This blog intends to discuss a few real-time difficulties in identifying whether a downloaded Android application is safe or not, along with a few precautionary steps for Android smartphone users to follow when downloading an application.
Year-on-year, smartphone usage in India is growing at an enormous rate. These days almost everything is mobile, i.e. smartphones have accommodated users in such a way that users welcome applications even for their day-to-day commercial activities like paying bills, ticket booking, etc.
Now, there arises a serious question of trust, “How far is the downloaded application safe?” It is generally believed that an application can be reasonably judged by the permissions that it requests from the user during installation. Unfortunately, in recent times, most of the legitimate applications are seen to request permissions that appear to be in no way related to their current core functionality, but only in view of the application’s future enhancements.
Recently, I came across a popular taxi booking application requesting permission to access media files (photos/videos) as shown below.
The above scenario was observed in a well-known banking application as well.
I would also like to share another interesting incident. A couple of days ago, we at K7 Threat Control Lab, received a “false positive” report from an end user claiming that a famous game application has been flagged incorrectly.
Upon further investigation, it was noticed that the application is actually a fake installer. Unlike the original game app, this fake application tries to download further applications. The above described unexpected behaviour from a game application is not acceptable.
With many other potentially fake applications of this kind doing the rounds and the latest trend of online portals moving onto app-only services, the security risk level is certainly increasing. Worst-case scenario could involve the case of mobile wallet applications, where a user may also save his/her credit card information for future use.
It goes without saying that identifying an application as suspicious or safe remains a tough job especially for an end user. With a mobile malware application exhibiting similar permission requests and functionality to a legitimate application, the malware analysis process is complicated. Security experts invest more time in code and metadata study to confirm an application as safe, one example being the exhaustive permissions list requested by both legitimate and malware applications, that may not even be needed for their operation.
Even though the risk cannot be eliminated completely, it can be effectively reduced by following the following oft-stated traditional but yet effective precautionary steps:
- Think twice before you download an application whether you really need it.
- Download applications only from the official Playstore.
- Use the “Verify apps” feature from the Android OS to check whether the app is safe or not.
- Install trusted mobile security software, also typically downloaded from the official Playstore.
Senior Threat Researcher, K7TCL
If you wish to subscribe to our blog, please add the URL provided below to your blog reader: https://labs.k7computing.com/feed/