Reports of ransomware infecting Android devices are often sensational, yet according to Google, fewer than 0.00001% of app installs from Google Play have ever contained ransomware. You’re more likely to be struck by lightning twice, the company notes.
That’s not to say ransomware isn’t a very serious issue and you don’t need to give it a second thought while you’re using your Android device. It never hurts to exercise caution, especially when a device contains as much sensitive information as your phone or tablet.
The good news is that Google has already done a lot of the work for you. It has built numerous protections into Android to keep ransomware – and all kinds of other threats – from infiltrating your device.
If you’re among the roughly 3% of users running Android 7 Nougat, you’re in the best shape. Google implemented several new features that can fend off ransomware, like “safety blinders,” which keeps apps from finding out what other apps are running. Nougat also introduced protections against clickjacking, a technique attackers use to trick you into clicking buttons you can’t see to kickstart malware.
Google has made it impossible for a malicious app to change your PIN, too. That’s a common way ransomware apps have locked users out of their devices, and it reinforces just how important it is to set up a PIN or other lock.
Android apps are also sandboxed for safety. They run inside isolated virtual containers so that they can’t poke around where they’re not supposed to. It’s not impossible to break out of a sandbox, but it is very, very difficult.
There’s also the Verify Apps feature, which has been around for years. Verify Apps scans for suspicious behavior, blocks them, and in very serious situations will even remove them from your device – all without you lifting a finger.
How You Can Help
So what can you do to avoid getting a ransomware infection on your Android device? The first step is one that I’ve mentioned before: don’t mess with the “untrusted sources” switch in your settings. Google carefully screens apps in Google Play. Other places you can find Android apps – like third-party app stores and filesharing sites – aren’t necessarily doing that.
Even if you only download apps from Google Play, Google recommends that you do a little investigation before clicking the install button – Google’s good at keeping threats out of their store, but the odd one can still slip through. Have a look at the app’s reviews. See what permissions it will request. If things aren’t adding up, skip the install.
Another super-simple way to protect your device: keep the software on it up-to-date. Making sure you have the latest Android patches and current updates for all your apps goes a long way to keeping malware at bay.