juanjo tugores - Fotolia
Malicious code lurks everywhere. Android devices, whose users might be tempted to sideload apps that Google hasn't scanned for malware, are especially at risk.
Everyone can probably remember a time when they double-clicked on an email attachment and, moments later, wished they hadn't. It doesn't take long for malicious code to wreak havoc on a desktop. But sometimes malicious code stirs in the background, doing dastardly deeds while the user is completely unaware -- until the computer comes to a slow, grinding halt.
Users could avoid disaster by not opening that file, but, in their defense, emails containing viruses can look like they come from a reputable source. IT should encourage employees to apply the same security tactics they use to protect desktops from malicious code to Android devices: save the file and run it through an antivirus or antimalware scan.
IT can configure Android devices to block sideloading -- installing apps from outside of the Google Play Store -- in the first place. But let's say the company built an internal app and chooses not to distribute it through the Google Play Store -- employees who want the app would have to sideload it. There are steps they can take to avoid the risks of sideloading from unknown or untrusted sources.
Android has local antivirus and antimalware options, such as Malwarebytes and AVG Antivirus, which scan files as they are saved to a device or run a complete scan on the device. Unfortunately, they aren't the best programs to use, because they can't scan just a single file for malicious code. Before installing an application file on a device, users should try a web-based service. Some allow users to upload a single file and will in turn scan it for malicious code. Each of the following will scan an uploaded Android Package Header (APK) file and report the results: NVISO ApkScan, AndroidTotal, Metadefender and VirusTotal.
Users can also send APK files to a desktop -- via email, file transfer or other means -- and run it through that machine's antivirus application. Scan for viruses and other types of malware on the file before declaring the APK safe. If the file comes up clean, send it back to the phone and install.
Users should remain vigilant when it comes to safeguarding Android devices. Sometimes email attachments are perfectly fine to click on, but on the off-chance they aren't, disaster can strike. Always opt for caution -- scan those APK files before installing and avoid disaster.
Tackle the top five Android security challenges
Protect Android devices from malware
The risks of rooting an Android device
Dig Deeper on Enterprise mobile security
How to sideload iOS apps and why it's so dangerous
What did 2019 see for mobile security? More Punycode phishing, and jailbreaking returns
Android Security & Privacy 2018 report: Continued maturation of Google’s security efforts
What we learned about mobile security from real-world mobile threat defense customer data
Related Q&A from Jack Wallen
It's important to prevent data loss during a Linux OS upgrade. How can partitions or disk drives help IT teams meet that goal? Continue Reading
As Android Nougat starts hitting devices, some IT admins may be dreading the rollout. But new and improved security features make the new OS much ... Continue Reading
With a new BlackBerry Android phone, the flailing company hopes to turn its sinking ship around. Continue Reading