Most mobile users know that apps frequently collect private information. While it’s true some people aren’t aware of it, most who are aware tend to be indifferent to the idea. But, don’t we deserve a little more info about what app makers actually do with the data they extract from our mobile devices?
An article by NBC’s Bob Sullivan describes a flashlight app that tracks a smartphone user’s location. It was surprising to many folks to find out that such a handy, seemingly harmless app would be tracking their physical whereabouts, and you have to wonder why an app as simple as a flashlight would need to know that. What’s more distressing is many apps collect device IDs, photos, contacts and even our gender.
Jason Hong at Carnegie Mellon University’s Human-Computer Interaction Institute revealed that users don’t care as much about what apps do with our data, as we do about being kept in the dark and being surprised about it. When seemingly innocuous apps want user data like our geographical location, like the “flashlight” example, it’s a natural response to be suspicious.
Here are a few reasons why personal data is collected:
Your data can help app makers to make important decisions related to future feature enhancements. These features may help the app to work for you in a more personalized way.
Some apps gather your personal data so that they can target specific ads to you. If your data shows you meet certain criteria, advertisers will tailor their marketing efforts accordingly.
In the case of a malicious app, your personal data could be sold or used for illegal purposes. For example, this type of app might send text messages without your consent to premium numbers. In such instances some users have reported being charged as much as $10 per message. Getting access to your contact list can be a goldmine for malware authors and spammers.
Data gathering doesn’t always have a sinister purpose, but unfortunately we usually aren’t informed why it’s needed. It’s reasonable to wonder how our private information will be used.
Although not required to say why, mobile apps most often warn us when they’re going to collect our information, and they often even specify what data they’ll take. The downside is that we aren’t given a choice – we can either agree to the exchange of data, or pass on downloading the app. That’s not satisfactory to most of us, and perhaps it will change eventually. But, for now, developers aren’t required to give us a choice and the research shows most of us are still willing to take the risk.
As users, what’s the best practice? Make it a habit to read the permission screens on all apps you download. Make a conscious decision about whether you want to give away the information wanted by the app. If you can’t understand or interpret the permission screen, go to the apps’ website, if it has one, and see if you can get more information before downloading. Make sure you have a strong mobile security app on board to catch any malicious code.
Have you used apps that surprised you with how much or what type of data they want to collect? Tell us about your experiences on our blog, or join us on Facebook.
Web access through our mobile phones is a gift that keeps on giving. Whether you’re in a tight situation and need to find a quick answer for a presentation, or are desperate to find a source for some shoes you just fell in love with, the mobile phone’s our best friend when it comes to instant gratification. Don’t forget to consider mobile security the next time you order those new shoes or research a test question.
Mobile safety is the order of the day. Malware authors are very busy right now finding new ways to tap into your mobile privacy, your identity and, well, your money. Don’t be worried about mobile safety – just be aware. Here are some reminders.
Watch out for phishing! Check the URL you’re accessing. If it looks odd, has even one incorrect character or contains a sub-domain you don’t recognize, don’t go there.
Make your purchases only from sites that are plainly secure. Before putting in a credit card number, you should see https: in the URL, and maybe a padlock symbol. If you don’t, you might be on a fake website.
Never click on an offer for free apps. Buy your apps from trusted dealers. Free apps are typically re-engineered to contain bots and spyware. Avoid them. Free isn’t free.
Don’t respond to uninvited texts, voicemail, email or pop-ups.
It’s just too easy to accidentally end up on a fake website, or to click on an infected ad for something that interests you. Even legit websites can contain noxious ads or links. Needless to say, mobile malware can spoil your day, if not worse.
The only real mobile protection comes in a strong mobile security package that will alert your before your phone gets infected. Even better — its’ free!
Your smartphone can remain your best techno-friend if you stay aware of mobile safety rules, and take a few moments to protect yourself from the bad stuff.
Please share your stories about malware that’s threatened to spoil your day. We’d love to read your comments. Share with us on our blog, or visit us on our Facebook page.
A new occurrence of Trojan-type malware is in the news this week. Designed for Android systems, it’s using Facebook’s newly acquired Instagram to disguise itself, and once it’s loaded, silently sends SMS messages to premium numbers from your smartphone at great expense to you, the user.
What are Trojans? We all know the story of the historic Trojan Horse that rolled into the city of Troy, full of armed Greek soldiers who surprised their enemy when the giant horse opened up. A mobile malware Trojan works much the same way. Once in your phone, it’s activated by your command to download, or by some other action you’re likely to take.
