More easy things you can do to secure your smartphone and tablet.
On our blog last week, we shared the first 7 easy security measures to protect your Android devices and the data stored there. But we haven’t finished them. Let’s go a little further.
8. Keep an eye in your phone or, if you can, set Geofencing protection
Don’t put your phone down and go somewhere else. And if you’re having fun in a bar and drinking a beer with friends, have a lucid thought before starting: Turn the Avast Geofencing module on. It’s easy. Open Avast Premium Mobile Security > Anti-Theft > Advanced Settings > Geofencing.
9. Be aware of what permissions apps require
Why should a flashlight app need access to your contacts? Why would a calculator need access to your photos and videos? Shady apps will try to upload your address book and your location to advertising servers or could send premium SMS that will cost you money. You need to pay attention before installing or, at least, uninstall problematic apps. It’s not easy to find a way (if any) to manage permissions in a non-rooted Android phone.
We have written about this before as apps could abuse the permissions requests not only while installing but also on updating. Read more to learn and be cautious: Google Play Store changes opens door to cybercrooks.
10. Keep your device up-to-date
Google can release security updates using their services running in your devices. Developers can do the same via an app update. Allow updates to prevent vulnerabilities, the same as you do in your computer. But pay attention to any changes. See tip #9.
You can encrypt your account, settings, apps and their data, media and other files. Android allows this in its Security settings. Without your lockscreen PIN, password or gesture, nobody will be able to decrypt your data. So, don’t forget your PIN! Nevertheless, this won’t encrypt the data sent or received by your phone. Read the next tip for that.
12. In open/public Wi-Fi, use a VPN to protect your communication
Cybercrooks can have access to all your data in a public, open or free Wi-Fi hotspot at the airport or in a cafe. Avast gives you the ability to protect all inbound and outbound data of your devices with a secure, encrypted and easy-to-use VPN called Avast SecureLine. Learn more about it here.
13. Set the extra features of Lollipop (Android 5)
If you’re with Android Lollipop (v5), you can set a user profile to allow multiple users of the same device. You can create a restricted user profile that will keep your apps from being messed with by your kids or your spouse.
You can also pin the screen and allow other users to only see that particular screen and nothing more. It will prevent your friends and coworkers from accidentally (or on purpose) looking into your device.
14. Backup. Backup. Backup.
Well, our last tip is common digital sense. If everything fails, have a Plan B, and C and D… With Avast Mobile Backup you can protect all your data: contacts, call logs, messages, all your media files (photos, musics and videos) and your apps (with their data if you’re rooted) in safe servers. If your device gets broken, lost or stolen, everything will be there, encrypted and safe, for you to restore to your new device.
Have you followed all our tips? Are you feeling safe? Do you have an extra protection or privacy tip? Please, leave a comment below.
Avast Mobile Security includes many handy anti-theft features that can help you locate your stolen or lost phone. You can wipe it remotely, it informs you if your SIM card has been stolen, and even allows you take pictures of the person who took your phone. Another cool feature of Avast Anti-Theft is the siren. I decided to test the siren with my friend, who had just downloaded Avast Mobile Security, to see how it could affect a phone thief.
What does the Avast Anti-Theft siren do?
The Avast Anti-Theft siren was developed by the Avast mobile team to be activated when you either lose your phone (even if it is misplaced in your room and on silent) or if it gets stolen. The siren continuously and loudly says the following, by default, when activated: “This device has been lost or stolen!”. In the advanced settings of Avast Mobile Security you can customize what message the siren will sound, if you do not want to use the pre-set message. You can do this under “Select Sound File” or “Record Siren Sound”.
The siren is designed to frighten phone thieves, or to warn people surrounding the thief that the phone might be in the hands of the wrong person. When the first siren cycle began, we tried to turn down the volume. However, the alarm would begin again at the loudest possible volume. We then decided to see what would happen if we took out the battery, this stopped the siren of course, but as soon as we put the battery back in, the siren started to go off again. To say the least, we agreed that it would effectively frustrate and annoy a thief too.
How to turn off the siren
After a minute of testing the app, we decided to turn off the siren using one of these two possible methods:
MyAvast: You can control your phone remotely via your MyAvast account. In your MyAvast account you can keep track of all your devices that have Avast products installed on them. From within your MyAvast account you send numerous Anti-Theft commands to your phone, including activating and deactivating the Anti-Theft siren. Once you are logged into your MyAvast account click on the name of the mobile device you want to control and then click on the siren symbol. From there you can send a command to turn the siren on and off.
