However, the various reports of mobile nastiness sometimes make it sound like users are going to be hit by malware every time they go looking for a new app to download. While the volume of mobile malware is growing, it's important to remember that in the overall scheme of things, malicious apps on mobile devices make up a tiny portion of threats.
That said, there are a few things users can do to protect themselves in case they ever have the misfortune to stumble across a malicious app.
Download apps from official app stores like Apple's App Store or Google's Play Store. The vast majority of rogue apps are found on unofficial app stores or websites. Staying on the official app channels dramatically decreases the chances of exposure to malware.
When looking at apps, do some research on the developer and the company. Search the name on Google to see if the company is reputable, and to learn about the developer's history. And yes, this level of caution tends to favour well-established developers over newcomers.
Andrew Storms, director of security operations for nCircle, noted: “We know that many third party apps from developers you’ve never heard of are loaded with malware and exfiltrate your contact data and other personal details for distribution to third parties.”
Also, read the user reviews to determine if others have experienced problems with an app. Many developers put up fake reviews, so be sure to dig through to see if there are any reviews from disgruntled users.
It's easy to just say "okay" and grant permissions to an app when installing it for the first time without really looking at the list. Malicious app developers are counting on that level of carelessness to sneak apps on to your devices. Read the end user agreement before you click. If nothing else, look at exactly what permissions the app is asking for.
An app that purports to change your background wallpaper doesn't need to access to your Twitter and Facebook account. If the apps asks for permission to access your contact book, just say no.
If you do encounter an app that is not what it claims to be, use the feedback system to inform other consumers of the issue. Post reviews so users will know they should avoid this particular app.
For my part, I always check the developer name to make sure the app is coming from an official source. For example, on a recent search for Google's Picasa app, I came across plenty of apps that sported the Picasa icon, but none were from Google. Knowing that none of them were the official app, I spent some time researching each app individually to figure out which one was most trustworthy.
Vigilance and paranoia don't hurt, as long as you keep everything in perspective.