Mobility

How to Keep Madware Away from Smartphones

Heed these pointers to prevent and remove the pesky ads from mobile devices.

Karen Scarfone is the principal consultant for Scarfone Cybersecurity. She provides cybersecurity publication consulting services to organizations and was formerly a senior computer scientist for the National Institute of Standards and Technology (NIST).

IT managers should be on guard against madware, a type of aggressive mobile advertising. More than just a nuisance, some types of madware collect personal information that can lead to large data bills, messaging fraud and identity theft.

To date, madware has primarily affected the Android platform, but no mobile platform is immune. Agencies should be prepared to eradicate madware from the smartphones and tablets that they issue, as well as handle concerns regarding their workers’ participation in bring-your-own-device (BYOD) initiatives.

Here are some tips for handling madware.

Prevent madware installations.

It’s typically difficult to determine the source of madware and remove it from mobile devices, so the best approach is to prevent it from being installed in the first place. Consider employing application whitelisting, application control and other security technologies that can restrict which software can be run on mobile devices, thus preventing madware from being installed.

When whitelisting and other controls aren’t feasible, particularly for BYOD programs, rely on user education and caution employees against installing apps from unknown sources.

Educate users on the signs of madware.

Because madware is a fairly new form of attack, users may not realize its presence. Instead, they may think that their mobile devices are malfunctioning. Educate them on the signs of madware so that when they see them, they can seek IT help.

Madware is known to generate unwanted pop-up ads, text messages, alerts and icons, and also change web browser settings and ringtones. Madware also places ads in calendars, photo albums, and other places where users store their personal data. Some forms of madware even insert advertising into the dialing process, forcing users to listen to advertisements before they can place a phone call.

Clean up mobile devices that contain madware.

Ad detector apps, such as Symantec Norton Spot, can identify and handle madware on Android devices. When a user runs the ad detector, it determines which of the device’s other apps are responsible for madware on the device. Some ad detector apps can stop the advertising from infiltrating the mobile device while still permitting use of the madware app, while others can uninstall madware altogether, depending on the user’s preference.

Be prepared to assist users with running these tools.