Long gone are the days when the only computer viruses you had to worry about were those that would harm your desktop or laptop machine.
The rapid rise of smart phones and tablets—along with third-party apps that do everything from looking up restaurants to hailing cabs—presents all-new security threats, with the potential to give a handheld device a lot more than a case of e-sniffles. And even if an app isn’t doing anything that’s clearly malicious, like forwarding your usernames and passwords to hackers, it might be collecting more information than it needs.
With this in mind, a startup called TrustGo Mobile Security has released a free app called TrustGo Antivirus & Mobile Security, for phones running Google’s Android software (the most popular smart-phone operating system, with 51 percent of the market at the end of 2011, according to Gartner—and one that is increasingly the target of malware disseminators).
TrustGo scans the apps on a phone and compares them to thousands of apps that the company has already scanned across 200 different Android app marketplaces. The TrustGo app allows you to search for safe versions of an app—which may not always be hosted on the official Google Play Android app store. The TrustGo app also offers cloud-based data backup, a service to help you locate a lost or stolen phone, and safe Web browsing.
Mobile malware is increasingly common, and a number of services aim to counter the threat on Android devices. In February, Google itself introduced a service called Bouncer that automatically scans apps uploaded to Google Play in an effort to root out bad ones. Apple has always manually inspected submissions to its App Store—although that has not entirely prevented questionable app behavior.
There are also other mobile-security apps, such as Lookout and avast! Mobile Security. Yet TrustGo, which announced its app last week at the Demo technology conference in Santa Clara, California, believes its offering is more comprehensive, looking more closely at the permissions that apps require, and scanning apps so it can warn you of those that are potentially threatening before you download them.
TrustGo head of marketing Jeff Becker says that of the more than 1.5 million apps that TrustGo has scanned so far—which in many cases includes multiple versions of the same app available from various online sources—17 percent include what the company classifies as “high risk” code. This means the app may be able to do things to your smart phone that you’re not aware of and that can compromise your data, such as making unauthorized payments from your phone.
TrustGo scans the same app across multiple marketplaces because an app’s quality, or integrity, can vary depending on where you buy it. Hackers might download a copy of an app, insert malicious code, and then upload the app to another online app store, Becker says.
When searching for new apps to download through TrustGo, a user can see if an app has been certified as a safe download, or is considered a security risk (ranging from “low risk” to “high risk”). Tapping on the security rating of an app will show details about why the rating was assigned. For example, an app called Burger Restaurant 3 available through Google Play was flagged as “high risk” for a couple of reasons, one of them being that it uses an ad network which TrustGo says can read your phone number and pass it on to other websites.
Gartner analyst John Pescatore says there’s definitely a market for the kind of app approval that TrustGo offers. Android users want to know which ones are safe. “That’s what the App Store is for Apple and that’s what’s lacking in Android, so I think that’s what the bigger opportunity is here,” he says.
Still, TrustGo will have to show that it can make money from its services. TrustGo is currently free, and it may stay that way—the company may eventually follow a “freemium” model by giving out a version of its app for free and charging for premium features like data backup, Becker says.