But security software such as TrustGo (and other examples here) can scan an app after download, checking for known malware hidden in its code, and do the same to any micro SD memory card you add to the device. If it finds something suspect, it will alert you and offer you the option to delete the app. (Like all here, it scored at least a 95% detection rate in trials conducted by AV-Test, an independent security company.) TrustGo can also run a scheduled sweep of the phone’s memory to look for infection. Useful other features include Easy App Manager, which provides an overview of all apps installed and the memory they use, and System Manager, which monitors your mobile data usage, warning you if you approach a pre-set monthly limit. Register a free account and you can back up contacts and other data online; track a missing or stolen device on a map via TrustGo’s website; and remotely lock the device, or use its camera to snap anyone entering a wrong password. Verdict: Might not be pretty to look at, but works well and you get a huge number of features.
F-Secure Mobile Security£12.95 a year
Best for: Parents
Basic Android devices are some of the cheapest smartphones you can buy, and are often given to children. Any parent worried by what those children are getting up to might want to opt for F-Secure’s software, which — along with app scanning — offers two levels of browsing control, for “child” or “teen”, that block links to websites known to be associated with activities including cults, weapons, drugs and adult content. Chat rooms and forums are also monitored, and there’s the option to allow your child access only to approved phone numbers and contacts. A parent can also view the phone’s browsing and calling history. Again, a lost phone can be located on an online map, and locked or erased remotely. A particularly useful feature is that if the Sim card is changed, the phone can be set to lock itself and report the number of the new Sim to you.
Verdict: Basic malware protection; strong parental controls.
Lookout Mobile SecurityFree/£19.99 a year (Premium version)
Best for: Backup
Apps are not the only way to smuggle code into a phone; it can also be hidden in email attachments and downloadable documents. Lookout goes the extra mile by conducting a “deep scan” of these files too. Another useful feature is its “click-to-call” scan: if any website offers a button you can tap to place a call (a known strategy used to wipe data from your phone, or reset it), Lookout scans the link and warns you if it looks suspicious. Signal Flare detects when a phone battery is about to die and posts its location online (dead batteries account for 30% of permanently mislaid phones). You can also track a missing phone, take a picture if it is being tampered with, and back up contacts online. A Premium account (£1.99 a month; £19.99 a year) lets you remotely lock and wipe a device, and back up photos online. Verdict:Runs without fuss in the background and even the free version is rich in features.
McAfee All Access£75 a year
Best for: Multi-device security
McAfee’s Android software — McAfee Mobile Security — is just one part of this comprehensive if pricy package. All Access allows a user to install security software on a PC, a Mac, an Android device and an (older) BlackBerry. It’s designed for the technophobe: use the device’s browser to log in to the All Access account and it will detect your hardware and download the correct package. The Android software (which alone would cost £30 a year) has the expected features: app scanning, remote locking and a data-wipe option if you fear the phone has been stolen, plus online tracking of any phone with the software installed. An online “dashboard” lets you keep tabs on all the hardware you have added McAfee to. Another feature aimed at novices is Safe Surfing, which checks web pages for malware before they are opened, though this will slow down browsing. Verdict: Expensive but comprehensive multi-device cover.
Why aren’t Apple devices being attacked? Apple keeps secret the code that runs on its devices as well as the hardware inside, so hackers have less of an understanding of how it all works. Android, in contrast, is “open source”: the operating software is freely available.
Why doesn’t Google check apps for malware? It does. Google’s Bouncer program scans apps and looks for known threats hidden in the code, as well as suspicious behaviour when it runs. Apps from first-time developers also come in for extra scrutiny. Google can also remotely uninstall apps from your phone that users have flagged up as malware.
So how does malware get onto a phone? The majority of Android malware consists of apps that have been installed directly from websites rather than official app stores, or via a contaminated memory card.
What other steps can I take to keep my phone safe? Use apps from legitimate stores or developers you trust (or disable the option to install from “unknown sources”). Use only shop-bought memory cards. And update your Android: version 4.2 has some built-in anti-malware checks.