It’s wise to ask, “Are apps safe?” Apps can contain malware, a kind of software that can damage your smartphone, put your privacy at risk, and waste resources. A majority of apps are safe to download, but among them are silent lurkers waiting to impose on your device and possibly steal your private information.
Everyone needs to know how to judge whether a mobile app is safe to download. Mobile phones are expensive and contain massive amounts of personal information. Even the most reputable app stores can not guarantee that every app is safe. Responsible consumers can learn how to mitigate this risk by using information gathered while learning about the app.
Dangerous malware-containing apps are gateways for malicious activity. In plain English, some apps tap into your phone and steal sensitive data. Your phone can even become controlled by people with nefarious intentions. Downloading an infected app could even turn your device into a bot.
If your device becomes a robot under the control of some groups, they can use your device as a part of larger attacks. Not only can these people get your info, but they can also make your device a part of their botnet army.
Raising awareness about app security is important. Just because an app is on the Google Play Store or the Apple App Store it doesn’t make it safe. These companies regularly remove apps that might contain malware when they find them, but some apps slip past and downloaded by unsuspecting users.
You can protect your smartphone from malware by learning the characteristics of a trustworthy app. Don’t be afraid to make app security a discussion for the round table. By doing so we help spread a kind of technological literacy that protects those we love.
Know Your Source
The safest route to find apps is to download from reputable markets. Navigating through today’s consumer-driven open mobile ecosystem isn’t easy. It’s plagued by a widespread lack of law and order. Apps can be downloaded from an app store or side-loaded with a direct USB connection. Even when downloading from within an app store, it’s not uncommon to bump into third-party apps.
Don’t download apps impulsively. Instead, take the time to get to know your source. Marketplaces provide aggregation for apps, including third-party. They offer first-party apps, made by the vendor of your phone. They also offer third-party apps, made by someone other than the phone manufacturers.
Download third-party apps expand the relationship between you and the phone developer. The new relationship is between you, the phone maker, and the maker of the app. For each app you download, you add more cooks to the kitchen.
How do you know if an app marketplace is trustworthy?
Some characteristics of a safe marketplace are:
What about downloading apps outside of the app store?
App stores provide consumers with added layers of security. Even though not every app on app stores is safe, there is far less chance of running into issues on app markets.
Downloading apps outside of the marketplaces is referred to as side-loading. Bypassing reliable app markets is dangerous. There is a reason these apps can not be found in app stores.
Apps within Google Play and the Apple App store are screened for legitimacy, quality, safety, and many other factors. Apps outside of markets are more likely to be infected with malicious programming.
Learn more about the vendor and/or developer before installing an app. The vendor is the entity that supplies the app to the consumer.
Many app stores link to the vendors’ web page. On the Google Play store, this is found at the bottom of the app’s page. If there is no link, or the link doesn’t work, then look them up in a search engine. It’s up to consumers to do their homework. Reputable app developers are easy to research.
Some questions to ask about app vendors are:
Apps should not have too many permissions. The ones they do have should be appropriate to the app. Permissions give the vendor of the app access to various parts of your phone. It’s obvious that apps need to interact with the phone. However, they should only interact with the systems necessary for the intent of the app.
Apps are going to be around for a long time. Consumers need to understand permissions to know when app vendors are crossing the line. Do not install an app when an app maker is overstepping their bounds.
An app with a long list of permissions should send up a red flag. When an app’s permissions seem unnecessary to the functioning of an app, then you may need to think twice before downloading it.
Examples of permissions an app might ask for:
These are just a few things that apps can do. Some permissions give apps access to messages, phone call logs, and access to other personal information. Before agreeing to permission ask yourself if the app really needs the ability to interact in that way. If you’re downloading a crossword app, do they really need access to the camera? Does a cooking game really need access to your messages?
Only download apps that respect the user’s right to privacy. The fewer permissions apps request, the more likely it is to be safe.
Users need to pay attention to are the number of times downloaded and the app rating. These numbers indicate the degree to which an app performs. They are milestones used to gauge trustworthiness.
If an app has been downloaded more than 10 million times, then it is likely to be safe. The more an app is downloaded, the more opportunity for the app vendor to gain trust. Apps with high volumes of downloads are time tested and customer approved.
This doesn’t mean you shouldn’t download apps with fewer downloads. But you should spend extra time inspecting the permissions and investigating the vendor.
User rating is another way to tell if an app is safe. Be cautious about apps with low ratings. If the download to rating ratio doesn’t make sense, then think twice before getting the app.
Reading reviews is a good way to see how others feel about apps. Don’t make your mind up solely based on reviews. Not all reviews should be weighted equally. Watch out for reviews that don’t seem real.
If you pay close attention, it becomes easy to pick out real reviews. Great apps have lots of great reviews from real users. They will have some complaints, as well. The quality of the reviews gives consumers insight into the quality of the app.
Now that apps are a part of everyday life, it is time to give apps more thought. With time it becomes easy to learn to identify safe, quality apps. Not only do we need to know how to find download-worthy apps, but it’s also important to teach our kids and/or parents to do the same.
Knowledge is a powerful tool for consumers. Collect as much as you can, and encourage others to do the same. If you do run into an app that you think is malicious, then contact the app store where you downloaded it. If you run into a great app, don’t be afraid to rate it well and leave a review.
It is possible that attackers could embed malicious URLs containing custom malware into a QR code which could then exfiltrate data from a mobile device when scanned. It is also possible to embed a malicious URL into a QR code that directs to a phishing site, where unsuspecting users could disclose personal or financial information.
Because humans cannot read QR codes, it is easy for attackers to alter a QR code to point to an alternative resource without being detected. While many people are aware that QR codes can open a URL, they can be less aware of the other actions that QR codes can initiate on a user’s device. Aside from opening a website, these actions can include adding contacts or composing emails. This element of surprise can make QR code security threats especially problematic.
A typical attack involves placing malicious QR codes in public, sometimes covering up legitimate QR codes. Unsuspecting users who scan the code are taken to a malicious web page which could host an exploit kit, leading to device compromise or a spoofed login page to steal user credentials. Some websites do drive-by downloads, so simply visiting the site can initiate a malicious software download.
Mobile devices, in general, tend to be less secure than computers or laptops. Since QR codes are used on mobile devices, this increases the potential risks.
Take not after scanning the QR code that you are directed to the manufacturers URL for downloading. EG apps developed by my business Easy Mobile Apps are directed to Easyapps.net a legitimate website.