The SMS scam has put on the table a topic that has been debated for years: Android security. Having more freedom at the operating system level implies more risks, and it is that on Android it is very easy to install third-party apps and give them full permissions. To teach you to avoid these types of situations, we are going to give you certain recommendations.
With a few simple steps we can protect our mobile from (almost) all malware. It is enough with a little common sense, a lot of distrust and take into account the operation of the Android permission system.
Don’t install APK files if you don’t know where they come from
Installing APK files is one of the greatest virtues of Android, since it allows us to install applications from outside the Play Store. However, our recommendation is install APK files only when we know where they come from. If a web page invites us to download a file that we do not know, the first thing we must do is distrust. What is that file and why do they want us to download it?
There are quite safe repositories, such as APKmirror or APKpure, but there are not a few websites from which we can download APKs without any type of control. If an app has not passed Google’s controls, the first step is to distrust, so we recommend not installing APKs lightly.
Pay attention to Google notices
Since a time ago Google notifies us of malicious apps thanks to Google Play Protect. Here the recommendation is clear: if Google tells us that it is dangerous, better not install it. In the case of Flubot malware, Play Protect recognizes it as malware, but still lets us install it (which doesn’t make much sense).
Just because Google lets you install something doesn’t mean it’s safe. If you see the Play Protect notice, close the app and delete the APK to avoid problems. Similarly, there are layers of customization such as MIUI or EMUI that do an analysis of the file before installing it. If we see warnings we have to attend to them before accepting by default, since these notices can be very useful to us.
Don’t give permission lightly
Lesson learned from do not install any file on your mobile, the second recommendation to internalize is the issue of permissions. Here it is best to make a reflection from common sense: if an app is simple, why would it need many permissions? The FedEx case is especially striking, because a supposed messaging app asked for complete control over the device, something we should immediately deny.
However, it is common to find keyboards that ask for access to phone and SMS, games that ask for access to the gallery and other permissions that are not necessary and that we do not have to be afraid to deny. Giving permissions to an app is giving it a free hand to act on our phone, so think twice before accepting the permissions they request, no matter how tedious it is to manage them one by one.
Do you really need that app?
Sometimes we install apps just for one use. Here it is possible to rethink whether we can perform the same function from the web page Perhaps it is not convenient to install an app to use it only once and leave it laughing in the app drawer. The fewer unnecessary apps we install, the better, both for the internal memory of the device and to avoid installing any garbage application.
Another point, perhaps not so obvious, is that the more apps we have, the more apps can infect. In the case of Flubot, the virus was capable of infecting SMS apps and phone banking apps. The fewer apps with your data on the phone, the more difficult it will be for them to access that data through other apps.
Freedom is fine, but try not to leave the Play Store (a lot)
The expert user can be comfortable exiting the Play Store and installing files from all kinds of repositories. However, for an average user, I can only recommend install apps from Play Store, the official Google application store and over which there is more control (and even so, some other virus escapes).
The best antivirus it will always be the user himself, so the more you run away from files whose origin we do not know, the more protected we will be.
was originally published in