DroidDream: Securing your Android phone against malware

So we decided to put our advice into action in the NetSafe office after this morning’s post on the discovery of DroidDream.

My colleague John willingly checked out his Motorola Droid’s firmware and discovered he was running 2.1 (Eclair) and (worringly) unable to upgrade.

Next up he installed AVG’s free anti-virus for Android app (there are others available also we should note) and discovered to his surprise that the scan picked up one of his fun wallpaper apps as malware.

John ‘fixed’ that issue by uninstalling the app concerned – the Jackeey Wallpaper app it turns out was identified as a risk back in July last year but Google later lifted the Market ban stating to the developer:

“Our investigation has concluded that there is no obvious malicious code in your apps, though the implementation accesses data that it doesn’t need to.”

Once that app was uninstalled he moved on to OS insecure settings flagged by AVG and turned off the ability to install apps from outside the Market.

A quick rescan and the phone is now considered secure and can be set up to re-scan automatically just as your desktop PC would.

There’s a 3 minute video below of the process if you want to follow along. Please leave a comment if you find similar issues on your Android powered phone:

Update: For the alternative take on ‘the semiannual Android malware freakout show’ read JR Raphael’s opinion on the latest smartphone virus reports:

I’ve said it before, and I’ll say it again: Threats are everywhere. The answer isn’t locking down the world; it’s taking basic precautions.

Be Sociable, Share!

3 thoughts on “DroidDream: Securing your Android phone against malware”

  1. I have a Samsung Galaxay phone from Parallel Imported and followed your advice and it is using 2.1 also. There is no obvious way to upgrade the Android system so how do I do this step? The upgrade button does not do anything. Do I need to connect the phone to my computer to update?

  2. Chiz – as far as I can tell the iPhone is considered secure if you have not jailbroken it, that is ‘unlocked’ the Apple operating system to install non-Apple approved apps, etc. Apple screen apps for sale and therefore anticipate malware, they also I’m told charge developers more for the approval process and take longer thereby slowing the process!

    This story from the Wall Street journal suggests though that “In the past, Apple has also pulled apps from its App Store after they were discovered to send information about users and their phones to outside parties without the users’ knowledge or consent.” See http://www.theaustralian.com.au/business/news/google-takes-heat-over-android-app-security/story-e6frg90x-1226018273352

    A quick Google turns up this article which suggests as apps can’t run in the background on the iPhone (version 3, the 4 allows multi tasking) they are of limited use and that “iPhone apps run in a “sandbox” environment which prevents them from interacting with other apps, or accessing any data outside the sandbox” – see http://askbobrankin.com/antivirus_for_smartphones.html

    Search for anti virus in the App Store and you will see free apps, the highest rated one entitled ‘Sophos Security Threat Monitor’ but this is a news feed and not a ‘cleaner’

Leave a Reply

Your email address will not be published. Required fields are marked *