The shrewdest of this breed often travel in popular apps that’ve been cloned and restructured to accomplish their illegal tasks. Trojan malware can make your phone and all your activities transparent to the perpetrator. It can steal your passwords, contacts and personal information. It can also cost you lots of money.
The new Instagram malware was created in Russia with Russian text, but it will undoubtedly begin to appear in other languages. If one is alert and aware, there are signs that it’s fake. Blogger, Denise Richardson, explains that the fake Instagram app will allow you to look at photos, but might plant the image of a Russian man in the background of “a variety of scenes.” Creepy!
Watch for these signs when downloading an app, especially one that’s new and hot on the market, or one that you’ve purchased at a bargain price or obtained for free:
When you install the app, it does nothing and appears to simply be defective, it may have gone underground in your phone to send text messages or calls. Check your bills.
If the app’s graphics don’t look sharp, the text has an occasional misspelled word or you note odd grammar, it may be an imposter.
If your phone begins to be sluggish, uses too much battery or behaves differently from before, you may have downloaded malware.
If some of your files or app icons disappear, or your system is otherwise altered, there may be malware in your system.
If your friends begin receiving odd texts, voicemails or emails from you, you can be certain you have malware.
If your bill reflects unrealistic charges, you can be sure you have a Trojan running in the background.
The best defense? Be sure you’ve downloaded a powerful mobile security product that will protect your phone from malware, and extinguish it before it ever reaches your smartphone’s system. It’s the best way to rest easy that you won’t be inviting an unwanted Trojan or its distant cousins into your phone, and the best part is, it’s free!
While baby boomers are now needing glasses and hearing aids, their communication needs continue to change, as well. In this age of advanced medical care, many boomers themselves have living parents. For the aging and elderly, communication becomes a more critical part of life. Smartphones and tablets are a boon for the senior community, in more ways than one.
Senior Smartphones Abound
If your Grandma and Great Aunt Mary have their own smartphones, they’re part of a growing segment of consumers. A Nielsen study claims that folks 55-64 years old represent the fastest growing group of smartphone owners. Obviously, people in this age group aren’t necessarily hoping to look cool or wanting to fit in, but are recognizing the obvious benefits of these amazing gadgets.
Depending upon your loved-one’s age, a smartphone can provide smart shopping tips, driving directions, and emergency contact features. Senior apps are abundant, and include everything from healthcare support to origami lessons. Elderly folks are staying in touch with their kids by playing online games, and, what grandparent doesn’t enjoy producing a magic answer for a fussy child in a restaurant?
The ability to use a touch-screen rather than having to remember how to get where they want to go is a huge plus for seniors. Even those who have become somewhat forgetful find it easier to remember the meaning of a graphic symbol on a screen.
How Tech-Savvy is Your Senior?
Perhaps your aging loved one knows everything there is to know about using a smartphone. However, more likely, there are aspects of the technology that are just too complex to bother with. One of those is the threat of mobile malware. How can we expect a senior to know all about the signs of malware, what it does and how they should react to it? It’s a complicated piece of learning for some, who are satisfied just knowing how to dial an emergency contact number or how to use a GPS so they don’t get lost. Elderly folks can be easily overwhelmed with too much information, especially if it’s of a technical nature or contains unfamiliar terms.
Mobile Protection for Grandma and Grandpa
The easiest, most straightforward way to protect your loved ones from mobile malware and ensure a sense of security is to download the best mobile protection product from a trusted company. Maybe your senior smartphone owner knows that mobile malware exists, but why force him or her to get too involved in the details?
Try NQ Mobile Security
NQ Mobile Security will catch any form of malware before its able to make its way into Grandpa’s phone, and it will alert him if he’s trying to access an infected website or fake URL. It’s easy to download, it’s free, and it comes from a trusted company with more than 126 million customers. Let your seniors off the hook when it comes to malware, and give them the best mobile security available today.
NQ Mobile’s research team has discovered another new malware infection designed especially for Android devices. UpdtBot is transmitted via SMS messages, and shows up as an urgent alert to the smartphone user, telling them it needs to perform a system upgrade.
The malicious link for this new malware could arrive in your SMS log piggybacked onto any kind of text message, since this is how it travels and proliferates. Once it’s in your system, it registers with and connects to a remote server, which instructs it to quietly conduct various forms of mischief, including making expensive calls and downloading and installing uninvited apps.
