A recently discovered Trojan for Android led Google to say it would "take steps" to ensure malware didn't end up in the Android Market in the future. Whatever steps those may be, it's highly likely there are tons of malware-laden mobile apps out there. Are there any best practices for detecting clean apps from infected ones? Is there a simple strategy we can communicate to corporate users to help them pick clean apps?
By submitting your personal information, you agree that TechTarget and its partners may contact you regarding relevant content, products and special offers.
The recently discovered DroidDream Trojan wasn’t the first Trojan for Android and wasn’t the first time Google removed malware from the Android Market or from smartphones. The steps Google Android security head Rich Cannings stated the company would take to remove the malware should help minimize the impact on users. As such, it's likely Google is more effectively identifying Trojans -- or any Android malicious apps -- and removing them from their Marketplace.
One way to determine whether an app may be malicious is to check the feedback on applications from other users. However, users will still need to minimally evaluate applications when installed to see if they are granting access to too much on the local system.
Best practices for detecting secure Android apps from infected ones are still emerging, but users should use extreme care when installing applications from outside of trusted marketplaces. A simple strategy that you could communicate to enterprise users as a part of your smartphone security awareness policy would be to use trusted marketplaces only and to have users check with a third party that evaluates applications for security. The Veracode directory lists applications they have approved, and the directory is expanding across mobile applications and to other similar vendors who rate applications like NSS Labs Inc. or West Coast Labs. Enterprises could also deploy antimalware software to users' smartphones that could prevent malicious applications from getting installed. These additional security tools add processing overhead to the operations and management of the smartphone, however, you should weigh the risks and benefits.
Related Q&A from Nick Lewis
The SQL Slammer worm has re-emerged to attack a vulnerability in Microsoft SQL Server 2000. Expert Nick Lewis explains what enterprises can do to ...continue reading
The Fruitfly Mac malware has decades-old code, but has been conducting surveillance attacks for over two years without detection. Expert Nick Lewis ...continue reading
A Gmail phishing attack brought users to fake login pages designed to look like Google's. Expert Nick Lewis explains how users can prevent similar ...continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.