By Kelli B. Grant
Apple and Google came under fire earlier this year for tracking cellphone users’ locations via their mobile operating systems. But as consumers use their phones for banking, shopping and more, there are even more malicious forces interested in that data and other information on your handset.
Threats to your mobile phone’s security are becoming more prevalent, according to a report released Wednesday by mobile security company Lookout. In January, there were 80 Android apps infected with malicious software, according to their data. By June, there were more than 400. As many as 1 million Android owners were affected, they say.
Here is a list of problems the group says you should look out for:
Malware: Software that’s designed to be harmful. It can be configured to steal information from your phone, or give an attacker some control over the handset to, say, send spam text messages to everyone on your contact list. It’s often hidden in games and other apps, so download only from well-reviewed, trusted developers.
Spyware: Software that collects phone data such as call history, text messages, location, contact lists, emails and camera pictures. The phone’s owner is usually unaware. Read the fine print before downloading to see what data the app wants access to.
Privacy threats: Applications that you know collect or use sensitive data from your phone, like your location or personally identifying information. Some apps are open about using such data for marketing purposes, which is something to consider before you download.
Vulnerable applications: Apps that contain software vulnerabilities attackers might exploit to access information that app has collected from your phone, or remotely take control of the phone. Developers typically offer updates or patches to negate security threats, so make sure your phone’s software and apps are up to date.
Phishing scams: These are attacks designed to trick you into providing log-in information or other personal information. Attackers send links in emails and text messages that redirect users to web pages designed to mimic legitimate businesses, often banks. Avoid clicking on links in emails, and look for telltale signs like misspellings.
Drive-by downloads: Downloads that begin automatically when a user visits a web page. You’re usually lured there by spam or advertising, so be careful where you click.
Browser exploits: These are attacks that take advantages of vulnerabilities in a web browser or supporting software. Make sure your phone’s software is up to date.
Network exploits: These take advantage of flaws in your phone’s mobile operating system. There’s nothing you do that triggers it. Just hope your provider has a good security system in place.
Wi-Fi sniffing: Attackers intercept data from apps and web pages that is sent unencrypted. Be cautious about what you do on your phone, and check that apps or sites for mobile banking are both encrypted and secure.
Lost or stolen devices: Both the phone and the data are valuable these days. Protect your phone with a password and other security measures. The iPhone, for example, has a setting to automatically erase all data on it after 10 failed password attempts.