How to spot a bad Android app


Anytime a popular Android app or game is released, you will probably come across some fake clone apps that are designed to trick users by looking like the real thing. These bad apps can abuse your privacy and attempt to send you to phishing web sites. Google has a service codenamed Bouncer that scans Android apps as they are uploaded to Google Play, but no security mechanism is foolproof and bad apps can still slip through this filter.

You should always read permissions before you download an app and it’s wise to have an extra layer of protection like NQ Mobile Security, but there are other ways to spot a phony app before you install it.


1. Look for Google’s “Top Developer” badge

Google awards the most popular developers with a special badge that says “Top Developer.” If you see this distinction featured on an app then you can trust that Google has verified this developer. The absence of the Top Developer badge does not mean that a developer is untrusted or bad, but it lets you know to check other clues to determine an app’s quality before you install it.

2. Check if any of your friends gave the app a +1

Another easy way to see if an app is good or bad is to check if your friends gave the app a “+1.” This is similar to a thumbs up or sign of personal approval. When an app has a bunch of +1’s from people you trust, then it should be OK to install. If you don’t have any friends setup yet, then head over to Google+ and perform a search for Android to locate some popular pages and people that you can follow.

3. Beware of bad review scores

Poor review scores are normally a sign of a bad app. If you find an app that has a majority of 1-star reviews, then proceed with caution. However, don’t just rely on the review score.

4. Scan the reviews and reviewers

Spam accounts can post postive fake reviews of an app, so it is important to scan some of the reviews and the people posting them. If you see a bunch of 5-star one word reviews from accounts with no profile pictures, then this could be a warning sign. A good app should have helpful reviews from genuine user accounts.


5. Consider the date an app was updated

High quality apps are routinely updated. If you find an app that has not been updated for over a year or longer, it could be a sign that it is no longer supported by the developer.

6. Review the developer contact information

Does the developer have a legitimate website? Some bad apps will link to a spam site. Does the developer’s email match the company name? An email address should be the same domain as the developer’s site. A random Gmail or Yahoo! email address might be suspicious. Is the developer transparent and do they provide a link to their privacy policy? A shady developer isn’t concerned with your privacy.

 7. Take into account the total installs

An app with millions of installs should be safe to download. If there were any serious problems, then they likely would have been reported by that time. Look for apps that only have a couple hundred or thousand reviews, and examine the other clues in this list to determine the app’s quality before you install it.

Is there a place in your heart left for passwords?


Wired’s Mat Honan describes the password as a “secret that can ruin your life.” Last year he was the victim of a hacker that destroyed his entire digital life in the span of an hour. Honan and others have urged the tech industry to kill the password and they might be getting their wish soon. This year a group of companies, including Google and PayPal, announced the FIDO Alliance with hopes of creating standards that will allow users the option to replace passwords with authentication methods that are more secure and easier to use.

We don’t know which authentication type will replace the password yet, but your body will play a key role in any new identify platform. Biometrics, the science of identifying a person by their unique body features, has been around for a long time and now advances in technology are making it more practical for online identification and mobile device security.

A Toronto-based company called Bionym recently started taking pre-orders for Nymi, a wearable product that measures a user’s electrocardiogram (ECG), which is a recording and interpretation of the electrical activity of the heart over a period of time. Like a fingerprint, your heartbeat is unique since it is affected by such things as the heart’s size, its shape and its position in the body.

However, Nymi should be much more secure than a traditional fingerprint scanner which can be easily bypassed. The Nymi product is unique because it relies on a 3-factor security system. Users need to be in control of a Nymi, their unique heartbeat, and an Authorized Authentication Device (AAD), which would be a smartphone or other mobile device registered with their app.

Every time a user puts on the Nymi, it captures their heart beat and then it’s able to communicate with and unlock any devices that it’s registered with. A promotional video for Nymi demonstrates how it could be used for automatic device unlocking, secure mobile payments, and proximity based control for other smart devices. Nymi also recognizes gestures and its distance from different electronic devices, so developers could enable some pretty cool interactions with other devices.

Dr. Karl Martin, Bionym’s CEO, tells The Verge that the Nymi doesn’t even have to be a bracelet. “It could be a ring, a necklace, a waistband, anything. The wristband is just the first idea. We’ll see what people want to do.”

I’m a huge fan of wearable technology and I hate remembering passwords, so I can’t wait to see how Nymi performs in the real world. Pre-orders are taking place right now for $79 and units ship early in 2014, so we won’t have to wait much longer for heartbeats to play an important role in mobile security.

Have you ever used any forms of biometric security? Would you be willing to wear a wristband or other form of technology if it increased your security? Please share your experiences with us on our blog or our Facebook page.  We’d love to hear from you.

The Worst Passwords Ever – Are Yours Here?

