Slashdot Mirror

← Back to Stories (view on slashdot.org)

Ask Slashdot: What To Do About Android Malware?

Posted by timothy on from the hope-and-pray dept.

An anonymous reader writes: What's your approach to detecting and dealing with Android malware? I have a fairly new, fairly fancy phone running Android Lollipop, the recently degraded performance of which leads me to believe that it's infected with malware. That, and a friend who noticed a lot of strange activity coming from my phone's IP — sorry, I don't have the logs, but he pointed out that there were pings coming from my phone to a lot of sketchy addresses — which pretty much seals the deal. There have been lots of stories lately about Android malware that remind me of the old saw about weather: everyone talks about it, but no one does anything about it. However, that can't be completely true, and before I reach a phone crisis, I'd like to get some sane, sage advice about diagnosing malware, and disposing of it, or at least mitigating its damage. When it comes to diagnosing, I don't know what software to trust. I've heard positive things from friends (and seen both positive reviews and terrible negative ones, raising even more meta questions about trust) about Malwarebytes, so I installed their mobile version. This dutifully scans my system, and reports no errors and malware. Which doesn't mean there isn't any, though I'd be happy to find out that I'm just being paranoid. The OS is stock (Motorola Nexus 6) and kept up to date. I have only very conventional apps, all downloaded from Google's Play store, and believe it or not I don't visit any dodgy websites on my phone, at least not intentionally. So: what's the most reliable way to get an accurate view of whether I am dealing with malware at all, and hopefully to eradicate it? Good malware hides well, I know, but is there any tool on the side of the righteous that is currently best at rooting it out? If I find a specific form of malware on my phone, how can I remove it?

27 of 191 comments (clear)

  1. Google had a chance . . . by Anonymous Coward · · Score: 3, Insightful

    to start with a completely clean slate and get it right. Instead they re-created the Windows ecosystem. Congratulations.

    1. Re:Google had a chance . . . by Anonymous Coward · · Score: 2, Insightful

      But it's free and open and full of goodness and stuff!

      Curse Apple and their walled garden! I WANT TO BE ABLE TO CHOOSE MY MALWARE FREELY!

    2. Re:Google had a chance . . . by slazzy · · Score: 2

      You don't choose Malware, good malware chooses you.

      --
      Website Just Down For Me? Find out
    3. Re:Google had a chance . . . by SumDog · · Score: 3, Interesting

      It's worse that Windows. In Windows you can reinstall the base OS (bloatware free) and then install the drivers and you're done.

      Android is to the point where they should have a standard-driver-package. Manufactures can release something similar to an apk, with the source (or just .o files, who gives a shit) that can auto-compile for all devices. That what you just go ASOP + these special packages and boom. Standard Android. You can use your manufactures custom install as well, but at least you'd have a choice. Google could add in the EULA that voiding warranties for unlocking bootloaders is out of the rules.

      It's not that difficult a fix. You could get manufactures not releasing driver package updates, sure...but at least it would make it easier to do so. Android would benefit from being more like Windows as a general purpose OS at this point.

  2. Start over by Fwipp · · Score: 4, Interesting

    Wipe it. Flash a new ROM; don't install any other app stores, don't download sketchy apps.

    If you have malware, that's cause you (or someone with access to your phone) installed it. Don't do that.

    1. Re:Start over by Feral+Nerd · · Score: 4, Insightful

      Wipe it. Flash a new ROM; don't install any other app stores, don't download sketchy apps.

      If you have malware, that's cause you (or someone with access to your phone) installed it. Don't do that.

      In other words voluntarily lock yourself into a walled garden? But isn't one of the biggest advantages of Android the freedom to install anything you want from any place you want?

    2. Re:Start over by Artem+S.+Tashkinov · · Score: 5, Informative

      Unlike iOS Android allows you to side load apps *officially* but in this case all bets are off and you MUST understand what you're doing. With Apple there's no such freedom (unless you root your phone which is unsafe and voids your warranty) at all.

      So, Google's walled garden is at your full discretion. If you like the feeling of safety you stay in it. If you want freedom, you can leave it any time you want. Most Android phones even allow you to have root if you're hellbent on having total freedom [to destroy your device].

    3. Re:Start over by AmiMoJo · · Score: 4, Informative

      The Amazon and F-Droid app stores are fine. Just avoid the less reputable ones until you learn the basics of computer use, like not installing dodgy cracked apps or "free" virus scans etc.

      Look, the questioner clearly knows enough to be dangerous to himself but not enough to wield root privileges on his phone. Best thing to do is stick to Play until he understands this stuff. Just because you have the freedom to do something doesn't mean you should assume you can do it competently.

      --
      const int one = 65536; (Silvermoon, Texture.cs)
      SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
    4. Re:Start over by thegarbz · · Score: 2

      So? It's the same with a PC. Yet malware is actually quite easy to avoid.

      Walled garden and trust are not the same thing.

