Slashdot Mirror

← Back to Stories (view on slashdot.org)

Ask Slashdot: What To Do About Android Malware?

Posted by timothy on from the hope-and-pray dept.

An anonymous reader writes: What's your approach to detecting and dealing with Android malware? I have a fairly new, fairly fancy phone running Android Lollipop, the recently degraded performance of which leads me to believe that it's infected with malware. That, and a friend who noticed a lot of strange activity coming from my phone's IP — sorry, I don't have the logs, but he pointed out that there were pings coming from my phone to a lot of sketchy addresses — which pretty much seals the deal. There have been lots of stories lately about Android malware that remind me of the old saw about weather: everyone talks about it, but no one does anything about it. However, that can't be completely true, and before I reach a phone crisis, I'd like to get some sane, sage advice about diagnosing malware, and disposing of it, or at least mitigating its damage. When it comes to diagnosing, I don't know what software to trust. I've heard positive things from friends (and seen both positive reviews and terrible negative ones, raising even more meta questions about trust) about Malwarebytes, so I installed their mobile version. This dutifully scans my system, and reports no errors and malware. Which doesn't mean there isn't any, though I'd be happy to find out that I'm just being paranoid. The OS is stock (Motorola Nexus 6) and kept up to date. I have only very conventional apps, all downloaded from Google's Play store, and believe it or not I don't visit any dodgy websites on my phone, at least not intentionally. So: what's the most reliable way to get an accurate view of whether I am dealing with malware at all, and hopefully to eradicate it? Good malware hides well, I know, but is there any tool on the side of the righteous that is currently best at rooting it out? If I find a specific form of malware on my phone, how can I remove it?

14 of 191 comments (clear)

  1. Google had a chance . . . by Anonymous Coward · · Score: 3, Insightful

    to start with a completely clean slate and get it right. Instead they re-created the Windows ecosystem. Congratulations.

    1. Re:Google had a chance . . . by SumDog · · Score: 3, Interesting

      It's worse that Windows. In Windows you can reinstall the base OS (bloatware free) and then install the drivers and you're done.

      Android is to the point where they should have a standard-driver-package. Manufactures can release something similar to an apk, with the source (or just .o files, who gives a shit) that can auto-compile for all devices. That what you just go ASOP + these special packages and boom. Standard Android. You can use your manufactures custom install as well, but at least you'd have a choice. Google could add in the EULA that voiding warranties for unlocking bootloaders is out of the rules.

      It's not that difficult a fix. You could get manufactures not releasing driver package updates, sure...but at least it would make it easier to do so. Android would benefit from being more like Windows as a general purpose OS at this point.

  2. Start over by Fwipp · · Score: 4, Interesting

    Wipe it. Flash a new ROM; don't install any other app stores, don't download sketchy apps.

    If you have malware, that's cause you (or someone with access to your phone) installed it. Don't do that.

    1. Re:Start over by Feral+Nerd · · Score: 4, Insightful

      Wipe it. Flash a new ROM; don't install any other app stores, don't download sketchy apps.

      If you have malware, that's cause you (or someone with access to your phone) installed it. Don't do that.

      In other words voluntarily lock yourself into a walled garden? But isn't one of the biggest advantages of Android the freedom to install anything you want from any place you want?

    2. Re:Start over by Artem+S.+Tashkinov · · Score: 5, Informative

      Unlike iOS Android allows you to side load apps *officially* but in this case all bets are off and you MUST understand what you're doing. With Apple there's no such freedom (unless you root your phone which is unsafe and voids your warranty) at all.

      So, Google's walled garden is at your full discretion. If you like the feeling of safety you stay in it. If you want freedom, you can leave it any time you want. Most Android phones even allow you to have root if you're hellbent on having total freedom [to destroy your device].

    3. Re:Start over by AmiMoJo · · Score: 4, Informative

      The Amazon and F-Droid app stores are fine. Just avoid the less reputable ones until you learn the basics of computer use, like not installing dodgy cracked apps or "free" virus scans etc.

      Look, the questioner clearly knows enough to be dangerous to himself but not enough to wield root privileges on his phone. Best thing to do is stick to Play until he understands this stuff. Just because you have the freedom to do something doesn't mean you should assume you can do it competently.