In honor of Password Day, we decided to revisit our popular blog post from last year about passwords. As relevant today as it was then, this list of hackers’ favorite passwords may surprise you.

25 mobile passwords hackers love

We’ve all read hundreds of password-setting tips. Most of us know the rules and we’re pretty savvy about using clever combinations to safeguard our mobile privacy. However, Splash-Data, a password management company, published a list of the worst passwords ever and, astonishingly, some of them look all too familiar!

The list came from files posted online by hackers listing passwords theyd stolen in 2011. These words are considered easy targets and, while some of them might seem obscure enough, they’re  well-known to cyber criminals, and are a breeze to hack.

Introducing, the worst passwords ever

·      password

·      123456

·      12345678

·      qwerty

·      abc123

·      monkey

·      1234567

·      letmein

·      trustno1

·      dragon

·      baseball

·      111111

·      iloveyou

·      master

·      sunshine

·      ashley

·      bailey

·      passw0rd

·      shadow

·      123123

·      654321

·      superman

·      qazwsx

·      michael

·      football

If you’re wondering about qwerty and qazwsx, take a good look at your computer’s keyboard.

We can only guess why certain names come up often enough to be on this list, but if you have a family member named AshleyBailey or Michael, this is fair warning.

In fact, avoiding every word on this list is a good start toward true mobile protection. Make your passwords long, strange, mixed up with symbols, and meaningful to no one but yourself.

Keep Learning

Awareness of mobile security practices is evolving in our communities, but each of us can take individual steps toward our own safety and privacy. Information like this list needs to be shared so we can stop cyber-crime in its tracks.

We at NQ Mobile can’t help you choose a password, but we can protect you from hacking, viruses and all forms of malware. One easy download will go a long distance in protecting your family’s mobile devices as well as your peace of mind. Award-winning NQ Mobile Security is still the best on the market – and it’s free.  Visit us today.

Catch Up With the Latest News from NQ Mobile’s Research Team

Around the globe, NQ Mobile’s team of security professionals are taking the pulse of the mobile landscape every day. They report back all the good news – like, about how we consumers are doing better at protecting our mobile devices – and sometimes they have some less-than-pleasant news to report. Unfortunately, that’s the kind of news they have for us this week.Malware discoveries by year

Our researchers are noticing an increase in skilled hackers partnering up with criminals by selling them data that they’ve stolen. In turn, cybercriminals are using the info they purchase to get access to the finances of consumers like you and me. They use tricky methods that, in the mobile business, are called “social engineering.” In simple terms, they manipulate unwitting consumers into giving up their valuable confidential information.

Tremendous growth, worldwide

Our professionals estimate that more than 10 million devices have already been infected in the first quarter of this year!  Here are some of their key findings:

  • Over 32.8 million Android devices were infected in 2012 vs. 10.8 million in 2011 – a whopping increase of over 200 percent
  • The top five markets for infected mobile devices were China (25.5%), India (19.4%), Russia (17.9%), United States (9.8%) and Saudi Arabia (9.6%)
  • 65% of malware discovered in 2012 falls into a broader category of Potentially Unwanted Programs (or PUPs). PUPs include root exploits, spyware, pervasive adware and Trojans (surveillance hacks)
  • 28% of mobile malware discovered in 2012 was designed to collect and profit from a user’s personal data
  • 7% of malware was simply designed to make a user’s device stop working (i.e., “bricking” their phones)

Our Co-CEO, Omar Khan, said “The security industry’s ‘discover-first-and-inoculate-second’ strategy is no longer enough,” said Omar Khan , Co-CEO, NQ Mobile. “We need smarter systems that can discover threats before they infect consumers as well as more education so consumers can better spot and avoid these new mobile scams.”

What we can do as consumers

The very first step we can take is to make sure we have the strongest mobile security Global infection ratesproduct available on our mobile devices. When purchasing a new phone or tablet, make this your first priority. If you already own mobile devices, take a moment to get them protected from all the viruses, scams and malware that have the potential to invade your privacy and steal your assets.

Cyber criminals get trickier every day. As consumers, we need to get ahead of them and become a cohesive force to thwart their illegal activities. Cyber crime is no joke. Don’t wait until it happens to you. No one’s exempt. Protect the privacy and well-being of your family and business as a first priority.

Read our news release for more information.

Kids & Mobile Devices: Biggest Parental Concerns


This gallery contains 3 photos.

This is our second blog post about the recent consumer survey our researchers at NQ Mobile conducted, to find out how people view safety threats associated with their mobile devices. Parental Concerns Not surprisingly, 44% of our survey respondents with kids 17 and under … Continue reading

Your Mobile Phone, Spruced Up for Spring


This gallery contains 3 photos.

Spring is a beautiful time of year. Kids are playing outside, people are tending their gardens and nature‘s putting on a show.  It’s a great time for connecting with family and friends, after a long winter.  Send your friends an e-card, … Continue reading