SMS command: Using the Avast PIN you set up when you downloaded Avast Mobile Security, you can send SMS commands to your phone to remotely control it. To turn the siren off, text your Avast PIN followed by “SIREN OFF” to your phone.
Have fun checking out Avast Mobile Security’s cool and handy Anti-Theft features, but, please, use caution when testing the siren
Avast is the leader in the cyber security arms race.
There are others fighting the fight, but a 21.4% share makes Avast the leader in the antivirus vendor market as reported in OPSWAT’s quarterly market share report.
That’s good news for individuals and business owners concerned about protecting themselves from vulnerable networks, swiped passwords, pilfered finanical data, erased online identities, and stolen Social Security or national ID numbers. Opinions about the future of cyber-attacks range from doom and gloom to optimism about the steady progress in security, but the fact remains that in today’s world, we have to work around the Internet’s vulnerable design and motivated hackers challenging businesses and home users.
“Installing an antivirus product is the first, not last, step to having a safe and secure computer,” said OPSWAT’s Gears product manager, Adam Winn. “Avast’s popular antivirus and security products are helping to improve security for all. Creating accessible antivirus products for home users contributes to an overall improved security status for everyone, even businesses.”
The OPSWAT report contains the latest figures on antivirus market share and usage, as well as analysis of compromised devices. A disturbing finding from the report stated,
More than 90% of Windows PCs have not run an antivirus full system scan in the last 7 days. Of these, 15% hadn’t even had their antivirus definitions updated within the previous three days which might explain why over3% were found to be seriously infected.
“It’s reasonable to assume in an organization with 400 PCs, a full dozen are compromised,” said Winn as an illustration of the seriousness. “The interconnected state of computing has blurred the lines between home and business, especially with BYOD, remote working, and SaaS. For this reason, it’s in everyone’s best interest that traditional antivirus protection continues to be in place to deter casual and commodity attacks.”
A lack of regular updates and full system scanning is especially problematic. Organizations without robust endpoint management and solutions in place to identify and remediate these risks are giving insecure devices access to their networks and could find themselves in violation of data security regulations.
The data for the report was collected by OPSWAT GEARS, a free device security and management tool. You can add your computer to the sample if you don’t mind them collecting information regarding the applications installed on your computer. Check it out here, https://www.opswatgears.com/
A couple of days ago, a user posted a comment on our forum regarding apps harboring adware that can be found on Google Play. This didn’t seem like anything spectacular at the beginning, but once I took a closer look it turned out that this malware was a bit bigger than I initially thought. First of all, the apps are on Google Play, meaning that they have a huge target audience – in English speaking and other language regions as well. Second, the apps were already downloaded by millions of users and third, I was surprised that the adware lead to some legitimate companies.
The Durak card game app was the most widespread of the malicious apps with 5 – 10 million installations according to Google Play.
When you install Durak, it seems to be a completely normal and well working gaming app. This was the same for the other apps, which included an IQ test and a history app. This impression remains until you reboot your device and wait for a couple of days. After a week, you might start to feel there is something wrong with your device. Some of the apps wait up to 30 days until they show their true colors. After 30 days, I guess not many people would know which app is causing abnormal behavior on their phone, right?
Each time you unlock your device an ad is presented to you, warning you about a problem, e.g. that your device is infected, out of date or full of porn. This, of course, is a complete lie. You are then asked to take action, however, if you approve you get re-directed to harmful threats on fake pages, like dubious app stores and apps that attempt to send premium SMS behind your back or to apps that simply collect too much of your data for comfort while offering you no additional value.
An even bigger surprise was that users were sometimes directed to security apps on Google Play. These security apps are, of course, harmless, but would security providers really want to promote their apps via adware? Even if you install the security apps, the undesirable ads popping up on your phone don‘t stop. This kind of threat can be considered good social engineering. Most people won‘t be able to find the source of the problem and will face fake ads each time they unlock their device. I believe that most people will trust that there is a problem that can be solved with one of the apps advertised “solutions” and will follow the recommended steps, which may lead to an investment into unwanted apps from untrusted sources.
Avast Mobile Premium detects these apps, protecting its users from the annoying adware. Additionally, the apps’ descriptions should make users skeptical about the legitimacy of the apps. Both in English and in other languages such as German, were written poorly: “A card game called ‘Durak‘ – one of the most common and well known game“.
