Sales growth in recent years has put smart phones and tablet computers among the most popular products in the world. Central to these devices are the programs that run on them: applications, or "apps" for short. Apps have a variety of uses, such as communication, gaming, office productivity, language translation and even unconventional functions - such as mosquito repellent.
While many apps can enhance your life, other apps - which don't look dangerous and are seemingly-useful - can leave you vulnerable to cyber-attacks.
The dark side of apps
Today's smart phones and tablets are essentially handheld computers. Because of their portability and convenience, people often store personal data on them - such as private photos and videos, address books, passwords, email and personal calendars. But, like laptop and desktop computers, these devices need to be protected from security threats.
Malicious apps, or 'malware', are often disguised as safe, popular applications. Once installed, they can wreak havoc on your device. The ill-effects of malware can include:
- unwanted advertising
- poor battery performance
- slow device performance
- disruption of phone calls
- sending of high cost text messages to unknown numbers
- high volumes of data being used on unknown sites
- undetected theft of passwords and personal data (which can lead to unauthorised purchases using your bank account, or worse, identity theft), and
- unauthorised use of the device's camera and microphone to record you without your knowledge
To fool you into downloading these applications, malware developers often employ professional branding (sometimes impersonated from famous companies) and falsely inflate their applications' ratings via fake reviews (known as "astroturfing").
Once you've installed the app, you might not notice a difference in your device - even though the offending application might be gathering your personal data and sending it to the cyber-criminal. In cases where you do recognise the malware's effects, uninstalling the app might not be enough to completely 'clean' your device from the malware.
Safe app shopping
While it's very risky to download apps from unofficial app sites, malware can also be found on official app stores - despite the extensive efforts of store owners like Google, Apple and Blackberry to keep such apps off their sites.
To help you shop safely for apps, follow these general tips:
- Protect your device: Install a trusted mobile security app which will help protect you from malware.
- Stay official: Download apps from the official app stores only (e.g. Google Play, iTunes and BlackBerry World). And if you get suspicious text messages that include links to app downloads, refrain from clicking the links.
- Trust your instinct: If the app looks suspicious, rather be safe and abstain from installing it.
- Report offenders: If you find suspicious apps, report them to the app store, which will investigate and take action against the developer if necessary.
And once you've found an app you want:
- Don't trust the numbers: Just because an app has thousands of downloads, it doesn't mean that each downloader was a legitimate user. Malware developers can use computer programs to download the same apps repeatedly using different user accounts - thereby inflating the figures. A sign of malware is an app that has large download numbers but very few reviews.
- Analyse the reviews: Look for duplicated phrases in user reviews. Since review fakers are writing high volumes of reviews, they can end up using the same, short phrases in their reviews (e.g. "nice", "great app", "best ever"). Also, look for similar patterns in writing style - such as the same word being misspelt in different reviews.
- Check out the reviewers: Click on the reviewers' names to see all the reviews they've written. If they consistently give very high ratings, they might be review fakers.
- Get trusted advice: If there's an app you want and someone you trust has already installed it, ask them about its safety.
- Investigate the developer: Critically review the other apps that the developer has put onto the app store - looking for some of the suspicious signs already discussed. Also, take note of the developer's name and search the Internet for negative stories about the person / company.
- Read the fine print: Apps require certain permissions to access your device's information or hardware. For example, a GPS application needs your device's location information, and a photography app needs to use your camera. Malware might request intrusive, unnecessary permissions that don't make sense. For example, you should be suspicious if a calculator app wants permission to directly call phone numbers and send SMSs. So, before you install an app, always check the permissions it requires.