Our researchers think UpdtBot will prove to be exceptionally dangerous because it poses as an innocent system file. Its creators will profit from it by sending commands to your phone to conduct stealthy, costly activities, such as making premium calls. Unfortunately, it appears that more than 160,000 Android users have already been affected by the UpdtBot malware.
NQ’s respected research team wants to take this opportunity to remind users of their common sense guidelines:
Only download applications from trusted sources, reputable application stores, and markets, and be sure to check reviews, ratings and developer information before downloading.
Before you install an app, carefully review the “permissions” and make sure you’re comfortable with the data they’ll be accessing.
Watch out for unusual or suspicious behavior on your mobile devices, such as unauthorized charges to your phone bill, text messages from unknown sources, and decreased battery life.
Download up-to-date mobile security software on your mobile device, such as NQ Mobile Security, which scans your apps for malware and helps you locate a lost or stolen device.
All NQ Mobile Security users are automatically protected from UpdtBot malware, as well as all other mobile threats. You can read more of the technical details about this malware on our NQ research site.
NQ Mobile Security offers a free download on its website. Don’t wait until you see UpdtBot’s confusing warning show up on your phone. It’s not worth taking a chance that this “bot” will visit your phone soon. Download NQ Mobile Security today.
Blogs and articles tell us to be aware of malware invasions into our mobile devices. If you haven’t yet downloaded a mobile security protection product, chances are you’ll see signs of malware sooner or later.
You could inadvertently download malware along with a seemingly legitimate app, or maybe you went online at an unsecured Wi-Fi hotspot. Perhaps you accidentally opened an unfamiliar email or SMS message. If you have no mobile protection and you’ve fallen victim to a malware infection, you may notice your phone behaving in a peculiar way. Watch for these signs.
Your Phone Becomes Sluggish: Suddenly it’s taking you much longer to run programs, access files or get on the Internet. Even shutting down your phone can become slow.
Unexplained beeps or sounds. For no obvious reason, your device begins to make an occasional beep or random operational sound.
Unusually rapid battery drain. Your battery suddenly needs to be charged much more frequently. There could be background activity taking place.
Frequent pop-up messages. Never click on these, and note whether they contain warnings telling you to download software to clean up viruses, or avoid a looming security threat to your phone.
Unwelcome images. Sometimes they’re pornographic, sometimes they replace benign images such as photos on news sites.
Disappearing Files. You may notice that some of your files, folders or icons have vanished,
Mysterious messages. Your friends and family receive text messages from your account, but you didn’t send them.
Automatic start-ups. Familiar programs on your phone (or ones you didn’t know were there) start up unexpectedly, or you become randomly connected to unknown websites.
Freezes. Your phone frequently seizes up, or you can’t leave websites or close your Web browser.
Each of these is a symptom that your phone’s picked up an unwelcome visitor. Don’t hesitate to download a trusted mobile protection product before irreparable damage is done to your phone or your privacy.
NQ Mobile Security is a highly-respected, global company offering the best mobile protection available today. Our 126 million customers would agree that the few moments it takes to download NQ’s free software is worth thousands in lost or compromised data.
So many smartphones – so many kids online! If your teenager (or tween) has his or her own Facebook page, there are things, as a parent, you should know.
We’ve all heard nightmarish stories about kids being stalked, tracked, lured and seduced into face-to-face meetings with predators, who surf online for lonely or curious young victims. News stories about suicides over cyber-bullying, and other forms of online tormenting are in the news almost monthly. But, there are other kinds of threats that you and your kids should be aware of when it comes to social networking.
Cyber scammers have developed incredibly sophisticated ways of persuading users to give them personal information. One example of an extremely deceptive scam is a new configuration of the previously-discovered malware called “Ice IX. This one waits until a user’s logged into their Facebook account, and, in due time, sends a pop-up window in front of the screen. The pop-up looks exactly like a Facebook window – logo and all. It warns the user of potential security threats, and presents a form to complete so that the account can be secured. Everyone’s heard at least something about security problems, and this is a great way to scare someone into handing out private data.
If your teenager isn’t aware of how clever cybercrime has become, he or she just might fill in the box, simply to get rid of it. If your child has a debit or credit card of his own or, worse, uses yours, the form wants that information, as well. Not just some of it, but all of it — the CID on the back, expiration date, account number and cardholder name.
Tell your kids to ignore and click away from anything that pops up and asks for sensitive information of any kind. Legitimate companies, including Facebook, would never ask for it. A good act of citizenship would be to go to the website and report such an incident.
