Android Security: 8 Signs Hackers Own Your Smartphone
Security experts share tips on how to tell if attackers are in control of your Android smartphone.
![](https://eu-images.contentstack.com/v3/assets/blt6d90778a997de1cd/blt2d2cf0ae4c18ef7f/64f0dc459cf288deea173769/01--Green-Android-Army.jpg?width=700&auto=webp&quality=80&disable=upscale)
Searching for signs of Android infection
How can you tell if your Android smartphone or tablet been pwned?
That was the question recently posed by one InformationWeek reader, who suspected that her phone had been compromised by attackers. "I've only owned my Droid phone for two months and had a Trojan horse panic attack, and wiped my phone," she said via email.
Can you tell by observation alone if your Android device has been infected with malware? On Windows PCs, for example, some types of infections leave no signs at all. Conversely, some virus, malware, and Trojan infections -- as well as adware and spyware -- may slow systems to a crawl, begin redirecting browsers to arbitrary websites or search engines, trigger pop-up ads, block access to information security websites, disable security software, alter the user interface, or email everyone in your address book, leading to a flurry of outraged emails, bounce-backs, and warnings from recipients.
As with some Windows infections, some types of Android malware might sport telltale signs of infection. For example, the reader -- who asked not to be named -- said she became concerned when a text message preview appeared on her lock screen, then mysteriously disappeared and couldn't be found. Perhaps not coincidentally, she'd also recently installed an app -- but not from the official Google Play store.
"What happened was I downloaded an app from a non-Play store site -- against my better judgment. Then not too long after I was looking at some article about security issues, and I had something really bizarro happen," she said. "A text notification with a partial preview flashed in my notifications bar and then vanished -- from a number not in my contacts. ... I went into my text messages app to try and read the full message, and it wasn't there. At that point I panicked and was convinced my phone must be hijacked -- even though nothing else seemed amiss -- and just wiped it."
But was her phone infected? And if it was, how might other Android users spot a malware attack? Recent versions of the Android operating system, as well as mobile antivirus software, can help spot and block malware-infection attempts. But neither approach is infallible. So no matter which security tools you might be using, be sure also watch for the following telltale warning signs:
Image (derived) courtesy of Flickr user espensorvik.
Odd charges on cellphone statements
Not all malware will linger after infecting devices, especially if it has a financial bent. "Some of the malware is opportunistic, and the installer is basically a wrapper for free Angry Birds," said Sean Sullivan, security advisor at F-Secure Labs, via email. "The installer has you submit to a EULA that says you will subscribe to an SMS subscription, then it installs the free version of Angry Birds that you can download for free."
What users may end up with, of course, is not just the free version of Angry Birds, but also a financial hit in the form of SMS messages sent to premium numbers and billed to their account. These SMS scams are much more prevalent in China and Eastern Europe than in the United States, where Android users are more likely to encounter Trojan apps or fraud attempts based on social engineering, rather than texts to premium SMS numbers.
If consumers spot strange charges, their best strategy is to give their operator a call and say, 'Can you please tell me what these charges are?'" said Marc Rogers, principal security researcher at mobile security firm Lookout, speaking by phone. Likewise, don't be afraid to call your bank if you think you may have been exposed to a banking Trojan.
Image (derived) courtesy of Flickr user Patrick Hoesly.
Unusual data access patterns
To see if malicious apps might be "phoning home," regularly audit how your smartphone is sending and receiving data. "Android is very helpful. If you go into the settings and look at data usage, it will show you all the applications and how much data they're using," said Rogers. "Look at how much data your device is using, and see if there's a big discrepancy between how much data you're using, and how much your applications are using." Any difference involving 10MB or more might be a sign of "parasitic activity," he said, such as malware that's turned the device into a spam relay. Likewise, if certain types of apps -- such as a free dictionary -- are consuming unusual amounts of data, it may indicate that they're malicious.
Will malware-infected Android devices have shorter-than-usual battery life? "The Android malware that we've seen -- Trojans, not worms or viruses -- has been battery conscious," said Sullivan. "Trojans, generally speaking, are for financial purposes, and don't want to tip off the infectee." In other words, such apps try to remain stealthy, perhaps even staying dormant before some period of time before going to work.
Then again, any poorly coded software -- which of course could include malware -- might lead to excessive battery drain. Still, when it comes to lower-than-usual battery life, the culprit is less likely to be malware, and more likely to be an operating system upgrade or a buggy app that you've recently installed.
Image (derived) courtesy of Flickr user DELLipo.
Apps downloaded from third-party stores
Security experts have long recommended that users never install any Android app that arrives via email, no matter who it's supposedly from. Also stick to procuring apps from official app stores whenever possible, given the amount of malware that's present on third-party sites, especially in the form of apps that pretend to be free, cracked versions of paid apps. "If you have good mobile security software installed, and you only go to trusted stores -- Google, Amazon -- then it's highly unlikely that you're going to encounter [malware]," said Lookout's Rogers.
But only using Google Play or Amazon's app store, won't shield you from all types of malware. "There are plenty of malicious apps that make it out there into Google Play's storefront," said Rik Ferguson, director of security research and communication at Trend Micro, in a blog post. By last month, in fact, "just over 46 percent of the apps that Trend Micro has classified as 'malicious' -- leaving aside the high-risk ones -- were sourced directly from Google Play," he said.
What happens if you accidentally install a malicious app on your smartphone or tablet? Beyond using mobile antivirus and using only official app stores, Sullivan also recommends that Android users regularly back up their devices to secured servers. That way, if they do get a nasty malware infection, they can roll their device back to its pre-infected state.