    5. Re:Start over by Anonymous Coward · · Score: 3, Informative

      If you have malware, that's cause you (or someone with access to your phone) installed it.

      Not necessarily true. There are quite a few passive vectors for injecting malware into older android apps. The numerous stagefright vulnerabilities included.

    6. Re:Start over by phantomfive · · Score: 2

      In other words voluntarily lock yourself into a walled garden? But isn't one of the biggest advantages of Android the freedom to install anything you want from any place you want?

      I'm not sure why the significance of voluntarily escapes you.

      --
      "First they came for the slanderers and i said nothing."
    7. Re: Start over by Karlt1 · · Score: 4, Informative

      The difference with a PC is that when a security vulnerability is found on a Dell running Windoes and Microsoft releases a patch, you don't have to wait for Dell and Best Buy to hopefully allow you to update your PC.

      When Google releases a patch for Android, you have to hope that you phone manufacturer and your carrier push the patch to you.

    8. Re:Start over by AK+Marc · · Score: 2

      In other words voluntarily lock yourself into a walled garden? But isn't one of the biggest advantages of Android the freedom to install anything you want from any place you want?

      I'm free to invite anyone into my house I want. Yet, I still lock the doors at night. A voluntary walled garden, every night. Arguably literally. Choosing to be safe is like locking your car doors at the mall. If you lock your car doors when you go shopping, you are a hypocrite. You have the freedom to invite absolutely anyone into your car, so locking it DESTROYs your freedom. Why do you hate freedom?

      --
      Learn to love Alaska
    9. Re: Start over by AmiMoJo · · Score: 2

      There have been numerous security flaws in the crapware bundled with Dell and other manufacturer's PCs. You have to rely on the manufacturer for updates to it, or disable it. Same goes for Android.

      Google does do OS updates for non-Nexus devices. They come via the Play store. It's absolutely untrue that Google can't patch the OS. They can patch it, and what's more the Play store services can detect and remove malware, or put mitigations in for the few security issues they can't patch.

      That's why you don't see vast Android botnets. There are billions of Android devices out there, if security was even half as bad as some people make out we would be seeing armies of 0wned devices attacking us.

      --
      const int one = 65536; (Silvermoon, Texture.cs)
      SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
  3. Jumping to the conclusion by Anonymous Coward · · Score: 3, Insightful

    "the recently degraded performance of which leads me to believe that it's infected with malware. "

    Occam's razor says your degraded performance is much more likely to be due to more mundane reasons like incompetent apps / OS (Google, here's looking at you), than malware.

    1. Re:Jumping to the conclusion by AmiMoJo · · Score: 4, Informative

      Yep, the questioner's phone isn't infected by malware. He bought into the paranoid rants about Android malware that are 99% bullshit.

      If he only downloaded apps from Play he is safe. Google scan every app for malware. He's done a malware scan too. There is nothing wrong. Any performance issues are likely just because he installed a ton of crapware, much of which is now pinging advertising servers that are marked as "bad" on various hosts file lists but are actually just mundane.

      Uninstall some stuff, see if the situation improves. Or wipe back to factory and this time install one app at a time and see if it kills performance. A handy tip is to look at the battery use screen and see which apps are chewing up energy.

      --
      const int one = 65536; (Silvermoon, Texture.cs)
      SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
  4. Verification by Ash-Fox · · Score: 2

    I have a fairly new, fairly fancy phone running Android Lollipop, the recently degraded performance of which leads me to believe that it's infected with malware. That, and a friend who noticed a lot of strange activity coming from my phone's IP â" sorry, I don't have the logs

    I don't believe your friend. Verify it yourself first.

    --
    Change is certain; progress is not obligatory.
  5. Things to consider by Artem+S.+Tashkinov · · Score: 5, Informative

    In case you got a sophisticated piece of malware which installed a rootkit into your bootloader or system partition, a simple factory reset will *not* help, so your *only safe* remedy is to reflash your phone *completely*. Google for "Reflash Nexus 6" or follow this link: http://forum.xda-developers.co...

    After that make sure you install apps *only* from Google Play and you have "Allow Unknown Sources" under Security disabled. Make sure that the apps you install have a considerable number of positive reviews and the apps make use of sane permissions.

    Make sure you're the only person who uses your smartphone, because other people may do things you'll regret later. If you absolutely need to let someone use your phone, activate a guest account for them and let them run only the apps they need.

    Create a decent password for your lock screen (at least six digits) and make sure your phone locks after a period of inactivity.

    If you're extremely paranoid, before installing an app, find its offline version, i.e. apk (they are usually easily googeable) and run it through virustotal.com (I usually do that when I install unpopular dubious apps).

    1. Re:Things to consider by nadaou · · Score: 3, Interesting

      To be fair I've more faith in apps from f-droid.org than in I do in apps from the Play store. The flashlight and music player apps there don't want access to your contacts list, unique ID, and wifi connections. And their code seems to be more highly vetted than those in the Play store.

