QUOTE(hcleong @ Nov 4 2010, 12:53 PM)
How useful is that? Almost all the app will list require full internet access when you install it, =.=
I just follow this guide...
Opps...my xt is bootloader lock,that means so hard for hackers to crack maaa...hehe
» Click to show Spoiler - click again to hide... «
Background about Android
The first thing when understanding the security of your phone is to know a little bit about what makes it tick. Android is a 'lite' version of Linux with most applications that you download from the market written in Java.
The reason that this is important to know is that it means Android is very unlikely to ever get a virus in the traditional sense of 'virus.' Part of the reason why is because Linux is a fairly secure operating system that protects various parts of itself from other parts. For the more technically inclined this is similar to how Windows has admin accounts and limited user accounts. Because of this protection, applications downloaded from the market do not have access to anything by default. You must grant them permission for each activity they want to perform when they are installed. This is a very important point which we will address a bit later.
Nevertheless, while Android is very unlikely to get a 'virus', that does not mean you are completely safe from 'malware', 'spyware', or other harmful types of programs.
Types of Dangerous Programs
Probably the biggest threat from any application in the market is one where it trys to trick the user into entering in their data or giving it permission it doesn't require to do it's job. There are various types of these and we'll briefly define each kind just to have a common understanding of the terms.
Malware
Malware generally is more of an all-encompassing term used to describe any harmful program. This includes spyware, viruses, and phishing scams (sometimes).
Spyware
Spyware is usually used to describe software or applications that read your information and data without you actually knowing it and reporting it back to some unknown third party for nefarious purposes. Often times this includes keystroke loggers to steal passwords or credit card information.
Phishing
Phishing and spyware are often related. The work on a similar principle of tricking the user and sending user information to a 3rd party to steal it. The difference with phishing however, is that the application (or website) will pretend to be from a trusted source to try and 'trick' you into entering in your details. Usually this would be a app or website pretending to be affiliated with you bank or Paypal or your email provider (Gmail, Hotmail, Yahoo). However it can, and does include any service where someone might want to steal your identity or password. As far as I know, this is the one and only type of malware that has yet come out for Android. You can read about it here: Phishing Android App Steals Banking Info | Android Phone Fans
Virus
The definition of virus used to be more of the all-encompassing definition that has been replace by the term malware. Today, virus is more typically used to describe a specific type of software that takes control of your operating system and either damages it, or uses it for its own purposes. An example might be when a virus send emails to everyone in your email address book. Again this is the type of program least likely to be a problem for Android.
Adware
Adware is typically a bit of a grey area. Sometimes this is also called nuisance-ware. This type of application will often show the users an excessive amount of advertising in return for providing a service to the user of dubious quality. However, this type of program can often be confused with legitimate ad-supported software, which shows a mild to moderate amount of advertising while providing a useful service that the user wants. Because it can be hard to tell the difference, there exists a grey area from most anti-virus companies as to how to handle adware.
How to Protect Yourself
There are no full-proof ways to avoid all bad situations in the world, but any sane person with a reasonable head on their shoulders knows that a few good habits can keep you safe for a long, long time in whatever you do. Here are a few tips I have learned from many years as a professional software developer and from reading these forums that have many people smarter and more knowledgeable than I about Android
Read the comments in the Market
This should go without saying. Before you download any applications, be sure to read the comments. Don't just read the first three either, click through and see what people are saying. This can also help you understand how well an app work on your particular phone or your particular version of Android. Comments should also be read EVERY time you update an app.
Check the Rating
Any app that fails to maintain even 3 stars is likely not worth your time. If you are brave enough to be one of the first few to download an app, this may not apply to you, but almost all good apps have between 4 and 5 stars. This to me has been a great general rule for finding both safe, AND quality apps.
Check the permissions
There are many things an app can do to, and for your phone. But any of these things that an app can do are told to you when you download and install it. Your phone will show you a list of the things that application will need to function. Read them. Try your best to understand them in terms of what the application is supposed to do for you. For example, if you download a game of checkers, and the Market warns you that it wants to be able to read your contacts, you should think twice and probably not download it. There is no sane reason a game of checkers needs to know your friend's phone numbers.
To see the permission given to an application after installation, go to the market, press menu, downloads, then select the app, press menu again, then press security.
Check the developer's website
Make sure the developer has a website and not just some Wordpress blog. This is often again a good indication of quality as well as safety. If the developer cares about their app they will likely have a relatively nice looking website or, if they are open source, a site on Google Code. Note: sites on Google code are NOT verified or approved by Google. However, open source is usually (but not always) more likely to indicate a safe application.
Updating applications is the same as installing them fresh
Each time you update an application on your phone, you should use the same diligence as if you were installing it for the first time. Reread the permissions to see that it is only asking for what it needs and no more. Reread the comments to see if anything has changed in the opinions of the users and to see if it still works for your phone.
If you are still unsure, ask around -- the community is your anti-virus
If you see an app you want, but it seems to be asking for more permissions that it should, or it's comments and ratings are mediocre, go ahead and ask about the app in these (and other) forums. You will often find dozens if not more people who know the answers and another whole bunch wishing to know the answers to the same questions you have.
Posting your own comments
After you have downloaded an app you can post you own comments. The comment will be visible to all other android users but it will only show your first name. To do this go into the Market and press menu > downloads. You should see five empty stars at the top which you can tap to rate the app. Once you have rated the app you should see an option to add a comment under the stars.
What does Google do to protect us?
Unfortunately at the moment, not a lot. They do police the market to a small extent and investigate any reports of malware. They removed the one instance mentioned above of the phishing application to protect the users of the Market. However, the Market is not like the Apple App Store, there is no screening of applications before they are posted to the market. There are no draconian procedures or lengthy approval processes that developers have to go through to post applications. All that a developer needs to do is to 'digitally self sign' his or her application before posting it. This helps Google track any developers with ill intent such as the one who made the phishing app (we likely wont ever see his apps again), but it's just a way to manage malware after it is discovered.
What about Wi-Fi?
One of the things to remember when trying to keep yourself safe is to be very careful with public Wi-Fi. Whenever you connect to the internet through a public Wi-Fi you should never use any website that requires a password to sign into. The danger here is because you have no idea who is connecting you to the website your are trying to connect to. A good analogy would be like trying to mail a letter to your friend by giving it to a stranger in the street.
Permissions (work in progress, almost done)
When you install an application the Market will tell you all of the permissions it needs to function. These are important to read as it can give you an idea if the application is asking for permission to do more than it needs. While some legitimate apps often ask for more permission than they need, it should at least raise an eyebrow when deciding if an application is safe and of good quality. Again, to see the permission given to an application after installation, go to the Market, press menu > downloads, then select the app, press menu again, then press security.
Nov 3 2010, 01:23 AM, updated 16y ago
Quote
0.0194sec
0.67
5 queries
GZIP Disabled