The SMS scam has brought to the table an issue that has been debated for years: Android security. Having more freedom at the operating system level involves more risk, and is that on Android it is very easy to install third party apps and give them full permissions. To teach you how to avoid these types of situations, we are going to give you some recommendations.
In a few simple steps we can protect our mobile from (almost) all malware. It just takes a little common sense, a lot of mistrust, and taking into account how the Android authorization system works.
Don’t install APK files if you don’t know where they came from
Installing APK files is one of Android’s greatest virtues, as it allows us to install apps from outside of the Play Store. However, our recommendation is install APK files only when we know where they came from. If a web page prompts us to download a file that we don’t know, the first thing to do is be suspicious. What is this file and why do they want us to download it?
There are safe repositories for downloading APK files, but there aren’t a few pages that automatically try to download malicious files.
There are some pretty safe repositories like APKmirror or APKpure, but there aren’t a few websites that we can download APKs from without any kind of checks. If an app hasn’t passed Google’s checks, the first step is to be wary, we therefore recommend that you do not install APKs lightly.
Pay attention to Google reviews
Since a while Google tells us about malicious apps thanks to Google Play Protect. Here the recommendation is clear: if google tells us it’s dangerous, better not to install it. In the case of the Flubot malware, Play Protect recognizes it as malware, but still allows us to install it (which doesn’t make much sense).
Just because Google lets you install something doesn’t mean it’s safe, in fact it’s one of Android’s biggest issues.
Just because Google lets you install something doesn’t mean it’s safe. If you see the Play Protect notice, close the app and remove the APK to avoid issues. Likewise, there are customization layers like MIUI or EMUI which analyze the file before installing it. If we see any warnings, we need to pay attention to them before accepting by default, since these opinions can be very useful to us.
Don’t give permissions lightly
On Android, if we grant permissions, apps can literally do whatever they want, so think twice. Lesson from do not install any files on your mobile, the second recommendation to internalize is the issue of authorizations. Here it is best to think about common sense: if an app is simple, why would it need a lot of permissions? The case of FedEx is particularly striking, as a supposed messaging app requested full control over the device, something that we must immediately deny.
Without going any further, in the Play Store there are apps that ask for more permissions than they really need to function. Shake them fearlessly
However, it is common to find keyboards that request phone and SMS access, games that require gallery access and other permissions that are not needed and that we don’t have to worry about denying. Giving permissions to an app is giving it a free hand to act on our phone, so think twice before accepting the requested permissions, no matter how difficult it is to manage them one by one.
Do you really need this app?
Sometimes we install apps for just one use. Here it is necessary to rethink whether we can perform the same function from the webpage It may not be practical to install an app for one-time use and let it chuckle in the app drawer. The less we install unnecessary apps, the better, both for the internal memory of the device and to avoid installing a garbage application.
Another point, perhaps not so obvious, is that the more apps we have, the more apps can infect. In the case of Flubot, the virus may have infected SMS applications and telephone banking applications. The fewer apps there are with your data on the phone, the harder it will be for them to access that data through other apps.
Freedom is good, but try not to leave the Play Store (a lot)
The expert user can be comfortable leaving the Play Store and installing files from all kinds of repositories. However, for an average user, I can only recommend install apps from the play store, the official Google app store and over which there is more control (and even so, another virus escapes).
The best antivirus it will always be the user himself, so the more we run away from files we do not know the origin of, the more we will be protected.
Table of Contents