The apps‘ secure hash algorithm (SHA256) is the following: BDFBF9DE49E71331FFDFD04839B2B0810802F8C8BB9BE93B5A7E370958762836 9502DFC2D14C962CF1A1A9CDF01BD56416E60DAFC088BC54C177096D033410ED FCF88C8268A7AC97BF10C323EB2828E2025FEEA13CDC6554770E7591CDED462D
The Avast Mobile Security Team will be introducing its latest suite of apps and solutions at this year’s Mobile World Congress in Barcelona, March 2 – 5.
The team, including Jude McColgan, President of Mobile, and Daniel Cheng, Head of Worldwide Mobile Sales and Marketing, will be participating in this must-attend conference for mobile industry leaders, visionaries, and innovators.
The Avast team are leaders in securing the mobile ecosystem as it expands into the retail, banking, and health services industries. Along with interesting discussions about the latest security threats and vulnerabilities for Android and iOS devices and how users can protect themselves from those threats, our team will show users how they can free their phone from unnecessary files to gain valuable storage space on their mobile devices.
New threats and trends
Mr. McColgan and Mr. Cheng will introduce a solution that addresses Wi-Fi security issues. Many people don’t know that connecting to Wi-Fi networks on-the-go at cafes, airports, or hotels make them vulnerable to hackers. Without the protection of a virtual private network (VPN), hackers can gain access to people’s emails, browsing history, and personal data. Now, routers are increasingly becoming targets for hackers, harboring new risks for iOS and Android smartphones and tablets. Avast will be revealing new research data, then introducing a solution for this threat at Mobile World Congress.
Storage on your smartphone and tablet can be a challenge especially when social media, video, music streaming, and news reader apps pile up data that eats up valuable storage space. Avast will showcase a new solution that addresses this problem.
If you are attending Mobile World Congress, please stop by and visit the Avast team at stand 5K29 in Hall 5.
For the rest of us not lucky enough to travel to Barcelona during the Mobile World Congress, visit the Avast blog and Facebook page where we will keep you updated on all the announcements and happenings. Take a look at some of the fun from last year’s event.
A few precautions can make a huge difference in the safety of your phone and the important things you saved on it.
We talk a lot about protection and privacy here in our blog. It’s a bit obvious as our “life” is in our devices nowadays: Photos of our last trip or our loved ones, videos of our children playing and growing up, contacts both professional and personal. All our precious and irreplaceable data is stored in these little machines. Take a minute of your time and follow us in this easy tour to protect them and save a lot of time and headaches.
1. Set your lockscreen
You wouldn’t leave your home door unlocked, would you? Same goes for your phone with all your private data. Set a password or PIN to prevent direct and easy access to your phone. Gestures and face recognition are less secure, but are better than nothing.
2. Hide your passwords from nosy people
You will argue that people around you can look over your shoulder and see what PIN or password you’re typing or gesture you make. Generally, we’re not worried about trustworthy people around us, but what about strangers in a public place like a bus or train? Open your phone settings and hide your passwords by unchecking the option: Settings > Security > Make passwords visible.
3. Protect your apps with a PIN
Not all apps are equal when it comes to security and privacy. Probably the weather app or calculator won’t keep your personal info. However, your messages and banking apps will thank you if you help them to keep their data private. You can imagine what might happen if your kids to open a specific app while they’re playing in your devices. Use Avast Mobile Security to set a PIN to block access to your apps. As an extra security measure, it will be good that your lockscreen and Avast PINs are different ones.
4. Disable installation of apps from unknown sources
If you do not use other app stores besides Google Play, then uncheck the option “Unknown sources” in your phone’s Security Settings page. Even the Google Play Store sometimes allows malware to get by. It’s well known that most Android malware are fake apps disguised as legitimate apps, so double check the publisher. Be cautious of downloading from fake sites disguised as official ones – check the URL. Avoid completely pirated and cracked sources.
5. Set Avast Mobile Security to scan any app before installing
If you really need to use legal third party stores, like Amazon or F-Droid, please be careful: Keep Avast Mobile Security always on. You know that Avast scans any installed and running app. But do you know that you can set it to scan any app that is about to be installed? After you’ve installed Avast, when you’re about to install a new app, the phone will ask you if you want Avast or the default installer to handle the installation by default. Use Avast, it will scan and then release the app to the default installation process.
