers with new names.
False-positive results are common with such apps, however, so you may find your AV app reports an app as dodgy when it’s actually harmless. In these cases, taking other precautions can be a more appealing way to safeguard your device from Android viruses.
Such precautions range from carefully checking any requested permissions before agreeing to them, avoiding cloned apps and keeping Android up to date (with all security patches applied).
Unfortunately, it turns out that even if you update your Android device, it may not be as up to date as you think. Security Research Labs has published the results of an in-depth study in which it claims several big-name vendors are guilty of saying they’ve rolled out important patches when they haven’t.
You should also keep your wits about you, and apply a healthy dose of common sense. You wouldn’t click on an attachment in a dodgy email from a sender you don’t recognise on your PC or laptop, and we hope you would apply that same thinking to suspicious links sent in Gmail on your phone or via WhatsApp or Facebook Messenger. Typically, these type of links are associated with phishing scams, but that doesn’t mean they won’t install a virus on your device.
(Incidentally, if you find your Facebook or email account has been sending these sort of messages to your contacts you should immediately change your passwords, and preferably contact those people and warn them to ignore it.)
Supposing your Android phone or tablet does start acting oddly and you have reason to believe malware is at play: a factory reset is all that’s required to get it back to normal (one reason why it’s a good idea to always back up Android). In many cases users report to us that they are seeing suspicious pop-up ads in their browser, or they are being redirected to a different home page to that which they configured in the settings. Our usual advice is to clear out the browser’s data cache (in Settings > Apps > Chrome > Storage). It’s worth pointing out that antivirus apps for Android often have other useful benefits, such as the ability to remotely lock or wipe a lost or stolen phone, or backup and cleanup tools. All these tools are available elsewhere – usually via free apps or manual administration – but for ease of use it can help to have everything in one place.
What about Apple iPhone & iPad?
While many security companies offer products that support the iPhone, they’re not really antivirus software; Apple has made sure that you don’t need it. The antivirus/antimalware situation on iOS is quite a bit different from that on Android. Apple keeps a much closer eye on its App Store than Google and other Android app providers do on theirs (the “walled garden” approach), which means you’re less likely to download malware from the App Store. For this reason, Apple doesn’t even allow true antivirus apps into the App Store — they’re just not needed (at least according to Apple).
Apple says it “designed the iOS platform with security at its core.” That’s more than just a simple platitude, While iPhones and iPads aren’t completely fool-proof devices — especially after they’ve been jailbroken — the iOS platform sandboxes apps inside of a user partition that limits access to the system.
Do I need to keep my operating system updated?
Yes. While you may read stories about iPhone security and privacy, such as a backdoor flaw in its Wi-Fi chip and how an iCloud account can hold a device hostage, third-party solutions can’t touch those issues. Apple guards the iPhone’s security measures so closely that the most you can do is install iOS updates, which normally include security fixes.
Of course, don’t feel the need to do so immediately, as some updates are less stable than others. Unless you’re a high-profile individual and you suspect the target of online attacks, you can probably wait a week or two after the most recent update comes out.
iOS Doesn’t Let Antivirus Work
In order to understand why you don’t need antivirus software for your iOS device, it’s important to understand how those programs function on devices that run other operating systems. In order for antivirus software to work, it needs hooks into the operating system that — when available — “also create potential vulnerabilities.” These hooks provide “very deep access to monitor what’s going on and detect malware,” and can lead to situations where the antivirus software “becomes the target of the attack.” iOS doesn’t allow for the possibility to latch such hooks into its system, thanks to a design that deeply separates the apps from the rest of the system, a process commonly known as sandboxing. That strong fence between apps and operating system has currently proven a successful design choice.
If you jailbreak your iPhone to download non-App-Store-approved apps, that’s another story. If you’re getting apps from other repositories, there’s a good chance that you could download something nasty, and there’s a precedent for it — quite a few people have dealt with iOS malware on their jailbroken devices. If you’re looking for a good jailbreak antivirus solution, you’re on your own — independent antivirus testers don’t run tests, and because the big names in antivirus don’t offer full antivirus apps for iOS, it’s tough to know which to trust.
So, what about all the security apps that are available on the App Store?
The various iOS security apps made by antivirus vendors vary in their functionality. Some, such as Avira Mobile Security, let you remotely wipe your phone if it is lost or falls into the wrong hands. But the same functions are found on Apple’s Find My iPhone app, which requires iOS 8.
Bitdefender Mobile Security provides the same remote location, lock and wipe tricks you get with Find My iPhone, it does offer one unique trick. After you register your email accounts with the app, it will alert you if your accounts ever get breached so that you can change your passwords immediately.
McAfee’s Private Photo Vault, Backup, Mobile Security app offers users a way to lock photos behind a six-digit PIN, but many iOS users already use a password to lock their devices. You can get an app like this if you want a second level of security, but we’re not sure why you’d need it, aside from hiding things from anyone that knows your unlock code.
Apps such as Webroot SecureWeb Browser offer protection against malicious websites, promising to save you from phishing attacks. While that sounds like a great feature, Safari on iOS offers a Fraudulent Website Warning feature that is enabled by default. Most website screeners work off publicly available lists of known malicious URLs, so it’s unlikely that McAfee’s would be much better than Apple’s. Also, phishing attacks are so prevalent that by now you shouldn’t need an app to remind you not to click on questionable links or type your username and password into suspicious-looking websites.
And what about Windows 10 phones & Tablets?
Windows phones & tablets only have a tiny market share, which makes them much less of a target for viruses and malware. Like the iPhone, Windows Phone is protected by a ‘walled garden’ App Store with a tight screening process designed to weed out apps carrying a malicious payload. That is not to say that something won’t slip through the net and security loopholes will be uncovered in the future but for the moment the biggest threat to Windows Phone users is fake alerts and scams that scare you into thinking that your phone is infected and trick you into parting with your credit card details for useless, and usually non-existent anti virus software. If you’re still on the Windows 8 Phone operating system, getting an antivirus app from a brand like Kaspersky or Norton is a good idea, especially if you’re getting apps from third-party app stores.
And Blackberry Smartphones?
Like Android, BlackBerry doesn’t take the “walled garden” approach to their apps that Apple does, so some nefarious apps do slip into the app store from time to time (interestingly, however, one of the recent pieces of malware that hit a lot of BlackBerry users also affected iOS devices). The number of people using the BlackBerry mobile OS is significantly smaller than those on Android or iOS, so it’s less profitable for hackers to target BlackBerries . . . even so, running an antivirus app on your phone is a good idea.