Your phone is a threat. One of the easiest ways for criminals and other bad actors to weaponize your phone is by getting you to download a malicious app.
Once downloaded onto your phone, an app could gain access to your most sensitive personal and financial information, photos, conversations, and more. BuzzFeed News has revealed how your phone can be turned into an engine of ad fraud, track your keystrokes, and open other apps without your knowledge, as well as engage in all manner of other nefarious and dangerous activities.
Owning a phone means being smart about the apps you download and knowing the danger signs that an app is up to no good. Here’s what two app security experts say you need to watch out for before and after you download an app.
What to Do Before You Download an App
Use credible app stores.
“Stick to trusted sources for your apps, like the Play store, App store, or Amazon,” said Armando Orozco, a malware analyst with Malwarebytes.
Read the reviews.
Lukas Stefanko, a malware researcher at ESET, told BuzzFeed News that some people download scam apps even when the reviews clearly warn users to steer clear. Also, be wary of apps that seem to have only 5-star reviews from accounts that may not seem authentic, or that don’t offer much in the way of commentary. Unscrupulous app developers pay for reviews and ratings.
Check the star rating.
When looked at in combination, the reviews and star rating provide two powerful signals to evaluate an app. “Typically the bad apps will have a lower rating and some bad reviews,” Orozco said. Also, note whether the reviews and star ratings are out of sync (terrible reviews and 5 stars is a weird combo, for example).
Check which permissions it asks for.
Always read the permissions section of an app’s page in the Play or App store, and beware of apps asking for far more permission than they need to function. “It is suspicious if weather apps request SMS permission,” Stefanko said. Be particularly careful with apps that ask for permission to run in the background, to launch other apps, or to control the keyboard, phone, and messaging functions. Ask yourself: Does this app need these permissions to run? If not, steer clear.
Verify it’s the real app you’re looking for.
Criminals try and sneak malicious apps into an app store to trick people into downloading it instead of the real thing. If you’re looking for a popular app but the one you found has few reviews and the wrong logo, don’t download it. “If the app icon or app name mimics some popular and highly downloaded app, this also could be suspicious,” says Stefanko. Look at this fake WhatsApp Android app for example. He also suggests you read the app’s description text closely, as fake or malicious apps often contain obvious errors or nonsensical text.
Warning Signs After You Download an App
It disappears from your homescreen.
Some malicious apps will show you a fake error message that says it will be removed from your phone — but it never really goes away. Watch out for apps that do this, or that seem to disappear from your phone after being downloaded.
It displays strange behavior when you launch it.
Does the app do what it’s supposed to? If the app appears to be something other what was advertised or doesn’t have the basic functionality it promised, remove it.
It asks for additional, unnecessary permissions.
Stefanko says some Android apps will subsequently ask users to provide “device admin” access, which you should be careful about granting. “The purpose of activating device admin is to increase app privileges to make it more difficult for a victim to uninstall this threat,” he said, noting that it is used by malicious apps to lock a device and reset your PIN.
It drains your battery or data.
An app can be programmed to show ads even when you’re not using it, or to secretly mine for cryptocurrency. One sign that an app is doing things behind your back is that it drains your battery or uses up a lot of data.
Android users can check how much battery an app is using by going to Settings, searching for "Battery," and selecting "Battery usage."
On iOS, go to Settings, select Battery, and scroll down look at the battery usage by app.
Illustrations by Ben Kothe / BuzzFeed News