Do you need antivirus on an Android device?
If Android is as safe as Google says, does your phone or tablet really need antivirus software? MARIE BLACK reports
For years now we’ve been drilling into readers’ minds the importance of antivirus software, but times are changing and whereas previously many of their computing tasks took place on a desktop system they now take place on a phone or tablet.
Android viruses have hit the headlines before, leading users to think installing some sort of security software is a good idea. And it goes almost without
saying: the more popular Android becomes the more of a target it is for the bad guys. But do you really need to install a resource- and battery-hogging antivirus app on your phone that is going to plague you with irritating notifications?
In almost all cases, Android phones and tablets do not need antivirus installed. Android viruses are by no means as prevalent as media outlets may have you believe, and your device is much more at risk of theft than it is a virus. But it is true: Android viruses do exist.
The vast majority of known Android viruses have been installed on the back of dubious apps – apps you will no longer find in the Google Play store. By default Android does not allow you to install apps from other sources, so there’s no chance of you accidentally installing something nefarious.
Supposing a dodgy app does find its way into the Google Play market, Google will quickly pull the app and uninstall it from your device. But what if it comes back? Symantec has found at least seven malicious apps on the US Play Store that were pulled and then reappeared under new developers with new names.
If you are installing apps outside of Google Play, installing an Android antivirus app is one way to keep yourself safe. False-positive results are common with such apps, however, so you may find your AV app reports an app as dodgy when it’s actually harmless. In these cases, taking other precautions can be a more appealing way to safeguard your device from Android viruses.
Such precautions range from carefully checking any requested permissions before agreeing to them,
avoiding cloned apps and keeping Android up to date (with all security patches applied).
Unfortunately, it turns out that even if you update your Android device, it may not be as up to date as you think. Security Research Labs has published the results of an in-depth study in which it claims several big-name vendors are guilty of saying they’ve rolled out important patches when they haven’t.
The worst offenders on its list are Alps, TCL, Oppo and ZTE, which it says have missed four or more critical and high severity patches on the claimed patch date. With two to four misses are HTC, BlackBerry, Asus, Fairphone, LG, Huawei and Lenovo. With one or two are OnePlus, Wiko, Xiaomi, Nokia, Motorola and Honor. Those in the good books with either
zero or just one missed patch are Google, ZUK, LeEco, Samsung, Sony and BQ.
You should also keep your wits about you, and apply a healthy dose of common sense. You wouldn’t click on an attachment in a dodgy email from a sender you don’t recognize on your PC or laptop, and we hope you would apply that same thinking to suspicious links sent in Gmail on your phone or via WhatsApp or Facebook Messenger. Typically, these type of links are associated with phishing scams, but that doesn’t mean they won’t install a virus on your device.
(Incidentally, if you find your Facebook or email account has been sending these sort of messages to your contacts you should immediately change your passwords, and preferably contact those people and warn them to ignore it.)
Supposing your Android phone or tablet does start acting oddly and you have reason to believe malware is at play: a factory reset is all that’s required to get it back to normal (one reason why it’s a good idea to always back up Android). But if you don’t fancy wiping your device we have also issued some handy tips on how to remove an Android virus.
In many cases users report to us that they are seeing suspicious pop-up ads in their browser, or they are being redirected to a different home page to that which they configured in the settings. Our usual advice is to clear out the browser’s data cache (in Settings > Apps > Chrome > Storage). You can also read more about how to block pop-up ads in Android. It’s worth pointing out that antivirus apps for Android
often have other useful benefits, such as the ability to remotely lock or wipe a lost or stolen phone, or backup and cleanup tools. All these tools are available elsewhere – usually via free apps – but for ease of use it can help to have everything in one place.
Avoid dodgy Android antivirus apps
Just before Christmas we learned of the Loapi trojan, which was spreading itself through advertising campaigns under the guise of antivirus solutions or apps. It’s awful to think that an app you install to protect yourself is actually going to do the opposite, but one of the ways in which Loapi works is by putting such a heavy workload on the phone that it causes the battery to overheat, destroying the device.
Loapi can also send out text messages on your behalf, subscribe you to paid services without your knowledge, allow attackers to execute HTTP requests for DDoS attacks, and mine the cryptocurrency Monero.
Loapi prevents a user from uninstalling it by blocking the screen and closing the window when you try to remove its admin rights. It will also prompt you to remove other security apps that might be able to detect and remove it, and keep hassling you about it until you give in.
You don’t need an antivirus app installed to protect you from Loapi, but it may help you to detect its presence. Other things you should do include disabling the ability to install apps from unknown sources, and keep your operating system up to date.
Make sure that you keep your Android device up to date
Be very careful where you download apps from