Symantec on Thursday released a free edition of Norton Mobile Security, aimed at Android OS phone users socked by security threats ranging from cell phone thefts to “fake” apps loaded with malware.
“We’re seeing a number of different [security] pain points around smartphones,” said Mark Kanok, group product manager for Symantec’s mobile division, in a briefing for Brighthand about the new Norton Mobile Security Lite app.
According to a study by Symantec, more than one-third of all consumers have now undergone the loss or theft of a cell phone, Kanok said. Meanwhile, in downloading some Android OS apps, users are getting hit with trojans that can let attackers take remote control of smartphones.
Norton Mobile Security Lite, the first piece of Norton software to be downloadable from the Android Market, offers many but not all of the anti-theft and anti-malware capabilities as the paid version of Norton Mobile Security, available in retail stores since February of this year.
On the anti-theft side, the free app is designed to let you remotely lock your lost or stolen phone by sending a text message, thereby stopping strangers from seeing your contact list and other personal information.
On the anti-malware side, the free Norton scans apps and other files downloaded to the phone in efforts to automatically remove bad code. It also automatically downloads and installs security patches through a feature called Automatic LiveUpdate.
Does the ‘Openness’ of Android Raise Security Risks?
Although the relative “openness” of Android vs. Apple’s iOS appeals to lots of users, the same trait can boomerang in terms of security, he suggested.
Since March or so, the numbers of total app downloads from the Android Market has nearly doubled to around six billion, according to Kanok.
“People like to download free apps, but some of these apps aren’t safe,” he contended. “One of the techniques we’ve seen is for [an interloper] to take a popular app off the Android Market, decompile it, add some malicious code, and then repost the app online,” he elaborated.
During installation, the legitimate edition of Steamy Windows asks for permissions over network communications and hardware controls.
The malicious app, on the other hand, goes on to ask for permissions over the user’s messages and personal information. More specifically, it asks for the ability to receive SMS messages and to read and write to the browser’s history and bookmarks.
With these permissions in hand, the malicious version can modify the browser’s bookmarks, sneak around to Web sites, and silenty transmit SMSes.
Is Anti-Malware Software Enough?
Kanok also acknowledged, though, that beyond relying on anti-malware software, users should try to watch out for suspicious downloads on their own.
“You should make sure to check permission rights to see if they make sense for that particular type of app,” he advised.
For example, an app might ask you for your device phone number and location. “This could be a legitimate use if it’s a mapping app. But what if a calculator app asks you for the same information? Well, that might make sense if it’s an international tip calculator. We’re doing a lot of research in this area,” he said.
If you want more anti-malware protection than you get from Norton’s free app, you can upgrade to the paid app — now available from Android Market for a yearly subscription fee of $29.99 — to gain a feature for blocking mobile phishing sites that might try to steal your user IDs and passwords.
“The general public isn’t really aware of mobile malware threats. Most people still tend to think of a smartphone as just ‘a phone,’ when these devices are really very powerful computers,”according to Symantec’s Kanok.
Indeed, in a recent independent study by Retrevo, 32% of Android OS phone users — and 36 percent of Apple iPhone users — said they “don’t think their smartphones can get malware.” Another 27 percent of the Android users — and 30 percent of the iPhone users — said they don’t know.
Are Users Protecting Against Theft?
According to the same Retrovo survey, 39% of Android OS phone owners — versus 26% of iPhone users and 30% of RIM BlackBerry users — said they “haven’t done anything to prevent misuse of their data “in the event that the phone is ever lost or stolen.
Meanwhile, as smartphones grow ever more capable (and more costly), cell phone theft seems to be on the rise. In April, New York City police reported a 17.8% jump in grand theft on the city subway system for the first three months of 2011, in contrast to the same period the year before, Officials attributed most of that increase to thefts of smartphones, which are often fenced and then sold overseas, Stolen devices containing users’ credit card information command particularly high prices. Elsewhere, police in London estimate 3,000 cell phone thefts a month in that city alone.
Norton’s paid app also adds features that include the ability to block unwanted calls and messages, and to remotely locate and wipe a lost or stolen Android phone, as opposed to just remotely locking it.