One of the surprisingly common questions I’m asked in my day job is “do I need to buy antivirus software for my phone or tablet?” The short answer is no — anti-virus software for sale in the Google Play store or the App Store are at best pointless, at worst, outright scams. But that’s not to say you shouldn’t take steps to protect the very personal information on your phone.
One of the best security measures is to keep your phone software up to date. Android and iOS are regularly updated for security purposes, so if your phone prompts you to update its software, do it. As my Livewire colleague Tim Biggs has pointed out, sometimes these updates bring bugs, but the bugs are usually found quickly, and squashed. And it’s better to live with the odd bug than security vulnerabilities.
As long as you’re downloading apps from official sources, then you’ve really got nothing to worry about in terms of malicious software. For Android, that means you should only download apps from the Google Play store, and for iOS, that’s the App Store.
Apple makes it nearly impossible for the average user to download apps from anywhere else unless you jailbreak your phone. So it should go without saying, don’t jailbreak your iOS device.
For Android devices, it’s a little too easy to turn off protection against dodgy apps. Within the settings of Android is an innocent-looking switch, “Install Apps from Unknown Sources”. It’s off by default and Android will warn you of the dangers if you decide to enable it, so don’t! Don’t be tempted by random software found on the internet, only trust apps from the Google Play store.
What should be of more concern is the security of your main email address, as it holds the keys to your phone, and might just provide access to the backups of your device, your photos, and other personal information. Create a unique, strong password for your email and turn on two factor authentication.
Google, Microsoft and Apple all provide two-factor authentication on their email services, and if you haven’t switched it on yet, you should. Two factor authentication is such a small inconvenience, you’ll only be asked for your code when signing in on a device you’ve never used before, but that slight delay is worth the security it brings.
Use a Virtual Private Network (VPN) when connecting to public Wi-Fi. A VPN will send network traffic from your device through a secure, protected “tunnel”, so that no one else on the Wi-Fi network can sniff your traffic, or capture the login details of the websites you visit.
If you rely on a VPN provided by your employer, check with your IT department to see whether you’re really getting any protection from it. Most corporate VPNs use “split tunneling”, where traffic to their corporate sites is protected, but traffic to personal sites, like your bank website or your Facebook account, is not.
Your best bet is to get a personal VPN account. If you only use Wi-Fi every now and then, you can probably get by with a free service like Tunnelbear, which gives you 500mb a month on their free plan.
If you spend weeks at a time on hotel or airport Wi-Fi, it could be worth paying for a dedicated VPN plan. Most VPNs have dedicated mobile apps to make joining easier, and something like Norton Wi-Fi Privacy lets you try before you buy, offering seven days free access (before a yearly subscription of $46).
And finally, make sure your device is protected with a strong lockscreen. Phones with fingerprint readers provide the best combination of security and convenience, and I personally wouldn’t recommend buying a new phone if it doesn’t have a fingerprint reader to unlock. Fingerprint readers have made their way into the mid-range phones, so security won’t break the bank.
This article originally appeared on The Sydney Morning Herald
Comments
4 responses to “Why Phone Antivirus Software Is A Waste Of Time”
No…
So is this the peter wells on linkedin who works on help desk for UNSW with no security experience what so ever with no legitimate information to back up these claims?
What the hell is this article?
Antivirus is definitely essential on your phone, Android especially!
Nowhere in the article does it address the main topic at all!
Worst advice ever! Not only that you have the wrong arguments to avoid anti virus, your advice provides a false sense of security. It might be a good idea to have a password, but this is not helping if it is you open the link in the email to the ransomware spreading website. A VPN is also not stopping you to access some malicious link to end up without any data or email, infecting your cloud data and spread viruses and adds on your social media and friends, in your name with your password saved on your phone. it might help if you would advise to turn of mobile data and internet. I would suggest Antivirus software, don’t use public wifi and a firewall for your home wifi.
As a security professional, I deeply disagree with the statement that mobile antivirus is pointless. Just look at all of the various security focused sites that have tested and benched the various solutions for Android, with real malware
I really hope that this gets taken down by an editor. I feel this article is irresponsible, and unbacked by factual information or expert opinions.
The anti-malware apps on both OS provide other functions such as app locker, permissions analysis, scanning for known issues with memory allocation, etc etc etc. All in one easy to use, centralised bundle. Some even include VPN services and specialised settings for public wifi. This assist the less savvy to get that extra bit of protection in an otherwise confusing world.
Also! Downloading apps from “trusted” sources doesn’t make those apps safe. You are relying on Apple and Google to properly vet that these apps do not have excessive permissions, and do not contain any vulnerabilities of malicious code. Both have failed in the past, and will likely fail again in future. You should never completely trust the security of your personal information to a large corporation, where you can put in place additional precautions. Most of which are free.
Never heard of malware through websites using cookies or java etc before, nope never.
So if I install Windows on my pc. But don’t install any additional applications I don’t need anti virus either right?