6. Disable USB Debugging
This tip is for advanced users. If you have enabled Developer options into your device (and you will know exactly if you did as you’re an advanced user!), please, turn USB debugging off. You will protect your device from outside abuse (via adb connections) if you do so. You don’t need it to be on all the time.
7. Install and set Avast Anti-Theft
This is an old tip, but it’s so important that it should be on all smartphone safety tips lists. Just note that installing is not enough. You need to properly configure Avast Anti-Theft (don’t worry, there is an easy wizard for it) step-by-step. It’s good to check if your location services are properly set also, otherwise, it will be difficult to track it. In other words, go to Settings > Location Access and set High accuracy mode.
We’ll talk about the other 7 tips in next days, so come back to the Avast blog.
It’s European #DataProtection day! Every day we visit websites and willingly hand over our name, address, and credit card number. Have you ever thought about what happens to that data or what your rights are?
Members of the European Union (EU) enjoy a high standard of protection of their personal data. The Digital Agenda for Europe lays it all out for you on their website. Here’s a summary:
The burden to protect you is on organizations
The EU Data Protection Directive ensures that personal data can only be gathered under strict conditions and for legitimate purposes. Organizations that collect and manage your personal information must also protect it from misuse and respect certain rights. One of the objectives is that organizations notify their customers, in plain language, what information is collected and how it is used as well as get permission before using any personal information.
One of the stumbling blocks has been the so-called one-stop-shop for businesses and citizens in each member state in which authorities will handle citizens’ complaints about any breach of the rules. There are just as many ideas on how to run it as there are EU member states.
You must be notified of cookies and data breaches
The Directive on Privacy and Electronic communications (ePrivacy Directive) ensures that all communications over public networks maintain a high level of privacy. For example, this directive requires website owners marketing online to EU citizens to obtain consent from users, via some kind of opt-in, before implementing cookies or other technologies to capture online visitor information. (See below for information on managing your cookies.)
If your data is stolen, the ePrivacy Directive states that you should be notified. That’s good because data theft can result in identity theft or fraud, damage to your reputation, loss of control over your personal data or a loss of confidentiality.
However, this fall, the rules changed slightly and now businesses don’t have to notify consumers that their personal data has been lost or stolen if the data has been encrypted. The ministers figure that the business has “appropriate technological protection measures” to protect the data that has been lost or stolen from being accessed by people not authorized to see it.
Viewing and managing your cookies
For those of you not familiar with the term, cookies are small files stored in your browser that contain information about your visit to a web page. They help tailor your online shopping experiences by doing things such as recording items in your shopping cart, they also recommend products based on your interests, allow auto-log in and compile browsing histories.
In most modern browsers, you can control cookie settings. The options include viewing stored cookies, controlling which sites you accept cookies from, and setting how long they may be stored and used.
- 1. Open the drop-down menu in the top right corner of the Chrome browser, select Settings.
- 2. At the bottom of the page, click Show advanced settings.
- 3. In the Privacy section, open the button that says Content settings.
- 4. Under Cookies, you check or uncheck the options to manage the settings.
- 5. To see individual cookies, click All cookies and site data.
- 6. To remove cookies, hover the mouse over the entry. Click the X to delete.
- 7. To delete all cookies, click Remove all.
For instructions to clear cookies in Firefox, please visit Mozilla’s support page.
For instructions on clearing and managing cookies in Internet Explorer, please search Microsoft help for your version of IE. Here’s general information.
Privacy plays a growing part in customer buying decisions. With every data breach, trust is eroded further.
Privacy and security are intertwined when it comes to our individual information. Consumers are becoming increasingly aware of the value of their personal data, so that means that businesses have to step up and do a better job of securing that data. Identity theft is the #1 fear of consumers, but for your business the risk is loss of trust and brand damage.
Since trust is the core of any transaction it’s important to know how privacy factors into your customer’s buying decisions. Research shows that almost 40% of consumers made buying decisions based upon privacy. When looking at who these people are, it was found that these individuals are aged 46-65 and have the highest incomes. But don’t rely on the business of the younger generation to supplant that once trust is lost; 27% of millenials abandoned an online purchase in the past month due to privacy or security concerns.
To mark Data Privacy Day on January 28, the following Privacy is Good for Business tips were created by privacy experts in civil-society, non-profit, government and industry and aspire to help business address the public’s growing privacy concerns:
- If you collect it, protect it. Follow reasonable security measures to keep individuals’ personal information safe from inappropriate and unauthorized access.