Finally, if anything ever seems suspicious, Sullivan recommends doing what the aforementioned reader did: Stop what you're doing and investigate. "There's very little [malware] that works automatically [on Android], usually with just one click," he said. "There are usually several steps that are required. So stop, and start Googling, and see if you can recover."
Image (derived) courtesy of Flickr user nolifebeforecoffee.
Who do you trust?
Not all Android malware and spyware arrives via third-party app stores or email. Indeed, another potential smartphone infection vector involves anyone who has physical access to your device, knows your PIN, and doesn't trust you. "If you don't have physical security over your phone all the time, a jealous partner can easily install spyware or spy tools such as FlexiSPY and SpyBubble," said Sullivan.
Image (derived) courtesy of Flickr user the_kid_cl.
Your device has been rooted
Is your Android mobile device rooted (aka jailbroken), or have you installed a custom ROM? If so, you may place yourself at greater risk, because you'll be running more apps with root-level permission. Conversely, not rooting your Android device -- in general -- will better protect you from malicious apps, as well as mitigate the severity of any outbreak you suffer.
"Don't jailbreak your phone unless you really know what you're doing, because it's getting more common these days to see malware that looks to see if a phone has been jailbroken or rooted [and then hacks the phone accordingly]," said Rogers at Lookout.
"Having malware on a phone that's been jailbroken is a disaster," he continued. You'll almost always have to reinstall the operating system on a phone that's been jailbroken because you have no control anymore about where that malware might have been installed. It's game over."
Image (derived) courtesy of Flickr user Martin Maciaszek.
Antivirus isn't running
Anyone who's worried about their privacy or has an ounce of concern for the security of their personal information or stored data should be running Android antivirus and anti-malware tools. A number of well-reviewed options -- some free, or with a 30-day trial -- are available and can be used immediately if necessary.
"If you're relying just on pure observation to tell you when you're affected, you're in trouble," said Rogers. "Because even as someone who's been in the industry for 20 years, I often have trouble spotting it."
Indeed, once Android malware takes hold of a device, it may remain quite well hidden. "Some of the stuff that's shown up in Russia has icons that look like Flash Player update," said F-Secure's Sullivan. Likewise, one type of SMS Trojan malware that was recently discovered, FakeInst.a, just sports a generic, green Android icon after it gets installed onto a device. "It looks completely normal, and considering that what it's communicating with -- to get its configuration instructions -- is Google Cloud Messaging, if you're looking at firewall logs, you'd see it connecting to Google," said Sullivan. "Without a malware scanner or some reverse engineering, you'd be particularly hard pressed to figure out that Android Trojan was a Trojan."
Image (derived) courtesy of Flickr user Martin Maciaszek.
Antivirus isn't running
Anyone who's worried about their privacy or has an ounce of concern for the security of their personal information or stored data should be running Android antivirus and anti-malware tools. A number of well-reviewed options -- some free, or with a 30-day trial -- are available and can be used immediately if necessary.
"If you're relying just on pure observation to tell you when you're affected, you're in trouble," said Rogers. "Because even as someone who's been in the industry for 20 years, I often have trouble spotting it."
Indeed, once Android malware takes hold of a device, it may remain quite well hidden. "Some of the stuff that's shown up in Russia has icons that look like Flash Player update," said F-Secure's Sullivan. Likewise, one type of SMS Trojan malware that was recently discovered, FakeInst.a, just sports a generic, green Android icon after it gets installed onto a device. "It looks completely normal, and considering that what it's communicating with -- to get its configuration instructions -- is Google Cloud Messaging, if you're looking at firewall logs, you'd see it connecting to Google," said Sullivan. "Without a malware scanner or some reverse engineering, you'd be particularly hard pressed to figure out that Android Trojan was a Trojan."
Searching for signs of Android infection
How can you tell if your Android smartphone or tablet been pwned?
That was the question recently posed by one InformationWeek reader, who suspected that her phone had been compromised by attackers. "I've only owned my Droid phone for two months and had a Trojan horse panic attack, and wiped my phone," she said via email.
Can you tell by observation alone if your Android device has been infected with malware? On Windows PCs, for example, some types of infections leave no signs at all. Conversely, some virus, malware, and Trojan infections -- as well as adware and spyware -- may slow systems to a crawl, begin redirecting browsers to arbitrary websites or search engines, trigger pop-up ads, block access to information security websites, disable security software, alter the user interface, or email everyone in your address book, leading to a flurry of outraged emails, bounce-backs, and warnings from recipients.
As with some Windows infections, some types of Android malware might sport telltale signs of infection. For example, the reader -- who asked not to be named -- said she became concerned when a text message preview appeared on her lock screen, then mysteriously disappeared and couldn't be found. Perhaps not coincidentally, she'd also recently installed an app -- but not from the official Google Play store.
"What happened was I downloaded an app from a non-Play store site -- against my better judgment. Then not too long after I was looking at some article about security issues, and I had something really bizarro happen," she said. "A text notification with a partial preview flashed in my notifications bar and then vanished -- from a number not in my contacts. ... I went into my text messages app to try and read the full message, and it wasn't there. At that point I panicked and was convinced my phone must be hijacked -- even though nothing else seemed amiss -- and just wiped it."
But was her phone infected? And if it was, how might other Android users spot a malware attack? Recent versions of the Android operating system, as well as mobile antivirus software, can help spot and block malware-infection attempts. But neither approach is infallible. So no matter which security tools you might be using, be sure also watch for the following telltale warning signs:
About the Author(s)
You May Also Like
CISO Perspectives: How to make AI an Accelerator, Not a Blocker
August 20, 2024Securing Your Cloud Assets
August 27, 2024