Slashdot Mirror

← Back to Stories (view on slashdot.org)

Ask Slashdot: What To Do About Android Malware?

Posted by timothy on from the hope-and-pray dept.

An anonymous reader writes: What's your approach to detecting and dealing with Android malware? I have a fairly new, fairly fancy phone running Android Lollipop, the recently degraded performance of which leads me to believe that it's infected with malware. That, and a friend who noticed a lot of strange activity coming from my phone's IP — sorry, I don't have the logs, but he pointed out that there were pings coming from my phone to a lot of sketchy addresses — which pretty much seals the deal. There have been lots of stories lately about Android malware that remind me of the old saw about weather: everyone talks about it, but no one does anything about it. However, that can't be completely true, and before I reach a phone crisis, I'd like to get some sane, sage advice about diagnosing malware, and disposing of it, or at least mitigating its damage. When it comes to diagnosing, I don't know what software to trust. I've heard positive things from friends (and seen both positive reviews and terrible negative ones, raising even more meta questions about trust) about Malwarebytes, so I installed their mobile version. This dutifully scans my system, and reports no errors and malware. Which doesn't mean there isn't any, though I'd be happy to find out that I'm just being paranoid. The OS is stock (Motorola Nexus 6) and kept up to date. I have only very conventional apps, all downloaded from Google's Play store, and believe it or not I don't visit any dodgy websites on my phone, at least not intentionally. So: what's the most reliable way to get an accurate view of whether I am dealing with malware at all, and hopefully to eradicate it? Good malware hides well, I know, but is there any tool on the side of the righteous that is currently best at rooting it out? If I find a specific form of malware on my phone, how can I remove it?

3 of 191 comments (clear)

  1. Start over by Fwipp · · Score: 4, Interesting

    Wipe it. Flash a new ROM; don't install any other app stores, don't download sketchy apps.

    If you have malware, that's cause you (or someone with access to your phone) installed it. Don't do that.

  2. Re:Google had a chance . . . by SumDog · · Score: 3, Interesting

    It's worse that Windows. In Windows you can reinstall the base OS (bloatware free) and then install the drivers and you're done.

    Android is to the point where they should have a standard-driver-package. Manufactures can release something similar to an apk, with the source (or just .o files, who gives a shit) that can auto-compile for all devices. That what you just go ASOP + these special packages and boom. Standard Android. You can use your manufactures custom install as well, but at least you'd have a choice. Google could add in the EULA that voiding warranties for unlocking bootloaders is out of the rules.

    It's not that difficult a fix. You could get manufactures not releasing driver package updates, sure...but at least it would make it easier to do so. Android would benefit from being more like Windows as a general purpose OS at this point.

  3. Re:Things to consider by nadaou · · Score: 3, Interesting

    To be fair I've more faith in apps from f-droid.org than in I do in apps from the Play store. The flashlight and music player apps there don't want access to your contacts list, unique ID, and wifi connections. And their code seems to be more highly vetted than those in the Play store.

    --
    ~.~
    I'm a peripheral visionary.