How to Keep Your Mobile Device Safe from Online Attacks

When most people hear “anti-virus program” and “anti-malware,” they instantly think of desktop and laptop computers. As desktops and laptops have become life-changing mainstays in the office and home over the past 20 years, the need for protection against malicious software that can attack these computers soon followed and has become a must-have for anyone owning these devices. While online attack protection continues to be critical for laptops and computers, it has also become just as vital, if not more, for mobile devices, which have grown explosively over the past 11 years. As a matter of fact, according to a 2018 study conducted by Stone Temple, 67% of online traffic to websites worldwide comes from mobile devices, compared to 33% from desktops. While these facts show the dominance and power of mobile devices in the technology and business worlds, they also show that mobile devices are consequently a major target for hackers and cyber thieves. Depending on whether your tablet or phone runs on the Android or iOS operating systems, the security risks your devices are exposed to can vary. Regardless of the operating system, however, there are easy and practical ways to keep your devices safe. Here are some protective measures you can take right now to make your phones and tablets less vulnerable to online attacks.

Keep Up with Updates

One of the first defenses against security weakness is installing updates for anything on your phone, whether it be apps or the operating system. These software updates typically contain fixes for bugs, new features, and security enhancements. Though some mobile devices like iPhones and certain brands of Android phones are consistent and thorough with scheduled updates, for many Android devices, implementing updates can sometimes be easier said than done.

Android Update Issues

While iOS, the closed-source operating system for iPhones, is strictly controlled and updated by Apple, the Android OS, for which development is led by Google, is open-sourced, so any device manufacturer can customize Android to its liking and place it on a mobile device for sale to consumers. The problem is that when Google releases Android updates, these manufacturers have to modify their devices specifically by each model, as the manufacturers typically make the customization of the Android OS for their devices closed-source. Updating these devices to incorporate the Android updates can be very time- and resource-intensive, so many manufacturers delay update implementation or tend to only set up the updates for their newest device models, leaving old models out of the update loop. Another obstacle to timely Android phone updates can be mobile phone service providers. These service providers tend to delay the release of updates on their networks by several months, which is out of the hands of the device manufacturers. This issue is not a problem for iPhones, however, since Apple has authority to override providers and release their updates for iOS according to their schedule.As inconveniencing as this Android update issue is, there are ways to get around it. There are also developments in Google Play that have helped minimize the impact of update delays and failures on the part of Android device manufacturers.

Workarounds for Android OS Update Setbacks

Over time, several of the apps that used to come pre-installed on Android devices as part of the Android operating system package has now become available separately in Google Play Services, the app store provided by Google that is on Android devices. With this change, these apps are maintained and kept current by Google, so you don’t have to worry about relying on device manufacturers for updates for those apps. Although this benefit does not replace an actual OS update, it prevents your phone from being completely out-of-date, especially since the apps from Google Play can be installed on older versions of Android. Google has also added helpful and protective apps like the Find My Device tracking feature in Play, as well as an app-scanning capability that can watch out for malware, which is especially crucial for older devices, which are more vulnerable to attacks.If you love Android phones, another way to get past the update problem is to invest in an Android phone that provides reliable updates and product support, like Google’s Pixel. The Pixel is one of what are called “stock Android phones,” which are phones with a “pure” version of the Android OS that hasn’t been “skinned” or modified by phone manufacturers. Since stock Android handsets don’t have any special customizations that would require special accommodations for system updates, they are usually kept up to date regularly by Google when updates are released.Another alternative to ensuring you maintain updates is one that has mixed opinions and requires some technical know-how: rooting. Rooting is the process of downloading and implementing updates on your phone yourself instead of being at the mercy of the manufacturer to release them. There are some security and indirect legal risks that come with rooting, which are covered in the next section.

Avoid Jailbreaking and Rooting

With the rapid evolution and availability of mobile devices also come technical capabilities that put control of these gadgets in the hands of users. But this increased control comes with great risk, whether or not the user is technically savvy. Although these capabilities allow users to customize their device experience and functions, they do come with certain dangers and legal implications.

