Many of us have been conditioned to think that we need to install antivirus or malware protection apps on our phones lest we become a victim of a shady group of people who want our data.
This is bad information, which is what the latest Check Point report points out about alleged security apps that steal individuals’ banking information.
Yes, you read that right – apps listed as Android antivirus or anti-malware security software were already stealing bank data from users in Italy and the UK, and about 15,000 people were affected in total before the apps were pulled from the Play Store .
Since these apps may be on third-party app stores, I’ll give them visibility. They all come from three developer accounts: Zbynek Adamcik, Adelmio Pagnotto, and Bingo Like Inc. If you see any apps from these developers, stay away.
However, the biggest issue here is that these developers were smart enough to hack the innate FUD that has surrounded Android since day one – it’s riddled with vulnerabilities and there are malware everywhere waiting for you to install it.
Nothing could be further from the truth.
Even your Android phone cannot be infected with a virus
Word virus spreads a lot, but did you know that Android (and iOS) phones and tablets can’t get or pass on one?
Both can be infected with other types of malware, so it is important to learn what can and cannot happen.
A virus is a piece of code that can automatically install itself, replicate itself, and pass itself on to another device without any help from you. Nothing can be done on Android or iOS automatically unless Google or the company that made your phone’s operating system wants it to happen.
This is due to the user/group permission model. You are a user and as a user, you are part of a group of other users with similar permissions. The system is also used and is in a different group that has other permissions. Every file and folder on your phone knows what users and/or groups are allowed to edit anything about. If you do not have the correct permission as a user or the correct permission as a member of a group, you cannot change anything.
Some users and groups have elevated permissions, like the system level Google or Samsung would have if you were using a Galaxy S22, for example. And if you want to make drastic changes to your phone, you can give yourself superuser permissions so that you can change anything you want.
No app can be installed without a user with permission to install apps (that’s you and any other users logged into your phone) says it’s OK. Once installed, this application can only access its data and files so that it cannot copy itself elsewhere. And even if it is transferred to another user, it has the same limitations on a different phone – someone has to manually click the button that says yes when it asks for installation.
But there are other types of malware. Malware usually tries to collect random data from other applications about you and then send it back to a central server. This could be something that appears harmless, like the apps you have installed and how often you use them, or it could be sensitive, like a bank password. Both are dangerous.
This kind of misuse of our data is not supposed to be possible, but there are plenty of people with bad intentions who are as smart as the people who wrote the OS on your phone. Software vulnerabilities are common. But they are also patched regularly, which is why security updates are the most important of all.
This second type of malware is what smartphone users need to pay attention to, not a virus. And one day, you needed to pay attention or use a third party app to make sure you wouldn’t have a problem with a bad app. But those days are over.
You already have the right malware scanner
Unless your Android phone has all the things stripped from Google, you already have the malware scanner you need called Google Play Protect.
Most people think it is there to check the apps you have downloaded and installed from the Play Store, but that doesn’t work. It regularly scans every third-party app installed on your phone and notifies you directly of anything suspicious. If you haven’t seen a notification about a bad app, that means you don’t have any.
Android is very similar to Windows in this respect. At one point, it was not a bad idea to use a third-party malware scanning tool on either operating system. Those days are gone and both Microsoft and Google have realized that it is important to provide the necessary tools themselves and update them automatically.
Most of the time, installing a second malware-checking app won’t do anything harm – unless a Trojan is stealing a bank account disguised as a security app – and there are things that Windows Defender or Google Play Protect won’t consider malware.
If you want to learn more about automatically tracking cookies or personal information you share, using a tool to do so is essential because neither Microsoft nor Google count this as malware. But if you’re only worried about bad apps stealing data from the best Android phone you just bought, you’re already covered.