8:22 PM
Lecor Martineau
According to NQ Mobile Security Research Center, more than 160,000 Android phone owners were affected by malware called UpdtBot, which spreads itself via text messages telling people to download a software update. UpdtBot appears to be mostly in China, but even in English-speaking countries thousands of people have so far been fooled by a fake app that doesn't do what it claims to, and there are several more on the Google Play store.
How can you tell the difference between real apps and fake ones -- or worse, even malware?
1. Read the description and reviews
The fake app in question, according to Steven Blum of AndroidPit, is called Solar Charger by szlab. Even if you didn't already know that an app can't turn your Android device's screen into a solar panel, the end of the description explains that the app is a joke that's designed to fool people into writing angry reviews. It also warns people not to really leave their phones out in the sun, as this can damage them.
If something seems too good (or unbelievable) to be true, read the description and reviews carefully, and look it up on your favorite search engine if you're still not sure. Things you should be especially wary of are apps that tell you to shake, drop, squeeze, or otherwise risk damage to your phone; and apps that purport to be free versions of popular iPhone or Android apps but that have few downloads or coherent reviews, use generic icons, or are all written by the same author. The "Mother of all Android Malware" scare last year involved such dodgy apps.
2. Look closely at the permissions
Most people don't do this -- or need to do this -- for every app that they download, especially an Editor's Choice app on the Google Play store. But if you're suspicious that an app might not do what it claims to, look at the permissions it asks for when you install it. An app that requests things like (for instance) the ability to send SMS text messages, when it isn't an SMS app, ought to be looked at a little more carefully.
3. Only get apps from trusted sources
The Nook store and Amazon's "Appstore" review apps before publishing them, like Apple's iTunes store does. If you download apps from the Google Play store, though (formerly known as the Android Market), you should know that pretty much anyone can put stuff there without needing permission. It's up to you to make sure they're legit, by looking at permissions, reviews, the app's homepage, and anything else that you can.
As for "updates" sent by SMS? It's probably a good rule of thumb not to download anything sent to you by a text message unless you specifically asked for it, just like how Windows users shouldn't open programs sent as attachments by email. Wireless carriers can generally update your phone without your permission, anyway.
Posted in 