Jailbreaking

Typically done on iPhones, jailbreaking is the removal of restrictions set up by the manufacturer of the device. It requires finding a security weakness and using it to get past the manufacturer’s defenses. With the removal of system restrictions, users can install third-party programs found outside the device’s app store that the manufacturer has not approved according to its standards. Manufacturers usually frown upon jailbreaking because it violates the phone’s software license agreement. As a result, jailbreaking can void your device’s warranty, and the manufacturer can refuse to service your phone if it has any software problems after being jailbroken.

Rooting

With rooting, a user gains “root access” to a device’s operating system so that he can grant access to certain apps at the root level, allowing these programs to perform various types of functions, including major ones like program uninstallations. Like jailbreaking, rooting on many devices requires exploiting a vulnerability and can cause problems if the user is not knowledgeable about device functions.Even though jailbreaking or rooting can invalidate the warranty on your device, they are technically not illegal in the United States as of 2015 under the Digital Millennial Copyright Act (DMCA). In Europe, the Free Software Foundation Europe (FSFE) has worked to ensure that rooting a device does not cause the device owner to forfeit his warranty. However, there are activities that can be done on a jailbroken or rooted phone that are illegal, such as getting free access to paid apps or services for which payment must be made.

Only Connect to Known Computers and Password-Protected Wi-Fi

When you need to connect to another device like a desktop to transfer files or back up information, make sure you’re only connecting computers you know and trust. If you ever need to transfer or back up files but don’t trust the device on-hand, try backing up and transferring to a cloud service like iCloud or Google Cloud Storage.Whether at home, a library, or a coffee shop, make sure you’re browsing the web on your mobile device using only secure Wi-Fi connections that require passwords. Unsecured Wi-Fi networks can leave you open to malware infiltration on your computer, and they can also allow attackers to virtually snoop on your computer, which can involve viewing your web browsing history or acquiring your login credentials to sites.

Anti-Virus and Anti-Malware Programs

Just like with desktop and laptop computers, protection is available for mobile devices like tablets, iPads, and mobile phones against malware, which is an umbrella term for various types of malicious computer applications like viruses, worms, and Trojan horses. Depending on what operating system your device uses, however, certain types of protection may or may not be necessary.

iOS

According to Apple, iOS devices do not need protection against viruses, which are software programs that infect devices by attaching themselves or piggybacking, onto other programs without the computer user's knowledge. To Apple’s credit, the manufacturer’s formidable hardware, software, and fortress-like security measures including encryption, Touch ID, pin codes, and more provide protection that effectively guards against the majority of attacks on non-jailbroken devices, as there are no known viruses for iOS.Although Apple is quite thorough in covering vulnerabilities with formidable design and regular updates that close off any weaknesses, iPhone and iPad users can still be vulnerable to attacks like identity theft and phishing scams from malicious websites. Apps like Trend Micro Mobile Security can guard against such dangers, and other security apps like McAfee's Private Photo Vault, Backup, Mobile Security will provide extra layers of protection for things on your phone like photos and contact lists.

Android

Unfortunately, Android devices are more vulnerable to malware attacks than iOS devices. This is because a large percentage of mobile phone users use Android-based devices, which has caught the attention of cybercriminals who have crafted methods of attacking these devices for valuable information such as identities, credit card information, and more. What makes malware especially effective is that it does not require code to infiltrate these devices; malicious programs can invade Android devices through fake apps as well as pirated apps, which are legitimate apps that have been infected with malicious programs.Fortunately, devices that run on Android 2.2 or later can utilize Google’s malware scanner, which, before installing an app obtained outside of the Google Play store, can scan the application and warn of possible dangers. Google Play also provides a wide variety of anti-virus apps that offer extra levels of protection for Android devices. Some of the go-to brands that have been trusted for years include Norton, AVG, and BitDefender.

Join the Fight to Keep Mobile Devices Safe

If hacking and security exploitation are topics that interest you, but you want to be on the “protective” side of hacking, learn more about these topics with a solid, educational foundation. Consider taking one or more of Cybrary’s security courses:

• Web App Security Fundamentals
• The Art of Exploitation
• The Art of Exploitation Virtual Lab
• Penetration Testing and Ethical Hacking Course