      --
      ~.~
      I'm a peripheral visionary.
    2. Re:Things to consider by nadaou · · Score: 2

      It has Robotfindskitten, what else does anyone need?

      (ok, ok, there's no Moon Buggy, yet)

      --
      ~.~
      I'm a peripheral visionary.
  6. Look through the logs by phantomfive · · Score: 3, Informative

    a friend who noticed a lot of strange activity coming from my phone's IP — sorry, I don't have the logs, but he pointed out that there were pings coming from my phone to a lot of sketchy addresses — which pretty much seals the deal.

    Pull out WireShark and see what's getting sent. I consider advertisers to be "sketchy addresses," and I think your friend is probably a noob if he didn't show you what was in the packets.
    If you're not interested in doing that, then just factory reset your phone.

    --
    "First they came for the slanderers and i said nothing."
  7. Wipe it with stock or CM, then... by thedarb · · Score: 2

    ...don't install stuff you don't need. Don't pirate apps. Educate yourself via XDA on what is safe, what is not, and what apps are simply performance suckers.

    --
    This sig intentionally left blank.
  8. Trust nothing, not even me by TrimTabTim · · Score: 2

    As with life, you need to think and act for yourself a bit here. No free and easy answers, but it's unlikely that you're "infected", you probably just have a lot of bloatware apps draining resources and spying on you. Remember, the boundary between malware and adware/spyware is thin indeed, so your best bet is to start at the beginning and re-think your digital life.

    Everything we do on our phones fits into one of two broad categories:
    1. Personal and work life. Deeply private, sensitive and important communications with friends, family and colleagues. 2. Time Wasting / Entertainment / Infotainment. Reading news, watching videos, games, app-du-jour, whatever.

    Given the state of our corporate overlords, there is no reasonable way if you care for your privacy and safety to have both sets of functions combined into one device. You got into your predicament by not realizing this. You seem like a conscientious fellow so here's a tip based on what I do:

    Get two devices:
    Phone 1: Email, voice and sms communications, photos. Nothing else. It's my life, both business and personal. NO APPS except the few which support these needs. No social crapware either. If posting that photo of my food can't wait until I get to my laptop, then it helps me realize that it isn't worth uploading - nobody wants to see it anyhow. Phone 2: A phablet with a data only 4g sim card (20 bucks a month for 3 gigs). Has apps, games and browsers for boring flights, lunch breaks, whatever. It can get p0wned, i don't care, as it's registered to a disposable gmail account and contains no personally identifying info apart from the 4g account which Vodafone can spy on. I could drop it in the trash and lose nothing but the cash to buy another, and the 3 gigs is plenty for all my time wasting needs each month.

    For phone 1, you can only be reasonably confident it is clean if you get the phone new, and discipline yourself to not fill it up with crapware. You may root the phone to remove the factory installed bloat ware, but never to side-load even more sketchy apps. Trust nothing.

    For phone 2, it hardly matters what you do as long as you don't fill it up with your private life. Have fun and enjoy if it ever gets malware. Wipe it if it ever gets slow and re-install the apps you enjoyed most. If any of these apps want to make your life "convenient" by tapping into the stuff on Phone number 1: stop. You're welcome.

    It is a shit idea to mix the two spheres, because remember, all of the app authors in the world just want to monetize your life. They aren't writing the apps because they love you, or because they are good Samaritans. Every last one of them (with a few notable exceptions) wants a paycheck. So don't be used, be a user.

  9. Ask your friend by p.g.king · · Score: 2

    "That, and a friend who noticed a lot of strange activity coming from my phone's IP"

    Sound's like your friend is a load more steps ahead than the rest of us, who have none of the information he was working to. He noticed somehow (no detail here), and he know which sites and which he believes are sketchy. Sounds like the best source of help is this friend.

  10. specifically, Facebook by raymorris · · Score: 5, Informative

    In particular, I wonder if the Facebook app is installed. It's pretty nasty. If you're not a Facebook-aholic, just use your browser to access facebook.com. If you ARE on Facebook 30 times per day or more, recognize that it's having a significant negative impact on your phone (and probably your life), then decide what you want to do.

  11. Re: Easy by Karlt1 · · Score: 2

    So the only way that you don't get malware and get OS updates (for maybe two years) is by buying the phone from the same company that makes the OS. That sounds like a wall gardened to me

    But then you said you don't install any apps. That's more like a walled desert.

  12. Google Nexus devices are only way to go Android by perpenso · · Score: 2

    At least the Apple works and have a longer span of vendor support. Scoff all you want but I can keep my devices longer as they're both longer lived and longer supported.

    The person having the malware problem and asking questions is using a Nexus 6. That's a product from Google and it gets all upgrades. IMHO the Nexus devices are the only way to go with Android, you are sure of getting long term support and upgrades. For Android development I have a Nexus 4, a 2012 device, and it upgrades to the most recent version of Android.