We love having kids with mobile devices. Social networking helps them learn, communicate and enjoy the technological age in which they live. Knowing safety rules can make their mobile experience even more carefree. Download NQ Mobile Security to catch malware before it has the chance to arrive on your kids’s phones, and check out NCSA’s website for more tips, teaching materials and ideas about mobile security.
NQ Mobile’s latest malware discovery, the DKF Bootkit was featured in an article in today’s RCR Wireless. For more information about the nature of this new malware, which is designed to exploit the very root of your smartphone system, read our blog from yesterday.
See the Video
As a bonus feature, RCR includes a great YouTube video of our Managing Director for the Americas, Chris Stier, in a discussion about mobile security at the recent RCA Spring Expo conference in Orlando. Stier delivers an educational and thought-provoking presentation about the issues surrounding mobile malware and security solutions, including trends, analytics and predictions, supported by a powerful slide presentation. In addition, he provides an enlightening question and answer period for attendees.
Not everyone in the wireless industry was lucky enough to attend the RCA this year, but if you want to understand the nuts and bolts of root exploits, botnets, malicious URLs and drive-by downloads, tune in to this informative presentation, compliments of RCRWireless. The video is also available on YouTube.
Reminders
As Chris notes in his speech, and our researchers remind us, follow these important rules for mobile security:
1) Only download applications from trusted sources, reputable application stores, and markets, and be sure to check reviews, ratings and developer information before downloading.
2) Never accept application requests from unknown sources. Closely monitor permissions requested by any application; an application should not request permission to do more than what it offers in its official list of features.
3) Be alert for unusual behavior on the part of mobile phones and be sure to download a trusted security application that can scan the applications being downloaded onto your mobile device.
Download NQ Mobile Security today — our users are already fully protected from the “DKFBootKit” threat.
You may have seen the alerts last week: NQ Mobile discovered another new instance of vicious malware called the DKFBootKit. What, exactly, does that mean to smartphone owners like ourselves? Is it something our carrier will take care of, is it something we should be alarmed about? The technical jargon can be mind-numbing, causing us to move on without taking much notice. Here’s what the discovery of this new malware can mean to us.
When you boot up your PC, it takes a bit of time, as the machine reads and acts on all the instructions in its system files, like config.sys and autoexec.bat. These instructions, line by line, tell the computer what utilities to load, and provide it with a sequence of instructions. The system, as it’s commanded, activates your windows, starts up the appropriate applications and brings your computer to life.
Your smartphone has a similar startup procedure. When you turn it on, the phone’s system reads its internal instructions, one at a time, at a root level. This is how it knows how to use its built-in utilities to run the phone properly.
A Trojan family named DroidKungFu was identified quite some time ago. This family of malware comes in all different forms but is basically built in the same way. The newly discovered DKFBootKit is a member of that family.
This type of malware arrives inside a Trojan “horse” – that is, it’s enveloped in code that allows it to download into your phone’s operating system without being noticed, then releases its malicious freight into the system with some activity determined by the creator of the malware.
In this case, the DKFBootKit has been designed to load at the root level, actually replacing some of your phone’s system files and thereby gaining access to the root “privileges” of your smartphone. The ways in which it can compromise your system are numerous, but the most telling part of our researchers’ report is that this one has the ability to “phone home” and act on arbitrary commands that its controller might issue. It sounds like a bad Star Wars-type movie, but it’s real, and has the potential to cause some very tangible problems.
How does one contract this nasty infection? The DKFBootKit has been installed in legitimate-looking apps that are taken apart, infected, and re-packaged. You can’t see, smell or otherwise detect the malware as the app loads into your phone. How are you going to know if you have it? You’re not. Here’s what our researchers recommend:
1) Only download applications from trusted sources, reputable application stores, and markets, and be sure to check reviews, ratings and developer information before downloading.
2) Never accept application requests from unknown sources. Closely monitor permissions requested by any application; an application should not request permission to do more than what it offers in its official list of features.
3) Be alert for unusual behavior on the part of mobile phones and be sure to download a trusted security application that can scan the applications being downloaded onto your mobile device. NQ Mobile Security users are already fully protected from the “DKFBootKit ”threat. Download NQ Mobile Security today.
“Drive-by” is an expression popularized over the last two decades by vicious attacks among gang members. It connotes a strike that’s unexpected, stealthy and sometimes, deadly. As harsh as the term might seem, it’s probably appropriate for the type of malware that can launch a malicious raid on our mobile devices, without the slightest warning.
