Way of getting malware on Android

[Silverac]

Hi,

By what means do Android devices get infected by malware ? I might be wrong but Android devices are not as easy to infect than PCs.
Like, usually malvertising on PC can get you infected but it seems like on Android, the only way you can get something is by installing an app, so either because the user did so (with an infected Google Play app for example) or perhaps something forced (website-injection) but once again, the user has to consciencously accept something (like confirm the download/permissions) in order for the malware to install.

What is your take on that ?

 

[Mooncatt]

Like, usually malvertising on PC can get you infected but it seems like on Android, the only way you can get something is by installing an app, so either because the user did so (with an infected Google Play app for example) or perhaps something forced (website-injection) but once again, the user has to consciencously accept something (like confirm the download/permissions) in order for the malware to install.

What is your take on that ?

You pretty much answered your own question. I would add that the Play store is constantly scanning itself for malware, so the chances of being infected there are slim (though has happened until the offending app was removed). The most common method of infection is via spam/pop-ups that try to scare you into thinking you're already infected.

They first give you a bogus "scan" of your phone and claim that only their app can fix it. They then instruct you to turn on the option to install apps from unknown sources because their app isn't on the Play store. That then lets you install their fake anti-malware app that gives you the actual infection and it goes downhill from there.

Piracy and automatic rooting apps are also ways that get you infected through similar means. You allow to install from unknown sources, which removes one of the biggest safeguards against malware. Android operates like a sandbox, where apps can't install themselves (even if you allow from unknown sources, you still have to ok the install), and it generally does a good job limiting their access to other parts of the system unless needed or tricked.

 

[Silverac]

Thank you for your answer.

So if I understand correctly, internet browsing should be safe if we don't allow anything to install (refuse if prompted to ok the install) ? I mean, it's not like browsing on a PC where people get infected unknowingly when accessing a website (with exploit kits, for example) ?

The second point is about the malware container, it seems like Android malware are always contained in an app (where the app can also fully be the malware), is that correct ?

 

[Mooncatt]

Thank you for your answer.

So if I understand correctly, internet browsing should be safe if we don't allow anything to install (refuse if prompted to ok the install) ? I mean, it's not like browsing on a PC where people get infected unknowingly when accessing a website (with exploit kits, for example) ?

I'm not saying it's impossible to get a drive by infection (it is a constant cat and mouse game, after all), but it hasn't happened on any meaningful scale, if at all. That's also not taking other forms of malware into consideration. Some manufacturers have installed it within their own OS (namely the cheap knockoff brands), you could have data mined via Wi-Fi snooping, phishing attacks, etc.

And remember, just because the OS is very secure, that doesn't mean it's a good idea to go visiting sketchy websites. I mean, I handle sulfuric acid almost daily and have a full body suit to protect me in case of an accident. That doesn't mean it's a good idea to purposely take an acid shower because I'm wearing the suit.

The second point is about the malware container, it seems like Android malware are always contained in an app (where the app can also fully be the malware), is that correct ?

It seems that way, and makes sense. Due to the secured nature of the OS, attackers have to resort to social engineering to convince you to willingly install their malware via seemingly innocent apps, or scare tactics. No one is going to willingly install "bestvirusdatastealer2000.apk" to their phone. Lol

 

[Silverac]

Of course, it makes sense ! It is reassuring to know that we can be safe by following basic security guidelines (avoir sketchy websites, update the device, always block the allow unknown sources option...)

In case of something goes wrong, people often advise to factory format the device. According to the previous post, if malware are embedded in apps, recovery after factory format should be safe if we choose not to recover apps ?

 

[Mooncatt]

In case of something goes wrong, people often advise to factory format the device. According to the previous post, if malware are embedded in apps, recovery after factory format should be safe if we choose not to recover apps ?

Inn most cases, correct. There have been cases where malware embedded itself so deep that it survived a factory reset. Those cases are not common, and can still be fixed by downloading and flashing a clean copy of the OS from the phone's manufacturer (though it is more technical and not always a DIY option). If the malware survives that, then the malware was embedded from the manufacturer but is not really a concern unless it's a no name knockoff.

 

[Silverac]

Thank you Mooncatt for these insights. It helped me a lot learning more about security on Android.