Mobile security: It’s time for a little tough love for Android users
Jack Wallen dispenses his bi-annual advice to Android users on how to avoid falling prey to malicious apps and bad actors.
That’s right, Android users, it’s that time again. It seems every six months or so I am driven to offer up some tough love for our favorite mobile platform. Why? Because bad actors are always out there, hoping to steal your data and wreck your lives. It happens … frequently. And no matter how hard Google tries, it always seems to be one step behind those bad actors.
SEE: Electronic communication policy (TechRepublic Premium)
That’s not to blame Google. Hackers pretty much exist ahead of their would-be targets. Banks, retail, social media and various services are sitting targets for those who make a living off of selling and trading user information. It’s a sad state of affairs and, it’s probably not going to change any time soon. The second a company pivots to protect user data, bad actors evolve their attacks and overcome whatever barriers the companies have put in place. And because hackers can pivot faster than enterprise businesses, those companies always seem one step behind.
Ergo, much of the onus falls on the end-user. Is it fair? Sure it is. Because you can’t blame an auto manufacturer for someone who doesn’t know how to drive and crashes through a storefront. That’s on the driver (assuming there weren’t shenanigans going on with the actual car itself or some outside influence—such as another driver—that caused the crash).
So the user of Android has to take some of the responsibility for the security of their devices. And that’s what I want to address now. And every Android user out there should heed to what I have to say.
TL:DR – Stop installing apps you don’t need.
If you ever listen to one piece of advice I have to offer, let it be this one. There are millions of apps on the Google Play Store. Of those apps, a vast number of them are worthless … or worse. Malicious actors count on users not bothering to do even the slightest bit of research or consider the consequences of randomly installing apps. With that wind in their sails, they make significant headway against the public naïveté. Those developers who create apps with malicious payloads know there will always be users who’ll install an app that looks innocuous, fun or too good to be true. The truth is, they aren’t, there’s always a more reliable alternative, and they are (respectively).
SEE: How to enable themed icons in Android 12 (TechRepublic)
I get it. Many Android users install various apps to kill time or save a buck. Simple games, coupon apps, social networking … whatever it is you prefer for entertainment or cost savings. But the fun and the savings might not be nearly as beneficial as you think. Underneath that enticing app, you’ve might have installed a keylogger ready to track you (at best) or steal your credentials (at worst).
Trust me: You don’t want that.
How do you avoid it?
I have a simple rule with my Android phone: If I don’t absolutely need it, I don’t install it. On my daily driver device, I have installed maybe a handful of applications. Beyond the Google defaults, I have Twitter, Facebook, Slack, Firefox, a password manager and a DJI drone app. That’s it. Now, I have the benefit of also having a secondary phone I test with, but even with that, I only install applications I know I’m going to review or need to use for a tutorial. And with those apps, I do my research before installing them. I’ll look up the company (or the developer) that releases the app and the app itself. If I find anything questionable about the app, I won’t install it.
And that’s what every Android user should be doing. First, take the position that some of the apps on the Google Play Store aren’t worth your time. Next, always be suspicious about applications that aren’t released by a known entity. If you can’t find any information about the company or the developer, do not install anything they’ve released. Finally, always try to get by with the barest minimum of applications on your Android device, and only install an app if you absolutely need it.
SEE: The possible reasons Google is moving away from APKs on Android (TechRepublic)
Again, let me repeat myself: Only install apps that you must have. These apps might be for work or staying in communication with teams, friends or family. And if you enjoy a good game now and then, only install those from reputable companies and developers.
It’s not just the Google Play Store
Once upon a time, this advice would always start with never install any applications outside of the Google Play Store. Thing is, even the Google Play Store can’t always be trusted with keeping your devices and your data safe from harm. Because of that, you might be tempted to grab applications from other sources. Unless you absolutely know what you’re doing—don’t.
Yes, some sites and services make reputable apps available for Android. One of them is F-Droid. Some time ago, you could install the F-Droid app from the Google Play Store and then install from its catalog of apps. That is no longer the case. You have to now go to the F-Droid site, download the APK and install it manually. And as much as I respect what F-Droid is doing, the average user shouldn’t be side-loading applications on Android.
To that end, stick with Google Play Store and do not be tempted by all the shiny applications.
I know it might seem like I’m scolding a child. I don’t mean it to come off that way, but until something changes with the security of mobile apps, end-users must take this seriously. Otherwise, you’re going to find yourself falling victim to hackers over and over. Don’t let this be you.
You will be tempted. You’ll be scrolling through the Play Store and you’ll find something that looks like it could make your life exponentially better. When you do, remind yourself, “If it’s too good to be true, it is.” And until Google and Apple both do something about the rampant malware found on their respective app stores, every mobile user is going to have to deal with this kind of tough love to remind them to not fall prey to bad actors and malicious apps.
Subscribe to TechRepublic’s How To Make Tech Work on YouTube for all the latest tech advice for business pros from Jack Wallen