Mobile devices, such as tablets and smartphones, have become the primary technologies we use in both our personal and professional lives. Here are some steps you can take to securely use and maintain your mobile apps.
Obtaining Mobile Apps
By downloading apps from only well-known, trusted sources, you reduce the chance of installing an infected app. For Apple devices, such as an iPad or iPhone, you can only download mobile apps from a managed environment: the Apple App Store. The advantage to this is Apple does a security check of both the mobile apps and their authors. While Apple cannot catch all the bad guys or all the infected mobile apps, this managed environment helps to dramatically reduce the risk of you installing an infected app. In addition, if Apple does find an app in its store that it believes is infected, it will quickly remove the mobile app.
Windows Phone uses a similar approach to managing applications. Android gives you more flexibility by being able to download a mobile app from anywhere on the Internet. However, with this flexibility comes more responsibility. You have to be more careful about what mobile apps you download and install, as not all of them are being reviewed. Google does maintain a managed mobile app store similar to Apple’s, called Google Play. The mobile apps you download from Google Play have had some basic checks. As such, we recommend you download your mobile apps for Android devices only from Google Play. Avoid downloading Android mobile apps from other websites, as anyone, including cyber criminals, can easily create and distribute malicious mobile apps and trick you into infecting your mobile device. As an additional protection, consider installing anti-virus on your mobile device.
To reduce your risk even more, avoid apps that are brand new, that few people have downloaded or that have very few positive comments. The longer an app has been available or the more positive comments it has, the more likely that app can be trusted. In addition, install only the apps you need and use. Ask yourself, “Do I really need this app?” Not only does each app potentially bring new vulnerabilities, but also new privacy issues. If you stop using an app, remove it from your mobile device. (You can always add it back later if you find you need it.)
Moreover, you may be tempted to jailbreak or root your mobile device. This is the process of hacking into it and installing unapproved apps or changing existing, built-in functionality. Jailbreaking bypasses or eliminates many of the security controls built into your mobile device, but often also voids warranties and support contracts.
Installing or configuring mobile apps often requires that you grant certain permissions. Ask yourself, “Does the app really need those permissions to do its stated job?” For example, some apps use geo-location services. If you allow an app to always know your location, you may be allowing the creator of that app to track your movements; perhaps they can even sell that information to others. If you do not wish to grant the permissions an app is requesting, shop around for another app that meets your requirements. Remember, you have lots of choices out there. Apple devices allow some permissions to be changed in Settings or at runtime, such as access to geo-location information. Windows and Android mobile devices present you with an all-or-nothing approach. If you do not grant all of the specified permissions, you can’t install the app.
Mobile apps, just like your computer and mobile device operating system, must be updated in order to remain current. Criminals are constantly searching for and finding weaknesses in apps. They then develop attacks to exploit these weaknesses. The developers that created your app also create and release updates to fix these weaknesses and protect your devices. The more often you check for and install updates, the better. Most platforms allow you to configure your system to update mobile apps automatically. Finally, when your apps are updated, verify any new permissions they might require.