RELENTLESS MOBILE
THREATS TO AVOID
By Lookout, Inc.


Every day, Lookout analyzes more than
30,000 apps from around the world.








While most apps are safe, a handful of them pose notable risks.

1
APPS THAT SPY
ON YOU

It sounds like the stuff of James Bond, but some apps
can spy on everything you do with your phone.
WE CALL THIS
SURVEILLANCEWARE
1
Apps that spy on you

WHY IT’S DANGEROUS
The malware accesses personal data stored on the device
and continues to collect new information based on your
activity on the phone (envision a husband looking for
evidence of his spouse’s cheating). This can put you at risk of
identity fraud and result in your pictures, videos, browser
history, call history, and more falling into the wrong hands.
1
Apps that spy on you

HOW YOU ENCOUNTER IT
Surveillanceware is effectively spyware that is sold with a warning: in
order for you to use the product legally, you must inform the person
that they are being watched. Surveillanceware gets on your phone
when someone takes your device and downloads the software.
!
In 2014, we found tens of thousands of people affected by
Surveillanceware.
1
Apps that spy on you

SAFETY TIP:
!
• Setting a pin or passcode on your device is your first
line of defense against an unauthorized third-party,
making it that much harder for someone to install
unwanted software on your phone.
1
Apps that spy on you

2
APPS THAT HOLD
YOUR PHONE FOR
RANSOM

One of the worst feelings is being forced into doing something you don’t want
to do. Unfortunately, there are mobile applications that do just that. This type of
malware locks a victim’s device, demanding money in return for access.
WE CALL THIS
RANSOMWARE
2
Apps that hold your phone for ransom

WHY IT’S DANGEROUS
It often uses fear to get what it wants. A user might lose their data or
the use of their device overall as many of these pieces of malware
are extremely difficult to remove (oftentimes because victims give
the ransomware “device admin” privileges). If the victim gives in to
the ransom, they can be out hundreds of dollars with no guarantee
that their device’s activity will be restored.
2
Apps that hold your phone for ransom

HOW YOU ENCOUNTER IT
Recently, we’ve seen ransomware targeting the U.S. through drive-by
downloads, or when a victim has malware secretly downloaded to their
device when they visit a “malicious” or infected website. It is also likely
distributed through spam campaigns.
!
In 2014, we believe over a million people have encountered ransomware.
2
Apps that hold your phone for ransom

SAFETY TIPS:
• Avoid awarding device administrator to applications
unless you’re really sure of what they do
• Only download applications from developers you know
and trust
• Download a mobile security app such as Lookout,
which can detect these threats before you ever open
them
2
Apps that hold your phone for ransom

3
MALWARE THAT USES
YOUR PHONE WITHOUT
YOUR PERMISSION

We discovered malware that infects its victims by secretly
downloading the malware to your phone when you visit bad websites.
Once on your phone, the malware lets criminals send things like
scalped tickets or send spam campaigns through your phone.
WE CALL THIS
NOTCOMPATIBLE
3
Malware That Uses Your Phone Without Your Permission

WHY IT’S DANGEROUS
You don’t want activity you didn’t approve happening on your device.
NotCompatible has the ability to trick websites into thinking that web
traffic is coming from your phone when it’s actually coming from
another destination. For example, ticket scalpers use Not Compatible
to buy tickets through your phone to later be resold. When they use
your phone as a “proxy” to access, say, TicketMaster, that website then
believes it’s you accessing it and not the real culprits -- the scalpers.
You’re caught in the middle of the scheme without ever knowing it.
3
Malware That Uses Your Phone Without Your Permission

HOW YOU ENCOUNTER IT
NotCompatible is downloaded to a person’s phone after they access a
website that is secretly harboring malware. This is called a “drive-by
download” and is only possible when the “unknown sources” setting on
an Android is enabled. We’ve also seen links to sites secretly
downloading NotCompatible in phishing emails.
!
In 2014, we found hundreds of thousands of people affected by
NotCompatible.
3
Malware That Uses Your Phone Without Your Permission

SAFETY TIPS:
• Avoid opening spam email. Unexpected emails from long lost
friends with generic titles such as ‘hot news’ ‘You Won $1000” are
normally a good indication that an email is spam.
• Use common sense when clicking on links. If it’s not a website
name that you recognize, err on the side of caution. Be especially
careful when receiving links that have been ‘shortened’ (e.g. bit.ly/
ABCD), as it stops you from seeing what website you might be
traveling to.
• If your mobile device unexpectedly starts downloading a file that
you weren’t expecting, don’t click on it – delete it!
• Download a mobile security app like Lookout that scans for
malware
• Disable the “unknown sources” setting in your Android
3
Malware That Uses Your Phone Without Your Permission

4
AGGRESSIVE AD
NETWORKS

Advertisements fuel the mobile ecosystem and allow us to enjoy
free apps like Candy Crush and Instagram, but some mobile
advertising practices cross the line and put your privacy at risk.
WE CALL THIS ADWARE
4
Aggressive ad networks

WHY IT’S DANGEROUS
Adware grabs a lot of highly personal information about you
(like email, location, and contacts) that you might not realize is
being taken. It can also modify phone settings and desktops
without properly notifying you or getting your consent. Just
because it’s tracking you for seemingly innocuous “advertising
reasons” doesn’t mean you shouldn’t be informed.
4
Aggressive ad networks

HOW YOU ENCOUNTER IT
Adware is often added to what can seem like a normal app that you
download from an app store. Lookout flags adware based on these
guidelines.
!
In 2014, millions of people were affected by Adware.
4
Aggressive ad networks

SAFETY TIPS:
!
• First things first, check the app reviews – make sure
there aren’t complaints about overactive, intrusive, or
privacy-breaching advertisements.
!
• Before hitting install, review what personal information
the app collects. If you’re uncomfortable with what’s
being harvested, don’t use the app.
4
Aggressive and pushy ad networks

For more mobile security tips, follow