For more than 10 years of its existence Android it has gained a reputation as far from being the most secure operating system. After all, if one can imagine an infection iPhone, in principle, it is impossible, then obviously no one will be surprised if a device based on the mobile OS from Google gets a virus. In many ways, this attitude towards the platform has developed due to Google's policy, which allows users Android to install software from any source whose security may raise questions. But since I have never been attacked by malware before, I decided to figure out what I was doing wrong and why I was so 'unlucky' all the time?
Android immune to viruses, no matter who says anything
First you need to decide on the terminology. The fact is that a Trojan and a virus are completely different things, which are related only to their malicious orientation. If Trojans are applications that impersonate others and thus infiltrate victims' devices, viruses, in simple terms, are malware that automatically enters a device, can multiply itself indefinitely and spread among similar gadgets – too. by the way, automatically. Android, no matter how surprised anyone may be, has a set of defense mechanisms against viruses by 100%, so such a phenomenon as infection and further spread on it is impossible in principle.
How Trojans Get on Smartphones
Most users download Trojans to their smartphones themselves
But what about the malicious components that are automatically distributed through websites and messengers? Well, it's simple with them. Even though messaging apps or web resources often act as their distributors, to get them to the device, the user still has to confirm their download. For example, as was the case with the malicious video received by Jeff Bezos, founder Amazon. The video really got to him via WhatsApp, but if the entrepreneur had not confirmed the playback, he would not have been able to harm him.
Okay, there are no viruses on Android, and the download of malicious files must be confirmed manually. But there are applications that disguise themselves well as others and even penetrate Google Play. Yes, but this is only partly true. Malicious applications do enter the Google branded directory from time to time, but most often all the harm they cause to the user lies in the background display of advertisements. As a result, cybercriminals receive money from ad networks, and the infected device begins to run out of power faster and consume available Internet traffic. It's unpleasant, but there is nothing dangerous for your safety in this.
How to protect yourself from Trojans on Android
But what if a Trojan did get into the smartphone? Well, you shouldn't panic here either. If Google Play Protect antivirus does not block it on its own, being the same Android – application, it will still not be able to function without the necessary permissions. It's another matter if you've given him all the privileges he asked for. In this case, most likely, he will try to steal your bank account credentials in order to infiltrate the application and transfer money to the accounts of the attackers. This can be done in several ways, but most often the application replaces the authorization page, where an inattentive user usually enters his account credentials. Such an outcome is also not excluded, but many bank clients have a built-in antivirus that not only scans the device for Trojans, but also provides a secure entry, preventing substitution.
No, I am not saying that it is impossible to become a victim of a malicious attack, rather the opposite. But practice shows that for this it is necessary that several factors coincide at once. You not only have to run into a Trojan somewhere and download it to your device, but also give it the necessary privileges and, possibly, even enter your credentials in the phishing window yourself. Well, and most likely, the Trojan will not steal photos and personal videos, because they will not help it get any benefit. Therefore, watch what you download, be careful about granting privileges to applications and carefully consider the authorization windows where you enter logins and passwords.