Computers are vulnerable to malicious software. Smartphones and other mobile devices are computers, and therefore, also vulnerable. Antivirus apps are available for both Android and iOS. Depending on the permissions granted to antivirus apps when they are installed on an Android device, the app might not be able to scan files automatically or run scheduled scans. File scans must be initiated manually.
iOS never allows automatic or scheduled scans. This is a safety feature to prevent malicious programs from using unauthorized resources or contaminating other apps or the OS. Some antivirus apps also provide locator services, remote lock, or remote wipe.
Mobile device apps run in a sandbox. A sandbox is a location of the OS that keeps code isolated from other resources or code. It is difficult for malicious programs to infect a mobile device because apps are run inside the sandbox. An Android app asks for permission to access certain resources upon installation. A malicious app has access to any resources that were allowed permission during installation. It is important to download apps only from trusted sources.
Due to the nature of the sandbox, it is far more likely that a mobile device could transfer a malicious program to another device such as a laptop or desktop. For example, if a malicious program is downloaded from email, the Internet, or another device, the program could be placed on a laptop the next time it is connected.
Rooting and Jailbreaking
Mobile devices contain a bootloader. A bootloader is code that is run before the OS starts. This is similar to the code found in the BIOS of PCs and laptops. The bootloader provides instructions for the hardware to start the OS. Bootloaders are locked to prevent modification and access to sensitive areas of the file system. Manufacturers lock bootloaders for many reasons:
- Altering system software may damage a device.
- Untested software may be detrimental to a cellular carrier network.
- A modified OS may provide capabilities beyond what is included in a service contract.
- Access to the root directory is prevented.
The process of rooting Android devices and jailbreaking iOS devices involves unlocking the bootloader. After the bootloader is unlocked, a custom OS can be installed. Thousands of custom operating systems are available for mobile devices. These are some of the benefits of rooting or jailbreaking a mobile device:
- The UI can be heavily customized.
- Tweaks can be made to the OS to improve the speed and responsiveness of the device.
- The CPU and GPU can be overclocked to increase performance of the device.
- Features such as tethering that are disabled by a carrier can be enabled.
- Apps that cannot be removed from within the default OS, known as bloatware, can be removed.
Rooting and jailbreaking devices is very risky and voids the manufacturer warranty. Loading a custom OS can open up the device to malicious attacks. The custom OS may contain malicious programs, or it may not provide the same security found in the default OS. A rooted or jailbroken device greatly increases the risk of infection by a virus, because it might not properly create or maintain sandboxing features. A custom OS also provides access for the user to the root directory, which means that malicious programs might also be granted access to this sensitive area of the file system.