A Closer Look At Simple Signs That A Is Possibly Smartphone Is Infected

In a previous article we wrote here in Hackercombat.com, we have emphasized the need to change user’s perception regarding smartphones. It is not just a phone, but rather the ‘personal computer’ of all personal computers. The ‘phone’ and ‘contacts’ functions in a smartphone are just apps running on top of the portable computer, the actual identity of the smartphone. Just like any computer, smartphones are vulnerable to malware and much more exposed to unwanted software given that users tend to trust more information in their smartphone than a desktop or a laptop computer.

What are the signs that a smartphone is possibly infected?

Below are some ‘possible’ symptoms of an infected Android device, we focus on Android due to its default capability of installing apps outside of Google Play Store. We only marked them as ‘possible’, since the existence of the symptoms does not guarantee that the App is infected by malware.:

• First, do take note that jumping to the conclusion will never be helpful. Do not associate to virus infection something that can be explained by a careless user. One example is short battery life for a smartphone. This does not always mean that an Android virus infected the device and it uses the processor to work harder than a typical load, causing the short battery life. There are some actual ‘legal’, non-malicious apps that consume a lot of CPU resources, it happens for apps that have software bugs that prevent the CPU resources from being released after a certain period lapsed.
• There are apps that automatically install other apps in the background, as the main functionality of App A depends on another functionality of App B. The users have the capability to review the permissions given during the installation of App B, and the permission to install of other Apps is provided by the user during the installation. This is an option that is open for developers to leverage, especially if they wish not to program the actual critical functionality on their app, but rather depend on App B for that specific functionality. Dependence of App A to App B does not mean that App A is an Android virus.
• The phone is often warm. A warm phone is not a huge problem, especially when gaming as a 3d game will push a smartphone to clock-up its GPU and CPU in order to meet the system requirements for the game. Other users install specialty apps like FTP or WebDAV program that converts their smartphone to a virtual FTP/WebDAV server. These kinds of apps will run in the background providing network services for other computers, just like a regular desktop can do.
• Spam messages and adverts are generated and reach the phone even if the wifi and data connections are off. The chance of a genuine app to generate notifications with moving images/animations is part of the Android monetization scheme, but this can only happen if the phone is currently connected to wifi or data. With an Internet connection, the adverts are downloaded from the ad servers on-the-fly. By disconnecting to the Internet, the app cannot reach the ad server, hence the adverts are not displayed. However, if the app still displays an advert even if there is no Internet connection, that means the ad came from the phone itself. Though there is nothing illegal for developers to use the app itself for generating adverts, it is highly discouraged as built-in adverts in the app bloats the app.
• Increase of data consumption for apps even if the app is not running in the foreground. Android provides apps the capability to run in the background, the same way Linux does. The former being Linux kernel-based, it inherits the capabilities to run daemons that provides the system with background services. Of course, if the background service is not the one the user expects, that is a certain possibility that the device is infected.

How to minimize the chance that a smartphone gets infected?

• Only source apps from Google Play Store or a 3rd part App Store with a proven track record, like Amazon App Store and F-droid. The former is hosted by a retail giant, Amazon and the latter is an Android app store for open-source apps. Both are safe to use and have built a good reputation for many years of operations.
• Please turn off Bluetooth when not needed. Bluetooth has known vulnerabilities, especially older versions of Bluetooth from older phones. If the phone is running an old version of Android/iOS, make sure the Bluetooth is only turned-on if needed. An open Bluetooth PAN is using a very old version of the operating system is an open attack vector.
• Choose a phone made by a manufacturer that respects users’ rights when it comes to updated software patches. A smartphone is also a full-fledged computer in its own right, hence requires constant patching to remain secure.