Friday, May 24, 2013

Recommended Antivirus and Privacy Apps


Malware
Just yesterday I was having a conversation with a security guard, and as soon as I mentioned Android, he said, "Do you know there are places you can go on the Internet where all the paid apps are free?  And I sadly replied, "Yes.  But do you think the people that offer these paid apps for free do it because they just think everyone should get free apps?  Or do you think it is more likely they alter it, and then give it to you for free so they can steal information from your phone?"  "Huh." was all he could say.

How serious is malware on mobile phones?  If you only download apps from the legitimate sites like Google Play, the risk of getting a virus is significantly lower to be sure.  However, sadly, I did find a known virus you can still download at Amazon.Com.  

Malware On Mobile Grew 163% In 2012, Infecting Around 32.8M Android Devices
Despite the somewhat alarming headline of the report above, if you follow the link above to a companion story, you will find that "mobile malware affects only one percent of apps."

So what's the real risk?  Well, almost all malware is showing up on Android these days, and the problem is not likely to get better before it gets worse.  And even though only 1 in 100 apps are affected by malware, how many apps do you have on your phone and where did you get them from?  Do you have at least one app from a "friend" who is sharing his app with you?  In that case, I'd say your odds are higher than one in a hundred.  Hopefully using one of the antivirus apps I've recommended below can help our users rid their phones of these risky and potentially dangerous apps.


Recommended Antivirus Apps
Bitdefender Antivirus Free, VirusTotal

With the dramatic increase in malware for Android in the past year, I recommended that everyone have an antivirus app on their phone or tablet these days.  I've tried quite a few of them, and I don't like to put an app on my phone that requires too many permissions, even if it is an anti-virus.  I also don't want them to be too complicated, and I don't want them to be expensive.  I also want it to be a name brand that has been around for awhile.  As you can imagine, this narrows things down quite a bit.  Most of the paid ones from known antivirus companies cost $29.95 a year.  Then I came across a new app from Bitdefender that came out just last month.  It's called Bitdefender Antivirus Free.

It has the same antivirus protection as their Bitdefender Mobile Security & Antivirus, but without all the extras.  If you decide you want the extras and want to upgrade, Bitdefender Mobile Security & Antivirus has a 14 day trial period, and is only $9.95 a year.  Bitdefender has always had one of the best detection rates for antivirus software and PCMag.Com gave Bitdefender Mobile Security & Antivirus their Editor's Choice award this year.

But the reason I really like Bitdefender Antivirus Free is because of how lightweight it is, and because of how few permissions it needs compared to the other name brand antiviruses.  It uses definitions in the cloud, so you need Internet access to run a scan, but it also scans much faster than the others in my opinion.  It also has options to scan storage, and to automatically scan all new apps, and that's about it.  But if you want something lightweight and simple that isn't going to slow down your tablet or phone, this is it.

A great backup antivirus app that also is totally free is VirusTotal.  VirusTotal checks the applications installed in your device against VirusTotal (http://www.virustotal.com).
It will inform you about malware (virus, trojans, worms) on your phone by having your applications scanned by more than 40 antiviruses, flagging any undesired content.  Please note that VirusTotal for Android does not provide real-time protection and, so, is not a substitute for any antivirus product, just a second opinion regarding your apps.


Spyware / Privacy
How serious is spyware on mobile phones?  Well, believe it or not, as far as privacy is concerned, it seems Apple phones are worse than Android phones.
iOS apps leak more personal data than do Android apps

In a study of the top 50 free apps on both Apple and Android, 60% of the Apple free apps tracked users' location whereas 42% of the Android free apps did.  What's even worse is a majority or 52% of Apple free apps had access to a user's contacts and addresses, whereas only 20% of Android free apps did.  But how do you know if you have one of these apps that accesses your contact list?  Well, you could take the time to look up each app on your phone and scroll down to read the list of permissions for each app, or you could use Clueful.


Recommended Privacy App
Clueful Privacy Advisor

For users concerned about their privacy, another app from Bitdefender that I highly recommend is Clueful Privacy Advisor which is also free.  Bitdefender says "Clueful doesn't show you clues based on the permission only.  It provides clues resulted from a static analysis of the binary and the auxiliary file part of the application packet, without running the app, and clues resulted from a dynamic analysis: the normal execution of the app."

AndroidPolice, one of my favorite sites, recently did a review of Clueful.
Bitdefender's Clueful Spots Privacy Leaks, Keeps Your Apps Honest

Many times I'm wary of "sponsored reviews", but in this case I agree with everything that's said.  Clueful reads each app's set of permissions and which SDKs they may be using, but it takes this approach a step further, as each app's activity is checked in Bitdefender's labs (i.e. the cloud), and a detailed report of what the app is capable of doing is provided to the user.  It's then up to you to decide if the app should be allowed to do what it's doing.

I especially liked this next part of the review, which verifies what I have been warning our users about some Android battery apps out there...

"Once you've found the applications that make you shake your head in disgust, a tap of the name will tell you why Clueful gave it the ranking that it did  For example, there is one "high risk" app on the Nexus 7 we used to test the application, and naturally, we want to know why.  Turns out it's not so pretty.  We actually weren't aware that BatteryDash was using Airpush.  Thankfully, we were able to uninstall the app directly from Clueful.  You can also share your findings and publicly shame potential privacy spies, which is actually a nice touch.  Immediately after removing BatteryDash from the system, the Privacy Score jumped by 29 points.  Instant gratification!"

After the first scan of my HTC phone, it had a Privacy Score of 70 out of 100, and my Samsung tablet had a privacy score of 59 out of 100.  I had only a few moderate risk apps on both my phone and tablet, but after uninstalling just the updates to some factory installed apps, both devices now showed a perfect privacy score of 100!  I suspect Clueful therefore only is able to test the apps you yourself install or update, and not the apps which come pre-installed with your phone or tablet, because I've read some not very nice things about the Facebook app that is still on my phone, factory version or not.  But I can always disable the Facebook app again if I choose to.  

As I mentioned in my Battery Saving Tips blog post, I suggest that to save battery, you should never have apps auto update.  You can have Google Play notify you about updates if you choose, but do the updates yourself.  Always be sure to check to see if any permissions have been added.  Google Play will have "NEW" next to added permissions.  If you decide to accept the added permissions and do the update, and even if no permissions have changed, do a scan with Clueful afterwards to make sure nothing privacy-wise has changed.

Also, e-mail me at larryvgs@gmail.com and let me know if you've come across some particularly bad app thanks to Clueful, (especially if it's a battery app).  Even if achieving a perfect 100 is not possible unless you uninstall updates for many of your pre-installed apps as I have, Clueful Privacy Advisor is still a valuable tool to see what those apps you install yourself are capable of.