A recent report by Nokia's Threat Intelligence Report says Android devices are much more likely to become infected compared to other operating systems. Making Android the least secure mobile operating system.
The Nokia Threat Intelligence Lab focuses on the behavior of malware network communications to develop detection rules that identify malware infections based on command-and-control communication and other network behavior. This approach enables the detection of malware in the service provider's network and the detection rules developed form the foundation of Nokia's network-based malware detection product suite.
Nokia found that 68% of all infected devices past year were running Android OS, followed by 28% running Windows(including desktop PCs) and less than four percent running iOS. Even though this sounds horrifying it isn't very alarming as they also calculated that the proportion of Android devices infected compared to the number of Android smartphones out there comes to an average of 0.94 percent for this year which is higher than Google's estimate of 0.71 percent.
Nokia also concluded that this is mainly because of the increase in mobile adware installed on the devices which are distributed as Trojanized applications. The user is tricked by phishing, advertising, or other social engineering into downloading and installing the infected application. Such apps can only be installed via side-loading them which is an option disabled by default.
The other security threat to Android is the apps which come from third-party app stores which leave users infected. These stores are a common thing in China and regions where Google is banned, places, where only 4% Androids app comes from Google Play Store and rest 96%, is dominated by these third-party app stores. These stores are seen on cheap Chinese smartphones which do not come with Google Play Store installed by default.
These infections not only affect users by infecting their devices but using mobile network/data to upload data from user devices they also affect mobile network performance as they generate excess network traffic.
With less than 1% of Android users becoming victim of infected and only about 0.05 percent of infected apps are found in the Google Play Store, users still need to make sure that they do the best they can to avoid being the victim. Nokia's report was based on sixteen-million Android malware samples of which 53 percent came in the past year. So some precautions are necessary.
Always Update
Never skip an update from your OEM, Google provides monthly security updates to fix various vulnerabilities they discovered. The famous Blueborne and KRACK Wi-Fi vulnerabilities too were fixed in their respective security patches. This is passed down to all the OEMs which then push it to their devices/users. Even though Google provides them every month, OEMs choose to either provide them monthly or bundle them together and provide once every few months. Make sure you update your device as soon as you get it. This keeps your device secure from all known issues.
To know if your device has the latest Security Update go to Settings > About > Android Security Patch Level.
Trust only the Google Play Store for Apps
This may sound obvious but the other most important thing to do is always download apps from the Google Play Store and avoid using any third-party app store to download your apps. Even though some infected apps get slipped into the Play Store, Google is working round the clock to detect and remove these apps from Play Store as soon as possible. Google recently launched Google Play Protect which actively scans all your installed apps and warns you of any suspicious app. This also helps Google learn how infected apps work to avoid them being published in the Play Store. Every month Google removes 100s of apps from Play Store which are infected by an adware or malware or are designed to launch DDoS attacks. Making Google Play Store the safest place to download your apps from.
Another way infected apps get installed on your device is if you let them. Any pop up which lets you download a file and install an app via an APK should not be entertained this can be avoided by disabling installing apps from unknown sources. Go to Settings > Security > Disable Unknown Sources.
Side-loading apps via an APK is never secure or safe. Pirated apps available out there are not safe nor secure, so do not fall for it these APKs could be modified to install a malware in the background.
Double Check What you are Installing
As mentioned, there still is a small chance of you installing a malicious app from play store to avoid installing that make sure you are being smart when installing any app. Play Store has detailed info about the app on its page, check the name of the developer and how legitimate they look. Most legit developers have a good profile image and proper name if anything looks fishy stop right there and investigate further by checking the developer's name, website, past apps, reviews and make sure they are not just providing junk apps. Most popular apps with millions of downloads usually have good reviews and for many of these developers are ranked as Google's Top Developer with a blue diamond around them which says a lot of the quality of the app.
Despite all this you still need to cautious when installing the app and running it the first time, check what permissions the app is asking for. Not all apps really require the permission to access your SMS. Some apps are notorious to be disguised as a good app but collect user information via these permissions. The least amount of permissions, the legit the app is.
How to know what permission to provide? Use common sense, if you are installing a game it should be asking permission to your Phone or contacts. If you are installing a recipe app there is no good reason for it to know your location or calendar.
Install an Android Antivirus App
No, seriously it will help. You must have heard Android Antiviruses do nothing against Android malware & adware but this isn't completely true. Given these apps aren't as robust as desktop ones are but smartphone antivirus work differently than they do on desktops.
These apps detect infected/suspicious apps and warn you before they could do any damage. They also block malicious websites from loads and always alert you when you are installing an all from untrusted sources. So basically side-loading APKs is never recommended by them. Some popular Antivirus apps for Android are, AVG, Avast, Avira, ESET, Kaspersky, Norton. Choose one that is easy for you to use and understand. These work like being precautionary apps.
Along with malware, adware too has risen which cause a big concern when it comes to user privacy as the main goal of adware is to steal your personal information and provide you ads which cater to you. This way you get targetted advertisements. So while browsing make sure you aren't clicking suspicious links or installing apps from pop-ups.