Choosing Anti Virus for phone after nasty popup.

[AC Question]

Background: After clicking on a "Listen Live" arrow on a TuneGenie Radio station, I got an unexpected page "your phone is 28% corrrupted... blah blah.. blah, install this cleaner". Of course I would not, assuming it is spamware or malware. I did some screen captures and backed out the website and browser, but yet it still found its way to Google Play! I saw a progress bar so I quickly shut down the phone. Then when I restarted it, I kept wi-fi off and turned 4G off too so I could go explore system directories (ES File Explorer) but I can't tell whats good and bad. I found today's dated files, but I wish the files had timestamps, but they don't. Nothing odd looking in \Android\data with todays date which I think is where a new app package would live. Is that after download or only after install? phone is not rooted.

The phone might be clean, but I think it might still be a good idea to install a real anti-virus app and Trend Micro seems to be the vendor of choice. My phone could probably use a tune-up, clean-up anyhow. But 2 questions:

(1) I couldn't differentiate Trend Micro Mobile Security vs. Dr. Safety. what's the basic differences?

(2) the Permissions required are astounding!! re-route an outgoing call? read contacts? modify contacts? take pictures & video? shut off wi-fi? and lots more eye-rolling ones. Maybe one could stretch an explanation for all of them, but the lists are really long and puts my antenna up.

Are these apps asking for too much? Would you recommend one of these or even another app?

 

[belodion]

Since you wisely made a screenshot, could you not add that as a named site to be blocked in your broadband shield? That's what I do when I get those scare-ware pop-ups, and they then cause no further trouble.
I'm assuming, perhaps wrongly, that you were using WiFi at the time.

 

[gardengal4]

Since you wisely made a screenshot, could you not add that as a named site to be blocked in your broadband shield? ...

sounds like a good idea if I knew what a broadband shield was.

..I'm assuming, perhaps wrongly, that you were using WiFi at the time.

I was not using WiFi at the time. I typically shut it off when I am outside walking the dog. No signal is better than a weak signal. I was hoping not being on WiFi would have avoided any proper download, but not sure. Could also just delay it til next time WiFi on.

 

[belodion]

Oh, I'm sorry I wasn't clear. My own ISP, Sky UK, calls it a broadband shield, but I'm not sure whether the term is used generically among the other providers. I guess it just means firewall. Anyways, I can log in to my Sky account and add sites that I want to be blocked. I imagine that you could do the same.
But, since as you say you were not using WiFi at the time, that would not be relevant in this instance.

See this: https://forums.androidcentral.com/showthread.php?t=630081

Regarding app permissions, see this: https://www.androidcentral.com/look-application-permissions

 

[gardengal4]

Thanks for the answers. The firewall/shield would only apply with home wifi. I installed malwarebytes and scan was fine so I'm comfortable no mal occurred. Still would like to know the difference between the 2 trend micro ones though.

I've read that permission article (and others similar) many times but unfortunately it doesn't help with a specific app and a specific permission. I wish each permission listed in Google Play was a link to an explanation from *that* developer specifically why their app needs that exact permission. If they explained why they might need to reroute my outgoing calls, maybe I would be satisifed. (but I doubt it!!!) I find most of the time the permission is excessive to the app. Malwarebytes seemed like a more right-sized solution. (I hope)

 

[belodion]

I use Malwarebytes on one or two devices and have no complaints about it.

 

[VidJunky]

Do you continue to use the TuneGenie app? Just curious why you might not have simply uninstalled a clearly malicious app. How many stars did that app have? What were the reviews for the app, not the 5 start ones, the 1 - 2 star reviews? Often people who like something will neglect reviews but when something pisses us off or causes issues, like this, we'll take pen in hand. Or keyboard in this case. While you're struggling with how to prevent issues the problem app is still running.

FYI, and I'm really surprised I didn't come across this in the comments, Android is a sandboxed OS and therefore very unlikely to spawn any real virus. It is far more likely that some app will simply ask for far too many permissions and mindless consumers will grant those permissions allowing themselves to be vulnerable to any number of things. A lot of antivirus apps feed on fear and can be more detrimental than whatever you're trying to prevent, and won't stop whatever was happening in the first place. i.e. pop ups from an app with too many permissions. That's not a virus and no virus app will stop that.

Avoid danger, get informed. Read 1-2 star reviews, don't be the first or even the 10k downloader, wait until at least 100k downloads because only 1 to 2 in a hundred will review an app, don't download anything with as many 1 star reviews as 5 star reviews. Reviews are easy to fake and 5 stars will negate the effect of any low reviews. Also don't install anything with less than 3.5 stars. Its most likely junk. Try to pick name brand apps, if you haven't heard of it there's a reason. Worry less about attacks from outside your device and focus on what you allow in. GL

 

[belodion]

^ I agree with all that and my instinct would be to immediately delete the offending app, but when I researched it, it did not seem obviously bad, and it was also not entirely clear to me that the pop-up came directly from it. But yes, malware/adware/scareware - to use polite terms - but not virus.

 

[Rukbat]

First, Trend Micro is one of the big leaders in the field. Don't worry about the permissions it asks for. (If you think about it, every one of those permissions is either for checking files for viruses, keeping a virus from "phoning home" or, if it gets really bad, switching all the radios off [like Airplane mode], so that at least your data is safe.)

But not all malware is viruses, so I'd use Malwarebytes Anti-Malware as well. Install one, let it finish its initial scan (which can take hours), then install the other one. They don't activate unless something is happening - texting, a file coming in, that sort of thing. If you're just using some local app, neither one (Trend or Malwarebytes) is interested, so it stays asleep.

 

[gardengal4]

Appreciate the added input. Tunegenie is not an app. It is a website page. I keep a Chrome bookmark for it on my homescreen. This is what the page looks like:


I clicked the Play arrow and put the phone back in my pocket (while walking the dog). When I didn't hear music, I looked at the screen and saw something like this:




Unfortunately, that screen grab was obscured. Even more unfortunate is that I took 2 other screenshots and they are no longer there. ??? One of them had the URL of the worse nasty page. It had a country domain that I did not recognize. I looked it up yesterday and it was .PL I can't imagine why those screenshots are not there now...

I did run Malwarebytes scan yesterday and it says all is fine. It was a little odd though because I ran the scan while the phone was charging. Every time I went to awaken the phone to look at the progress, it appeared to re-start and showed "0 files scanned". It seemed as if when the display went to sleep, the scan did too. I will have to look into that and verify that it really did run. I will look for a log.

Despite reassurances that Trend Micro's permission requirements are ok, I can't bring myself to install it with huge list. it probably has a big footprint too that my phone may not like (I appreciate the info that it only works when something going on, but I do have to watch battery consumption. Apps that never exit are my nemesis.) And I still don't know which Trend Micro product to pick.

I have to go look for those missing screenshots. That is going to drive me crazy....

Thanks.

 

[gardengal4]

Found the images. I had grabbed them with a different tool which puts them in a different location. And it wasn't .PL it was .PW (And I've never been to an adult site in my life!!!) When I hit the backarrow to exit Chrome, I ended up in Google Play. Powered Down fast and didn't see what was attempted. That's when I was concerned an app was being downloaded, but I see no signs of anything.