Is an antivirus really necessary on the mobile? Myths and facts about the risk in these devices
Mobile phones have become a second skin for most citizens and they store a lot of information that would previously be kept on a computer. In fact, smartphones today know many more secrets of their owners than computers. Photographs, contacts, bank details … If the mobile falls into someone else’s hands, its new owner can make a literal drawing of its owner; to the point of being a threat if not properly protected.
Last August 2020, the mobile phones of several government ministers were hacked in a cyberattack of such magnitude that from La Moncloa the National Intelligence Center was mobilized to find out the scope and causes of the serious incident. Practically no one would think of using a PC without having the proper protection of an antivirus and firewall, but… Is there the same awareness of risk in a mobile phone? The question goes much further, since the use of antivirus on the mobile is not usual and depending on the platform, it is not really necessary either.
Google and Apple, owners of the dominant platforms, Android and iOS, approach the security of their devices in a very different way, and although both operating systems are very secure, the iPhone wins this battle due to an architectural issue. “It is not necessary to have an antivirus on the iPhone, and in fact, it is technically impossible,” explains Julio César Fernández, iOS developer and trainer. The explanation is that the applications on the iPhone “work in sandbox”, That is, they do not have knowledge of what is happening outside of them nor can they leave the environment in which they are executed.
“Similarly, no application can know what other apps there are installed in the system except those that belong to their own group (such as those of Google or Facebook applications) ”, explains Fernández. In this sense, this expert concludes that malicious programs “do not exist on the iPhone”, since only applications downloaded through the official App Store can be executed. In this store, every application must go through a double security control in which all the activity of the application is supervised, the data it requests and the processes it performs.
However, although it can be said that “Apple is the antivirus itself” – since it establishes a prior control in its own application store before giving them the go-ahead and the control is exhaustive – the process is not always perfect and sometimes they can to overcome the filters malicious applications or that do a task different from that indicated. In case of suspicion, the user can always report it to Apple “through the official channels of the App Store,” as Fernández recalls.
Android, security on a more open platform
If the environment of iOS, the platform that drives the iPhone, is hermetically sealed, Android’s focus has always been to open up to expand access to its community. Google’s operating system is the predominant one in the market and used by a multitude of manufacturers; the latter makes it easier for the range of devices to be very high, but at the same time, that the control is not so tight. However, current versions of Android are very secure, but in this case the question may be pertinent: is it necessary to use an antivirus?
“Generally, it is not necessary. Android includes sufficient security measures, such as Google Play Protect or blocking the installation of apps from unknown sources ”, explains Christian Collado, editor of Andro4ll. In this regard, the great improvement in platform security came with the arrival of Google Play Protect, a control filter similar to the one established by Apple in its App Store, which analyzes existing applications on Google Play, but also carries out a permanent analysis of the behavior of those that are already installed.
The maximum in security on the platforms lies in downloading only applications from official stores. “The most common way to get infected by a virus on the mobile phone is through third-party applications,” explains Collado, “therefore, it is important to use only reliable sources when downloading them, which assure us that they have not been manipulated by third parties”. Thus, installing applications only from Google Play (avoiding venturing with APKs) under the protection of Google Play Protect, the user of an Android mobile can rest easy. But you should never let your guard down.
So, antivirus, yes or no?
As explained previously, the antivirus on the iPhone would not only be useless, but it is also impossible: no application has permissions to analyze the behavior of another, for the reasons explained above. A search in the App Store for the term antivirus presents us with applications that monitor other aspects of the security of the device: VPN network, photo and data safe or a locator in case of loss of the device.
In the case of Android, the answer is not so obvious. Those who advocate installing an antivirus highlight the increase in cyberattacks on this platform. “The threats of malware [programa malicioso] mobile on Android devices is growing exponentially ”, warns Fernando Suárez, president of the Spanish college of computer engineers.
Of the same opinion is Nick Emanuel, product director of Webroot, who considers “crucial” the use of an antivirus in an Android. “Our 2021 threat report highlights how hundreds of malicious apps have been removed from the Google Play Store due to high associated risks,” he explains.
For this expert, the exclusive download of applications from Google Play is not a sufficient guarantee: “Even if an application is downloaded from official stores, most of the free ones remain that way by displaying third-party advertising messages. Researchers have found that since the ad code comes from remote servers, it can contain all sorts of harmful things, including apps called root they can take control of the phone. “
“The best way to avoid problems is to apply common sense,” explains Collado. If an application prompts the user to install a second one or requests permissions for something unrelated to their activity, caution will be the best defense. The other maxim to follow is to avoid clicking on links that come via email or SMS from seemingly creditworthy senders. Correos has been the victim of constant campaigns of phishing (identity fraud) in which the recipient was invited to click on fraudulent links.
Experts also recommend the use of password managers that allow them to be stored in an encrypted form on the phone, “or better yet, not to store any type of data on the phone,” as Emanuel recommends. Finally, do not connect under any circumstances to open Wi-Fi networks if it is not under the protection of a VPN network.