5 Ways Your Smartphone Can Get a Virus

Man using smartphone

It’s easier than you might think to inadvertently infect your smartphone with malware | Source: iStock

Once you’ve found a smartphone you love and have spent your hard-earned dollars on purchasing it, you probably want to keep it running like new for as long as possible. Keeping your operating system updated and protecting the security of your device are important parts of ensuring that your device stays fast and functional. But most people don’t know much about the malware that can infect their phones, and plenty of people find themselves worrying that their smartphones have been or will be infected by a virus.

As mobile-first security firm Lookout explains, however, the term “virus” is carried over from the PC world, where it refers to a program that replicates itself by attaching to another program. Hackers use this strategy to spread malware, and “virus” has become a popular term to refer to all kinds of malicious software on computers. Lookout explains that while we haven’t yet seen malware that can replicate itself like a PC virus (so you can stop worrying about a true virus infecting your phone), there are other types of Android malware just as malicious as a virus, even if it’s technically inaccurate to refer to them as such.

Hackers design malware to steal private information from a smartphone, to privately control the device, or to steal money from the device’s owner. Malware has been used to steal passwords, find account numbers, place false charges on users’ accounts, or track their location and activity without their knowledge. Malware typically ends up on your smartphone thanks to a malicious app, so make sure to avoid the following situations and prevent your smartphone from being infected with malware.

1. Downloading apps from untrusted sources

man holding smartphone and smiling

The No. 1 way to infect your phone with malware is to download apps from untrustworthy sources | Source: iStock

Downloading apps from the wrong places is a great way to inadvertently end up infecting your smartphone with malware. Many hackers target users by getting them to download apps that look innocuous, but actually use repackaged icons of popular, trusted apps to trick people into installing software that attacks the device after installation.

So where should you avoid downloading apps in order to minimize the risk of inadvertently installing malware on your device? Avoid third-party app stores, which are numerous on the Android operating system and are notorious for hosting many apps that compromise Android smartphones’ security. Google’s vetting of apps submitted to the Google Play Store isn’t perfect, but it provides an important level of protection — protection you aren’t getting if you use a different app store. Many of the apps that you can download for a third-party app store collect information about your device and serve ad banners regardless of what you’re doing on your device.

2. Downloading the wrong apps from the Google Play Store or the iOS App Store

People walking and using smartphones

Malware-infected apps can sometimes end up even in Google and Apple’s app stores | David Ramos/Getty Images

The only sure way to never download any malware is to avoid downloading apps altogether, since infected apps occasionally make it into the Play Store or the App Store despite Google and Apple’s best efforts to weed them out. So even when you’re downloading apps from the official app store, it’s still a good idea to do some research and use common sense to protect the security of your device.

When you find a new app that you’d like to try out, make sure to read some reviews first. They’ll usually tell you if there’s a problem with the app, and a complete lack of reviews is a big red flag that should tell you to avoid downloading until some appear. You can also check up on what the developer has created in the past and what kind of reputation those apps have. If the developer hasn’t published anything else, it may be a good idea to find an alternative.

3. Clicking download links on suspicious websites or in-app ads

Man using his phone

Never click download links on suspicious websites or in ads in other apps | Josep Lago/AFP/Getty Images

Another avenue through which hackers promote malware-infected apps are download links placed on the web and as ads in other apps. Even if you aren’t using a third-party app store, you could still see malicious apps advertised when you’re browsing the mobile web. Even if a download link shows a name and an icon that you trust, you still shouldn’t tap a download link on the web or in an ad, even if you trust the website or the app where the link shows up. The upshot is that you shouldn’t download apps from locations other than the official app store for your phone.

Once malicious apps have been installed, they can exploit vulnerabilities to gain root access privileges and launch code libraries that mimic legitimate services, and can gain a permanent hold on the infected device. To avoid infecting your phone with malware in the first place, you should avoid clicking on suspicious links and just open the app store to search for the app that you want to install.

4. Jailbreaking or rooting your device

Talking on a smartphone

If you’re jailbreaking or rooting your device, you need to be extra vigilant about suspicious apps | Josep Lago/AFP/Getty Images

Jailbreaking or rooting your device isn’t a bad decision by itself. In fact, if you know what you’re doing, it can afford you a lot more flexibility than you’d otherwise have. But rooting a device gives you control over the entire system, which means that with the right software, you can modify just about anything on the device. That sounds great if you want more control than your operating system would typically allow, but it also gives malware free reign to make changes on your device, access your personal data, or corrupt important system files.

Of course, there are plenty of reasons you might want to root your device. You’ll be able to customize your device, manage everything that your phone is doing, and gain access to a new category of apps. But if you don’t have a good reason to root your device, you may want to think twice about giving yourself (and any malware you might accidentally download) an open door to do some real damage to your phone. The moral of the story? If you’re going to root your phone, make sure to be especially vigilant about what you’re downloading and clicking when you’re browsing the web or the app store. And if you’ve rooted your Android phone, be 100% sure about any app that you grant Superuser privileges to, and only grant those privileges to a select few apps.

5. Ignoring basic security practices

Taking a photo with a smartphone

Even if you don’t think you’re doing something that would put your phone at risk, you should still use common sense and basic security precautions | Josep Lago/AFP/Getty Images

We wouldn’t advocate for spending all of your time and energy worrying about the security of your device. But if you’re going to be browsing the web and downloading apps on your phone, it’s not a bad idea to download an app that protects the security of your device. As Lookout notes, “sneaky, drive-by download sites can download a potentially malicious app file without any user intervention.” A good way to protect yourself is to avoid installing random downloads from your download manager, but security apps are a good way to block threats. Installing an app that will have an eye on the security of your device can free you up to worry about other things.

If you install an app that has the ability to run malware scans, complete one regularly. Depending on the app, you can run a scan automatically (whether you want to set it to once a day or once a week), which will help you keep an eye on the security of your smartphone. Take advantage of Google’s built-in malware scanner, and always keep your software up to date to ensure that you have the latest security fixes.