Tips and tricks for ensuring mobile data security
A comprehensive collection of articles, videos and more, hand-picked by our editors
A recently discovered Trojan for Android led Google to say it would "take steps" to ensure malware didn't end up in the Android Market in the future. Whatever steps those may be, it's highly likely there are tons of malware-laden mobile apps out there. Are there any best practices for detecting clean apps from infected ones? Is there a simple strategy we can communicate to corporate users to help them pick clean apps?
By submitting your personal information, you agree that TechTarget and its partners may contact you regarding relevant content, products and special offers.
The recently discovered DroidDream Trojan wasn’t the first Trojan for Android and wasn’t the first time Google removed malware from the Android Market or from smartphones. The steps Google Android security head Rich Cannings stated the company would take to remove the malware should help minimize the impact on users. As such, it's likely Google is more effectively identifying Trojans -- or any Android malicious apps -- and removing them from their Marketplace.
One way to determine whether an app may be malicious is to check the feedback on applications from other users. However, users will still need to minimally evaluate applications when installed to see if they are granting access to too much on the local system.
Best practices for detecting secure Android apps from infected ones are still emerging, but users should use extreme care when installing applications from outside of trusted marketplaces. A simple strategy that you could communicate to enterprise users as a part of your smartphone security awareness policy would be to use trusted marketplaces only and to have users check with a third party that evaluates applications for security. The Veracode directory lists applications they have approved, and the directory is expanding across mobile applications and to other similar vendors who rate applications like NSS Labs Inc. or West Coast Labs. Enterprises could also deploy antimalware software to users' smartphones that could prevent malicious applications from getting installed. These additional security tools add processing overhead to the operations and management of the smartphone, however, you should weigh the risks and benefits.
Related Q&A from Nick Lewis
An HTTPS session with a reused nonce is vulnerable to the Forbidden attack. Expert Nick Lewis explains how the attack works, and how to properly ...continue reading
The Irongate malware has been discovered to have similar functionality to Stuxnet. Expert Nick Lewis explains how enterprises can protect their ICS ...continue reading
APT groups have been continuously exploiting a flaw in Microsoft Office, despite it having been patched. Expert Nick Lewis explains how these attacks...continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.