Exclusive: Ausdroid talks to Trend Micro’s Aman Chand about online risks and Android

A little while ago we told you about Trend Micro’s new online security suite that covers traditional technology such as your home computer and your laptop, but also includes features relevant to your mobile devices. With today’s news that Android devices could be vulnerable to a certain USSD exploit, we thought it was high time we talk to someone about other online risks that face us as Android users, and who better than Aman Chand, Trend Micro’s recently appointed Cyber Safety Expert.

I caught up with Aman today and had a bit of a chat about his role, the risks faced by smartphone and tablet users, and of course, Android.

So, Aman, tell us a bit about your role – what does Trend Micro’s cyber safety expert do?

As Trend Micro’s Cyber Safety Expert, I work directly with Trend labs, watching threats happen live and subsequently developing solutions to help fix them. My role is to understand the global trends and as a result, have the tools to advise consumers in our region about the threats facing their digital lives and what measures they should be taking to protect themselves.

The Trend labs team, made up of over 1200 personal in 12 locations globally, are responsible for the research, development and management of action centres which are committed to 24/7 threat surveillance, attack prevention and the delivery of timely solutions.

Trend labs covers all manner of risks – what kind of threats does Trend Micro see affecting mobile users specifically?

The primary threat would undoubtedly be the explosion of mobile apps, and that has meant an uncontrolled expansion in the number and quality of developers. The barriers to entry, and the relative returns, are so low that the investment into security systems, testing and proper coding are not at the same levels that traditional computer software is.

Users now also face the reality of tech-savvy criminals increasingly targeting the mobile platform. Mobile devices contain a lot of very personal information these days, and that is valuable to criminals; this ranges from simple information such as a device ID, through to personal photos and digital media, contact lists, SMS messages and personal contact information.

In the future this will expand to financial information as mobile payments move to the mainstream.

These kinds of risks have been around for awhile though. Does Android’s security model do much to prevent Android users from being exposed to these dangers?

We have recently seen an explosion in detections of mobile Malware and Adware on the Android platform. For example, we now identify over 85,000 unique malicious Android app files (commonly known as APKs). The top 3 families of threats — making up 59% of those found — are the Adware families of Airpush and Leadbolt and the SMS Trojan family known as Boxer.

We have also recently started detecting those apps that collect and attempt to send private information from the device. Of all the apps we have collected and scanned from the Android ecosystem, 12% fit this profile. From those apps we have collected from Google play, we have found that 11% collect and try to send information from the device without user intervention.

I guess it just goes to show that while Android’s security model – based on the granting of permissions – is powerful, it only works where users actually read and understand the permissions they grant when they install applications. Outside Android, what have you found?

Android has seen an exponential growth in the last 12 to 24 months and a lot of this success can be attributed to the openness of their platform; as you know, Android makes it relatively easy for developers to produce apps. Huge growth in market share and ease of producing apps is a perfect environment for cyber criminals, so as a result most of the malicious software which we are seeing is on Android devices.

Other platforms like iOS are not immune to threats, though, with Find and Call being a case in point which was recently found on Apple’s App Store. The number of threats on the other platforms like Windows Phone and Blackberry are limited, either due to the lack of market share or the difficulty of producing apps for general consumption. (ed: I’d say the lack of market share is a big factor here)

What can we mobile users do to mitigate these risks?

There’s a few ways that users can protect themselves against online risk, and most of it is common sense. As you’ve alluded to above, Android’s security model, based on permissions, is powerful – but it only works when users understand what they’re doing. When considering a new app, users should:

• Read reviews of the app before they install it
• Read the permissions that an app asks for before installing it, and asking themselves if they make sense
• Check the developer’s website and make a value judgment on whether the developer seems trustworthy

If you no longer use an app, delete it – this is a good security practice, and also good for system performance and battery life.

Keep a backup of your data – there are a number of trusted cloud backup providers, making this easy to do. Also, use a passcode on your device, and use a short timeout period before the passcode kicks in – this minimises the risk of your data being compromised if your device is lost or stolen.

Of course, you should also install a good security app.

On the topic of security apps, Trend Micro recently launched its Titanium Maximum Security product – how does this help Android users protect themselves against online risks?

We have recognised the increase in market share for Android devices, and have bundled our Trend Micro Mobile Security product into the Maximum Security Suite. It’s also available separately, and you can get it from the Google Play Store for free. (ed: while the Mobile Security app is free, and free of ads, there are premium features that expire after a month. For more information about the app, and the features available, check out Trend Micro’s product page for Mobile Security)

We have also extended our Smart Protection Network to include Mobile App Reputation, so the intelligence on threats is shared across all platforms. TrendMicro’s Android customers thus get the benefit of the learnings from our entire customer base.