StandHogg Hits Google Store
According to Forbes, Google Android Threats continue to permeate through malware ridden apps that may affect many Android users. Researchers at the Norwegian app security company Promon claim that safe apps can be corrupted through dangerous vulnerabilities.
In this particular case, the vulnerability, being dubbed “StrandHogg”, allows dangerous malware to pose as popular, legitimate apps featured prominently in the Google App Store
Safe Apps Are Not a Guarantee
But these vulnerabilities, which give hackers access to all sorts of personal information within your phone, are far from the only cases of unsafe apps. As we have covered before, apps often cross boundaries in their permissions section. Now, many safe apps ask permission for things that qualify as reasonable access, such as a GPS system asking for your location, or Skype asking for microphone access. However, many sketchier apps ask for things such as permission to record audio, access to camera roll, permission to make phone calls, etc.
What, then, is a parent to do? It’s already hard enough for the average American to differentiate between a safe app and a dangerous app. Imagine the prospects of a child downloading and giving permissions to whatever app catches their eye. This is elevated due to the fact that many malware ridden, illegitimate apps target children specifically. Therefore, it is important to know the signs of a dangerous app.
Check the Vendor
When you or your child download an app, an easy first test to see if it is a safe app is to check the vendor. You can generally find the vendor at the bottom of the Google App page. Some questions you can ask include
- Does this vendor have other successful apps that you are familiar with?
- Does the vendor have a reputable website?
- Did the vendor pop up seemingly out of nowhere?
- Does the vendor have any reviews on other website?
- What do other people say about the app/vendor?
Often, the more safe app developers have a well established trail you can follow to see other apps they’ve made. If the app you find is not well known, it is important to do your research before downloading it.
It is important to not skim through the permissions section. It’s easy to just check allow all, but do you really want to allow some app permission to “use your device’s contacts, which may include the ability to read and modify your contacts?”
No safe app should ever ask for your contact list, permission to call or text on your behalf, or access to any of your passwords. Additionally, unless an app is very popular, like Spotify or Angry Birds, it’s important to consider whether the app functions line up with app permissions. Does a racing game really need access to your contact list? Does this recipe app really need to record audio? If something feels superfluous, unnecessary, or weird, trust your instincts and opt for an alternative, more legitimate app.
Numbers Matter, In This Case
Generally, the argument that “a lot of people did it so it is safe” is a weak argument. However, in the case of app downloads, apps with millions and millions of downloads over a sustained period of time, combined with a high rating, are generally a good sign that the app is malware free. News about a malware-ridden app generally travels quickly. This is why sketchy apps seem to pop up and disappear over night. They essentially function as an elevated phishing attempt, and therefore do not sustain themselves for long.
How to Keep your Kids Safe
In regards to keeping your kids safe, it is important to monitor their phone activity with vigilance. Most kids do not have the savvy to research app developers, observe the permissions section, or rationalize any sort of risk-reward potential. Therefore, they are much less likely to be able to pick out a safe app versus an unsafe app. Fortunately, there are a few ways you can safegaurd your child’s mobile security
- Install an activity monitoring app. These are apps that will send you updates based on what your child does on the internet. This makes it easier to actively see what apps are going on and off your child’s phone.
- Approve each app with your child and explain to them why an app is safe or not. Technology savvy is something that is learned, not natural, so it is important to practice cyber-safety with your child so they can grow up to be tech-savvy.
- Set your child’s phone to automatically reject certain permissions. No child really needs location tracking on their phone. It is important for kids to understand that there is an inherent risk to giving apps permissions. Therefore, kids should consider the ability to sign up for apps as a privilege earned when they can understand the potential ramifications, rather than a guaranteed right.
We are going to see a lot of malware masquerading as safe apps in the coming year. Unfortunately, rooting out these apps operates more like whack-a-mole. That is to say, preventative measures will usually fall on you, the consumer, rather than Google, the currator. Therefore, it is important to be vigilant, as well as teach your children to be vigilant as well.