It's only been five years since Apple launched the App Store -- yet 50 billion downloads later (and 48 billion on Android), it's hard to imagine a life without mobile apps. They're the lifeblood of our smartphones and tablets -- and make it easier to work remotely, keep in touch, manage our lives and save money.
But there's also a potential dark side to mobile apps: they can offer criminals a backdoor into our lives.
Just the other week, a security startup announced that 99 percent of Android phones are vulnerable to downloading malicious apps. A recent report by anti-virus maker McAfee estimated that the average person has a one in six chance of downloading a malicious app. The McAfee report also found that "mobile malware" skyrocketed more than 4,500 percent between 2011 and 2012! Risky apps have been found in Google Play, the App Store and other reputable app sites.
Criminals are targeting apps in several ways. The most popular method is to create a legitimate-looking app that secretly contains malware, load it into a third-party app store (some have even been found in Google Play and the App Store) and wait for a person to download it. Once she does, her phone can be remotely accessed, spied on and used to ring up phony charges (like premium calls and texts). Depending on how much information her phone contains, she could also become a victim of identity theft or other types of financial fraud. But downloading an 'evil app' isn't the only risk -- a person who downloads a real app could also become a victim if the company behind that app is hacked.
Mobile hacking is a growing threat that consumers need to take seriously. This is especially true for work phones and for anyone who uses mobile banking or saves financial or sensitive information on their smartphone.
Here are a few steps you can take to protect yourself:
- Reduce Your Downloads - Just like in sex ed, the best advice is abstinence. The only way to nearly eliminate your risk of an app infection is to not download apps at all. This is unrealistic for the majority of people however -- and some apps are pre-loaded on the phone anyway by the device manufacturer and mobile carrier -- so do the next best thing instead: limit the type of apps you download. According to Nielsen, the average person has 41 apps on their phone -- but of those, I bet they only use a dozen of them regularly. So, before you download, ask yourself if you really need that app.
- Segment Your Life - Another precaution you can take is to segment your mobile life. If you use your phone for work, avoid mixing it with your personal life, as personal activities are more likely to expose you to online risks (i.e., bogus apps, infected websites, social media scams, etc.). Use a secondary phone or tablet for your personal life, and don't mix it with work - ever.
- Assume You'll Get Hacked - Mobile threats are expected to increase dramatically over the next few years and, some day soon, mobile viruses could be as common as PC viruses. Assume your phone will get hacked and take the necessary precautions. Are you storing financial information on your phone? Does it contain sensitive emails, photos or files? If the answer is 'yes,' remove these files and only access what you need from now on. Make sure your important documents and photos are backed-up somewhere in case you lose access to your device.
- Don't Jailbreak - Although unlocking a phone can be helpful, by letting you customize it or switch carriers, it also destroys the phone's built-in security -- and puts you at a greater risk of getting hacked.
- Don't Go There - Avoid third-party app sites unless you are sure you can trust them. Only download from reputable stores like the App Store, Google Play, BlackBerry World or Microsoft's Windows 8 app store. Although not 100 percent safe, official app stores have processes in place to root out bad developers and high-risk apps. These processes aren't foolproof, but it's much better than what you'll find on third-party websites and app stores.
- Beware of Risky Phones - Various security researchers have found that Android is less safe than the Apple's iOS operating system. According to McAfee's 2012 report, 97 percent of mobile malware targets the Android platform. If you own an Android, be extra careful when downloading apps and the type of information you access from your phone.
- Be Careful About Permissions - Does a flashlight app really need to access your list of contacts? Be wary when simple apps start asking for permissions to data that they shouldn't need. See if you can run your apps without giving them permission, or look for alternative apps that don't need as much permission. Be particularly careful about granting permissions to personally sensitive information: files stored on your device, your contacts, and your location.
- Turn Off Auto Connect - Make sure your smartphone isn't able to auto connect to a WiFi network - even if it's a 'trusted' network. Your apps are more vulnerable over a WiFi connection than a 3G or 4G signal. Hackers can also spoof a trusted WiFi network access point, tricking your phone to connect to a malicious WiFi network.
- Check Your Bill - Lastly, keep an eye on your phone bill for unauthorized charges. If your phone is compromised, thieves could use it to send premium texts or calls, or to place bogus orders.
It's time to change how we think about our phones. Today's phone is a mini-computer -- make sure you're taking the same precautions with it that you used to take with your desktop. Cyber attacks on our phones will only get worse, so make sure you're prepared.