To help us provide you with free impartial advice, we may earn a commission if you buy through links on our site. Learn more

Can smartphones get viruses? Mobile threats explained

BullGuard Mobile Security hero shot

We find out the types of risk your Android smartphone and iPhone can be exposed to, and how to avoid them

Mobile devices are essentially powerful internet-connected computers that we keep switched on 24 hours a day and that sometimes, in the case of smartphones, have their own modem for making phone calls and sending SMS messages. The fact they also contain lots of personal data, including login details of our internet accounts, makes them a very attractive target for cyber criminals.

Many of the most common threats are not restricted to mobile but target people who use both mobile and desktop devices. Phishing emails will trick any type of user, mobile or otherwise, into giving away personal information or account login details. Trojan applications designed to cause harm are also used to target desktop and mobile victims. However, there are some very specific mobile threats out there that really only affect users of smartphones and tablets.

We’ll explain some of the most common types of threats, debunk a few myths and provide some handy tips on how you can avoid falling foul of criminals who target mobile users.

Don’t be fooled

In some ways, mobile devices are more secure than desktop computers. For example, the Android operating system works in such a way that it is very hard (if not impossible) for criminals to install malicious software on your phone without your help. This means that for an attack to work the criminals need to trick you into installing the application. They will do this in a number of ways. A common option is to pretend to be a trusted source, such as Google, Microsoft or some other large company.

A malicious app may be published online, with the publisher pretending to be a legitimate company. When you attempt to install the app you end up with something unpleasant that could do one or more malicious things, such as stealing your personal data; making expensive phone calls and sending SMS messages to premium numbers; and locking the device down before demanding a ransom for its recovery.

Malicious applications may appear on legitimate app stores, but those stores monitor for and remove them when detected. It is far riskier to use unofficial app stores or to download apps from unofficial websites and install them over USB or via an SD card. This process, called side-loading, is inadvisable unless you are completely sure of what you are doing.

Review the permissions

Which would you prefer, given a choice? A free compass app that needs access to the GPS system only or one that also requires the ability to read your contacts, your phone’s status and identity and full network access? All other things being equal the GPS-only app seems a wiser choice. Why would a compass need to identify your phone and your friends’ personal details? Check permissions and reject any app that appears to be overly needy. Sometimes an app will request more permissions when you update it. Be alert for such requests. It may not be malicious, but the app might not have been written well and could leak personal data to the internet if you give it too much leeway.

Free software often comes with advertising built in. While this may seem like a fair compromise, some advertising networks can be very aggressive and may push malware, pornography or other unwanted content to your device. Sometimes it’s worth spending a few pennies to gain an ad-free application.

Android app permissions

Untrusted Wi-Fi

It’s handy that free Wi-Fi is available all over the place, but you should not trust that every network to which you connect is safe. It could be compromised and engaged in stealing information on the sites you visit and, in extreme cases, even changing the files that you download to add malware. An inexpensive and easy solution is to use a VPN application to encrypt your connections over these untrusted networks. Avoid free VPNs unless you know exactly how they are going to handle your personal information – because they can potentially know about every website that you visit plus a lot more.


We are used to the idea that anti-malware software can detect and remove threats from our computers. This is not usually the case with mobile devices. While they may detect threats any anti-malware app that you install onto the device can only help you remove the infection by providing advice and possibly presenting an uninstall option. It cannot remove other applications on its own.

In the same way, malware cannot install itself onto mobile devices automatically in the same way that it can do with a Windows PC. It always requires a user to authorise the installation at some point. This means that drive-by attacks, which simply require a user to visit a website to become infected, do not currently exist for Android devices.

Ten years ago the first ‘smart’ phones appeared and there was some concern about viruses that spread over Bluetooth. Despite PR campaigns from a few security companies, the threat was not significant and remains a discussion point only between security researchers. There are some targeted Bluetooth ‘hacks’ around, but the threat is not high. Disable Bluetooth if you are worried about it.

Protect yourself

If you follow this basic advice you will be safe from the current threats. Only use official app stores and always check the permissions required by the apps. If in doubt use alternative software. Don’t side-load and don’t root (jailbreak) your device. Update your device whenever a new update appears and run an up-to-date anti-malware app, such as BullGuard Mobile Security. Finally, protect your data from thieves by encrypting your device.

BullGuard Mobile Security

Read more