There’s no need to worry about malware on smartphones, right? That’s the attitude of most mobile users and even a large percentage of IT managers. For many users that attitude might be because they view their phone simply as a way to make calls, text, take pictures and to stay connected to social media. Mobile professionals recognize the productivity gains of viewing business documents or emailing on the go, but they don’t always think of their mobile device as a pocket-size computer, susceptible to malware and hacks just like laptops and desktops.
Much of this lack of security concern can be traced back to Apple and the early BYOD years. Apple helped fuel BYOD acceptance when it opened its App Store as a way for iPhone users to have a single, trusted source for getting apps. Since Apple doesn’t allow any apps on its store until it vets and evaluates each one individually, it has been able to make a very convincing argument that iPhones and the apps they run are safe for the enterprise.
But as BYOD has grown, so has the share of professionals using Android mobile devices. Whether it’s good or bad, the open nature of Android devices allows mobile users to get apps for their devices from any source. Google does provide Google Play as a monitored and relatively safe source for apps, but malware has even been known to surface on its pages. When bad behaving apps have been discovered on Google Play, Google has been quick to remove them, but that doesn’t necessarily help unknowing users who may have already downloaded them.
One of the big challenges Android users face in keeping devices free of malware is how easy it is for professional hackers to create infected apps that look just like legitimate apps. During an RSA conference presentation more than a year ago, a security expert showed how easy it is to reverse-engineer an existing Android app, insert malicious code into it, and repackage the app so it looks just like the original. The whole process took the presenter less than five minutes.
This type of attacked surfaced in South Korea, where hackers compromised a legitimate Korean app developer’s site and replaced the developer’s legitimate app with a look-alike app that contained a variant of the Android Fakeguard threat. When users were notified of an update to the app, they unknowingly downloaded the infected app to their devices.
Counterfeit app marketplaces have become common as well. Designed to look like official marketplaces, they dupe users into downloading what appears to be legitimate popular apps, but which are actually malicious counterfeits. Mobile email accounts have served as another popular method for spreading malicious apps. Users receive emails that prompt them to download an app from a provided link, which if they do, they become an unsuspecting victim.
In many of these cases you might shake your head and say, “Hey, the users should have known better.” You’re right. They should know better. But it comes back to the prevailing misguided attitude among users and even IT professionals that malware is not a threat to mobile devices.
For organizations that support BYOD, they need to teach users that the mobile malware threat is real. Training and policies need to be established that educate users to stay away from suspicious sites and to stick with legitimate app marketplaces. Still, that’s not enough. History has shown that legitimate marketplaces can be compromised too.
That means you need to be able to determine how many Android devices without malware protection connect to your network and then discover the malware status of those devices. With that information you can set priorities for applying malware protection to those devices. That assessment can also help you determine if mobile device management (MDM), mobile application management (MAM), or threat protection solutions might benefit your mobile security stance.
Now that you know better, it’s time to educate, assess and protect your mobile environment.
Learn more about how Symantec offers protection for enterprise mobility.