MILLIONS of phone users are advised to install the ‘strongest setting’ to thwart snatching thieves, Wi-Fi spies and a bank-emptying app.
Whether for work or home, smartphones play an important role in many people’s lives.
Phone users are advised to activate the “strongest layer of security”[/caption]
Criminals attempt to steal phone owners’ sensitive information[/caption]
Many contain sensitive information such as social media logins, banking details or personal photos.
What is Advanced Protection
Through an Android 16 update, Google is offering Advanced Protection – dubbed “the strongest layer of security” .
For Google Pixel phones and other compatible Android devices, it is designed to protect not only your devices, but also your Google Account.
Advanced Protection’s features include device theft protection, which locks the phone automatically during a potential theft.
It also offers app protection, which not only scans Google Play for unsafe apps and malware, but also blocks installing apps from unknown sources.
There is also network protection, in which the phone will avoid unsecure 2G networks.
This is in order to stop users connecting to a vulnerable network.
Furthermore, web protection blocks harmful webpages, with users receiving warnings before they visit any non-HTTPS sites on Chrome.
Dangerous apps
It comes as two dangerous apps have been banned for stealing the private photos of those who install it – allowing hackers to blackmail victims.
Although the platforms have since been removed from Google Play and Apple App Store, cybersecurity researchers warned that TikTok clone apps may also be enacting the same attack.
The platforms used to spread the malware are currency app 币coin on the Apple App Store and instant messenger SOEX on Google Play.
SOEX, which also has some cryptocurrency exchange features, has been downloaded over 10,000 times via Android‘s official app store, according to Bleeping Computer.
It’s unclear how many people have installed 币coin.
What do these apps do
Once downloaded, the 币coin iOS app immediately requests access to the photo gallery, while SOEX on Android requests the storage permissions to access images.
It is important to always check what you are agreeing to when apps request permission to access the data on your device.
If users grant the iOS app permission, the malware silently monitors the gallery for changes and steals any new images.
On Android, the malware snatches images straight from the photo gallery, along with device identifiers and metadata, and hands them straight to hackers.
Some versions of the malware, titled SparkKitty, only hunt for screenshots and images containing text – suggesting they are on the prowl for passwords and security codes.
If you have downloaded one of the infected apps, then it’s important to delete it immediately.
How to spot a dodgy app
Detecting a malicious app before you hit the ‘Download’ button is easy when you know the signs.
Follow this eight-point checklist when you’re downloading an app you’re unsure about:
- Check the reviews – be wary of both complaints and uniformly positive reviews by fake accounts.
- Look out for grammar mistakes – legitimate app developers won’t have typos or errors in their app descriptions.
- Check the number of downloads – avoid apps with only several thousand downloads, as it could be fake.
- Research the developer – do they have a good reputation? Or, are totally fake?
- Check the release date – a recent release date paired with a high number of downloads is usually bad news.
- Review the permission agreement – this agreement gives permission for the app to take bits of your data, and fake apps often ask for additional data that is not necessary.
- Check the update frequency – an app that is updated too frequently is usually indicative of security vulnerabilities.
- Check the icon – look closely, and don’t be deceived by distorted, lower-quality versions the icons from legitimate apps.
All of this information will available in both Apple’s App Store and the Google Play Store.