A drive-by download is, obviously, one that occurs without our permission or knowledge. The way we surf through our smartphones, checking email, looking at various websites and text messages, can be compared to a carefree drive through the country. Drive-by malware, riding along in everything from websites to text messages, is always cloaked in an innocent-looking link, and can be activated either automatically with the click on a URL, or by following directions that lead us to download the stuff ourselves.
One popular method persuades users to infect their own phones by displaying a warning message that the device’s security has been breached, or that some kind of security threat is looming. The message urges us to click on the provided link in order to scan and fix the dastardly condition. In a moment of concern, we may follow this advice. When we do, noxious code is released into our mobile device. This type of malware is often designed to accept orders from a remote server, which instructs it to gather our data and return it, or spread itself to everyone on our contact lists. Drive-bys are also used to launch botnets or otherwise take control over the device.
Another form of drive-by downloads involves fraudulent advertising. Clicking on an infected ad might produce a screen that urges you to submit your credit card information to purchase a product, which most often pretends to be a new and improved anti-virus software.
Naturally, the most damaging and surreptitious of these are the ones that require nothing but a click on an infected URL. What can you do to avoid clicking on a poisoned link?
First, don’t click on anything uninvited, including ads or offers for scans or free software. If there’s a product you’re truly interested in owning, do some research first and order it from a trusted vendor. Most importantly, download a legitimate, trusted security product that can detect and stop this activity before it infects your phone. It only takes a minute, and it can protect you from loss of sleep and money with one easy download. Visit NQ Mobile and download one of the world’s most highly rated and respected security package so you can surf your phone without a care.
true some people aren’t aware of it, most who are aware tend to be indifferent to the idea. But, don’t we deserve a little more info about what app makers actually do with the data they extract from our mobile devices?
usually aren’t informed why it’s needed. It’s reasonable to wonder how our private information will be used.
information before downloading. Make sure you have a strong mobile security app on board to catch any malicious code.
Whether you’re in a tight situation and need to find a quick answer for a presentation, or are desperate to find a source for some shoes you just fell in love with, the mobile phone’s our best friend when it comes to instant gratification. Don’t forget to consider mobile security the next time you order those new shoes or research a test question.
It’s just too easy to accidentally end up on a fake website, or to click on an infected ad for something that interests you. Even legit websites can contain noxious ads or links. Needless to say, mobile malware can spoil your day, if not worse.
page.
Android systems, it’s using Facebook’s newly acquired Instagram to disguise itself, and once it’s loaded, silently sends SMS messages to premium numbers from your smartphone at great expense to you, the user.
The best defense? Be sure you’ve downloaded a
needs continue to change, as well. In this age of advanced medical care, many boomers themselves have living parents. For the aging and elderly, communication becomes a more critical part of life. Smartphones and tablets are a boon for the senior community, in more ways than one.
Depending upon your loved-one’s age, a smartphone can provide smart shopping tips, driving directions, and emergency contact features. Senior apps are abundant, and include everything from healthcare support to origami lessons. Elderly folks are staying in touch with their kids by playing online games, and, what grandparent doesn’t enjoy producing a magic answer for a fussy child in a restaurant?
especially for Android devices. UpdtBot is transmitted via SMS messages, and shows up as an urgent alert to the smartphone user, telling them it needs to perform a system upgrade.
you haven’t yet downloaded a mobile security protection product, chances are you’ll see signs of malware sooner or later.
hesitate to download a trusted mobile protection product before irreparable damage is done to your phone or your privacy.
her own Facebook page, there are things, as a parent, you should know.
If your teenager isn’t aware of how clever cybercrime has become, he or she just might fill in the box, simply to get rid of it. If your child has a debit or credit card of his own or, worse, uses yours, the form wants that information, as well. Not just some of it, but all of it — the CID on the back, expiration date, account number and cardholder name.
but if you want to understand the nuts and bolts of root exploits, botnets, malicious URLs and drive-by downloads, tune in to this informative presentation, compliments of RCRWireless. The video is also available on 
of vicious malware called the DKFBootKit. What, exactly, does that mean to smartphone owners like ourselves? Is it something our carrier will take care of, is it something we should be alarmed about? The technical jargon can be mind-numbing, causing us to move on without taking much notice. Here’s what the discovery of this new malware can mean to us.
A Trojan family named DroidKungFu was identified quite some time ago. This family of malware comes in all different forms but is basically built in the same way. The newly discovered DKFBootKit is a member of that family.
among gang members. It connotes a strike that’s unexpected, stealthy and sometimes, deadly. As harsh as the term might seem, it’s probably appropriate for the type of malware that can launch a malicious raid on our mobile devices, without the slightest warning.