- Be open and honest about how you collect, use and share consumers’ personal information. Think about how the consumer may expect their data to be used.
- Build trust by doing what you say you will do. Communicate clearly and concisely to the public about what privacy means to your organization and the steps you take to achieve and maintain privacy.
- Create a culture of privacy in your organization. Explain to and educate employees about the importance and impact of protecting consumer and employee information as well as the role they play in keeping it safe.
- Don’t count on your privacy notice as your only tool to educate consumers about your data practices.
- Conduct due diligence and maintain oversight of partners and vendors. You are also responsible for how they collect and use personal information.
Question of the week: I use two-factor authentication when logging into my accounts to keep them safe, but what happens if I lose my phone? Can I still access my accounts?
Security-minded individuals know the benefits of using two-factor authentication to keep their online accounts safe. For those of you who are not familiar with it, two-factor authentication is a security process which uses a combination of two different components, like something that you know, a master password or PIN, for instance, and something that you possess, like a token which can generate a number code or, more conveniently, your smartphone.
Using these two things in combination can provide unique identification when entering a site because you provide the password as well as a one-time use security code generated by your security token. If someone learns your password, your accounts are still protected because they need the security code too. Two-factor authentication can reduce the incidence of identity theft and phishing, and we suggest the use of it.
There are a number of authenticator apps made for Android smartphones. For example, Google Authenticator lets you use a security code and your own password for sites and services like Facebook, Dropbox, Evernote, and WordPress. The app creates a link between your account and your device.
I lost my phone. How do I access my accounts?
If you are so security-minded that you use two-factor authentication to begin with, then you have probably taken precautions before you lose your phone. The majority of authenticator services allow a way to recover your access and remove the authorized device from your account. That is, if you change your mobile device, then you can disable the two-factor authentication from your account before doing so. Most commonly, you would use backup codes, send the codes via SMS to a trusted backup phone, or use a trusted computer. Sometimes, the service providers take several business days to verify your identity and, if possible, grant you access again.
But, if you failed to plan ahead and you lose your phone or if you buy a new smartphone without disabling the account, to use two-factor authentication again, you’ll need to install an authenticator app on your new device. The old device and the old backup codes won’t work anymore. Some of the sites you have synced to may also have their own procedure, for example, Dropbox.
Recently, an app is making the use of this security measure much more convenient. Authy is an app that manages your two-factor accounts on Android devices, iPhones, and even your PC. Any of these devices could be used to generate tokens and sync with each other. One authorized device could de-authorize a stolen one. A master password could block the access to Authy in these multiple devices and your settings are all kept encrypted locally. Neither Authy’s developers nor hackers would be able to access the tokens.
Maybe this complex recovery process is what does not make two-factor authentication omnipresent. But, after all, you just need to take a few precautions to increase your security a lot.
Of course, it’s better not to lose your devices and for this, you should install and configure Avast Anti-Theft, which can help you find a lost device and even recover a stolen one with its tracking features. It can be downloaded and used for free from the Google Play Store.
Make Avast quiet when you are playing games or giving presentations.
We know you love Avast, but when you are giving a presentation to the big boss, or concentrating on playing an important game, it may not be the best time for a popup that says your computer is running slowly to appear. That’s why we made it easy for you to silence Avast.
Activate the Silent/gaming mode when don’t want to be interrupted. This will cause Avast to run in silent mode when a full-screen application is running. This means your games or other full-screen applications will not be interrupted with annoying popups or other messages.
Turn this mode on quickly by clicking on the orange Avast icon located in your computer’s system tray. Right-click on the Avast icon and a short menu will appear. Click on Silent/gaming mode to turn it on.
You can also access this option within the main user interface. Go to Settings>General and check the box for Silent/gaming mode. This will disable messages, popups, and alerts in Avast.
Turn off sounds
Silence notifications: Open the Avast user interface. Click Settings>General>Sounds and uncheck the Enable Avast sounds box. You can also uncheck the Voiceovers within the Sounds settings.
Choose the notifications you want to silence: Avast has six “events” that have notifications associated with them.. These events are Threat detected, Suspicious item detected (we suggest you keep these two on), Potentially unwanted program (PUP) detected, Scan complete, Automatic update, and Firewall query. You have the option to uncheck these boxes as well.
Turn off popups
Occasionally, we offer our users great products like GrimeFighter but we understand if you don’t need to see the notifications anymore. Our customers who have a paid-for version of Avast, have an option for you to turn those off completely. Read more…