I received a couple of tweets from PC Pro reader Pete Bennett regarding Android smartphone security. As we chatted, it turned out he’d bought both of his kids Android phones, and was wondering whether he needed to install antivirus on them.

In my opinion, the typical PC Pro reader doesn’t need antivirus software on their phone. Yes, there are malicious apps out there, and websites loaded with dodgy code, but they’d steer clear of apps that ask for outrageous permissions, and wouldn’t click on links to suspicious-looking sites.
Kids’ phones are a different matter, however, since the little darlings are liable to download any old rubbish. Playground rumours about a great new fart app will result in links to dodgy websites spreading through social networks faster than chickenpox; before you know it, your kids’ phones will be filled with all kinds of malware.
It’s easy to pick up an Obad infection, especially via infected apps on fake versions of the Play store
A few years ago, I wrote that users needn’t worry about mobile viruses, since there weren’t many examples in the wild, and those that existed were fairly innocuous. This is no longer the case, especially on the Android platform, which has an openness and ubiquity that makes it the perfect target for malware-writers.
Take, for example, the Obad trojan, which appeared last summer. It’s a nasty bugger that can send SMS messages to premium-rate phone numbers, download further malware, and even replicate itself on other devices via Bluetooth. It was hard to detect, and hard to remove from an infected device. It was put together well, with obfuscated code and encrypted strings, and it spoke to an online command centre via a double-encrypted address. Indeed, its code was of better quality than many genuine apps in the Google Play store.
It’s easy to pick up an Obad infection, too, especially via infected apps on fake versions of the Play store, which spring up from time to time. It’s easy to land on one of these if you do a Google search for an obscure app; the fake Play stores often look just like the real thing at first glance. To stay safe, always check the URL, or perform your search via the genuine Play store.
Anyway, back to Pete’s kids. As the above suggests, I think it would be wise to install a security product, and I’ve been testing a few packages over the past few months. Like most apps, they come in free and paid-for versions, although the detection quality doesn’t seem to vary much between them – most of the main security products detect the most common Android threats. The big differences between the products tend to involve ease of use, and the variety of extended security features on offer.
App options
In my opinion, the best free product right now is Avira. Many of the free products are rather limited, but Avira includes call blocking, remote tracking and locking, all of which are features that other vendors reserve for their paid-for versions.
If you’re willing to pay a small sum for your mobile protection, my recommendation is the premium version of Eset Mobile Security & Antivirus. For a tenner a year – or less, if you sign up for several handsets, or more than one year – this offers many of the same facilities as Avira, but with a few bells and whistles, including an anti-phishing facility and a security audit of your device that shows which apps have certain privileges and rights assigned to them. You may discover, for example, that among the list of apps that genuinely need to access your location, such as Google Maps and Facebook, there’s also your copy of Angry Birds.
I’m a big fan of Eset’s user interface – it’s easy to configure, and it sits in the background consuming few resources. It doesn’t have a noticeable impact on battery life, either, which is important for a security app.
One thing you’ll discover with all these Android security apps is that they can’t automatically uninstall apps infected with malware; you’ll need to do this manually. This is due to Android’s built-in security, and it shouldn’t be a big deal for most users. (Actually, if you’ve “rooted” your phone – that is, applied a hack that lets any app run with system privileges – some security products can automatically uninstall suspicious apps. However, if you’re running your handset with root access enabled, dodgy apps are the least of your security worries.)
For Pete and his kids, my recommendation is the paid-for version of Eset, plus sensible instruction about online threats: what they are; what dangers they pose to kids; and what damage they can do to their phones. The last point is the clincher, since kids will be much more careful about online security if they know that dodgy apps or suspicious websites can knacker their precious phones.
Disclaimer: Some pages on this site may include an affiliate link. This does not effect our editorial in any way.