      --
      const int one = 65536; (Silvermoon, Texture.cs)
      SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
    4. Re:Start over by Anonymous Coward · · Score: 3, Informative

      If you have malware, that's cause you (or someone with access to your phone) installed it.

      Not necessarily true. There are quite a few passive vectors for injecting malware into older android apps. The numerous stagefright vulnerabilities included.

    5. Re: Start over by Karlt1 · · Score: 4, Informative

      The difference with a PC is that when a security vulnerability is found on a Dell running Windoes and Microsoft releases a patch, you don't have to wait for Dell and Best Buy to hopefully allow you to update your PC.

      When Google releases a patch for Android, you have to hope that you phone manufacturer and your carrier push the patch to you.

  3. Jumping to the conclusion by Anonymous Coward · · Score: 3, Insightful

    "the recently degraded performance of which leads me to believe that it's infected with malware. "

    Occam's razor says your degraded performance is much more likely to be due to more mundane reasons like incompetent apps / OS (Google, here's looking at you), than malware.

    1. Re:Jumping to the conclusion by AmiMoJo · · Score: 4, Informative

      Yep, the questioner's phone isn't infected by malware. He bought into the paranoid rants about Android malware that are 99% bullshit.

      If he only downloaded apps from Play he is safe. Google scan every app for malware. He's done a malware scan too. There is nothing wrong. Any performance issues are likely just because he installed a ton of crapware, much of which is now pinging advertising servers that are marked as "bad" on various hosts file lists but are actually just mundane.

      Uninstall some stuff, see if the situation improves. Or wipe back to factory and this time install one app at a time and see if it kills performance. A handy tip is to look at the battery use screen and see which apps are chewing up energy.

      --
      const int one = 65536; (Silvermoon, Texture.cs)
      SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
  4. Things to consider by Artem+S.+Tashkinov · · Score: 5, Informative

    In case you got a sophisticated piece of malware which installed a rootkit into your bootloader or system partition, a simple factory reset will *not* help, so your *only safe* remedy is to reflash your phone *completely*. Google for "Reflash Nexus 6" or follow this link: http://forum.xda-developers.co...

    After that make sure you install apps *only* from Google Play and you have "Allow Unknown Sources" under Security disabled. Make sure that the apps you install have a considerable number of positive reviews and the apps make use of sane permissions.

    Make sure you're the only person who uses your smartphone, because other people may do things you'll regret later. If you absolutely need to let someone use your phone, activate a guest account for them and let them run only the apps they need.

    Create a decent password for your lock screen (at least six digits) and make sure your phone locks after a period of inactivity.

    If you're extremely paranoid, before installing an app, find its offline version, i.e. apk (they are usually easily googeable) and run it through virustotal.com (I usually do that when I install unpopular dubious apps).

    1. Re:Things to consider by nadaou · · Score: 3, Interesting

      To be fair I've more faith in apps from f-droid.org than in I do in apps from the Play store. The flashlight and music player apps there don't want access to your contacts list, unique ID, and wifi connections. And their code seems to be more highly vetted than those in the Play store.

      --
      ~.~
      I'm a peripheral visionary.
  5. Look through the logs by phantomfive · · Score: 3, Informative

    a friend who noticed a lot of strange activity coming from my phone's IP — sorry, I don't have the logs, but he pointed out that there were pings coming from my phone to a lot of sketchy addresses — which pretty much seals the deal.

    Pull out WireShark and see what's getting sent. I consider advertisers to be "sketchy addresses," and I think your friend is probably a noob if he didn't show you what was in the packets.
    If you're not interested in doing that, then just factory reset your phone.

    --
    "First they came for the slanderers and i said nothing."
  6. specifically, Facebook by raymorris · · Score: 5, Informative

    In particular, I wonder if the Facebook app is installed. It's pretty nasty. If you're not a Facebook-aholic, just use your browser to access facebook.com. If you ARE on Facebook 30 times per day or more, recognize that it's having a significant negative impact on your phone (and probably your life), then decide what you want to do.