Updated 27 Sep 2011
This guide is archived. The information in it is out of date – please do your own research before acting on any of this content. We’ve no plans to update this guide, we’ve left it here for reference only.
Viruses and malware attacks on phones aren't as commonplace as PC ones yet, but they do exist. So if you use your mobile to shop, bank or pay bills, read your emails or access social networking sites, your phone's security should be a big priority.
Why get antivirus software on your mobile?
Antivirus apps for mobiles work in the same way as antivirus software on computers. They search for and block potentially harmful viruses, and scan any data received like emails and attachments for bugs and malware.
Graham Cluley, security expert at Sophos, suggests that though the threat of viruses is relatively minor, now is the time to start considering security software: "At the moment the malware problem on mobile phones is really quite small."
The majority of attacks currently target phones supporting the Android operating system. This is because Android is very "open" compared to other smartphone operating systems - it's easier to get an infected app from the Android Market as distribution rules are not as strict as that of Apple's iPhone App Store.
How would a virus get on my phone? "The bad guys often take an existing Android app, wrap a Trojan horse around it and then upload it to the unofficial market," says Graham, "but at the moment most Android users won't encounter these attacks - unless they're specifically in the habit of installing unapproved apps."
What damage could be done? Some mobile malware is designed to steal banking information. For example, if you have undetected malware on your phone then not only might the criminals get hold of your username and password and PIN, but also your account details and any credit cards attached to the account.
You could also put your business network at risk if you use your business email on your smartphone. "Mobiles can be a carrier for malware, rather than necessarily infected themselves. This is more likely to be an issue than mobile-specific malware for most people right now," says Graham. In most instances though, antivirus software on your PC should pick up any malware infections when your phone syncs up.
Take steps to protect your phone now, in case the threat of mobile malware rises.
Top 10 smartphone security fail-safes
Change default PINs and passwords.
Set a PIN and password for your voicemail, keypad and web-based apps as soon as possible. Don't choose obvious PINs like 1234 or your date of birth, and don't store passwords (or other details, like credit card numbers) on your phone. No matter how hidden you think they are, someone will work out your code.
Ensure you use a proper, hard-to-crack password on your mobile phone, and that the device is wiped if it falls into the wrong hands.
Download security apps.
There are loads of free apps you can download that will protect against viruses and malware, as well as other security threats like spam texts, offering additional protection.
See below for dedicated security apps for iPhones and Android handsets. Worried about security apps? There shouldn't be any dangers with running mobile security apps, provided they're from legitimate vendors.
Read around before you download.
When it comes to downloading apps, avoid ones that you've never heard of, and make sure you do your research first. There are plenty of app reviews online, check out the publisher's details online and also search to see if anyone is reporting the app as malware before you hit "download".
"Regardless of the current small level of malware threat, all mobile users would be sensible to exercise caution about what apps they install on their phones, which websites they visit, which wi-fi networks they connect to, and what data they share," says Graham Cluley of Sophos.
Wipe personal data if your phone is stolen.
Experts advise downloading an app that will help remotely "lock and wipe" your phone if it is ever lost or stolen.
These kinds of apps will help you retrieve or securely remove your data, to stop it getting into the wrong hands. You should always ensure you back-up the data on your smartphone too, from contacts to photos and music, just like you would on your computer.
Routinely scan for malware.
If you've an Android mobile phone, download the free Lookout Mobile Security app to scan for malware on software that you've previously installed. Here's a guide on how to use the app from PC Advisor.
Carrie-Ann Skinner, news editor at the computer magazine, says: "If you exercise caution, such as with normal web browsing, you should be fine. If you're concerned about malware at all, it's worth getting your phone scanned by a free app, and then deleting it."
Beware of using unsecured wi-fi.
Be vigilant when connecting to unsecure public wi-fi networks. Avoid using these, eg, in coffee shops or train stations, unless you really have to. If you do, NEVER enter personal details, banking logins or passwords when using public wi-fi.
Never click links in spam texts.
Spam texts are a nuisance at the best of times, but they can be an even bigger problem if they bring with them malware/spyware or a virus. Be sure not to click any links that are included in a spam text, and DO NOT reply, even to tell the company to "stop" texting you.
Software is available that can filter out spam texts, though sometimes these don't work or can be over-zealous. "I once installed an anti-spam app and it claimed that my weekly text from Egg with the balance of my credit card was spam. So they don't always get it right," says Carrie-Ann. See the Stop Spam Texts guide for more info on how to rid yourself of them.
Note down your phone's security number.
Make a note of your phone's International Mobile Equipment Identity (IMEI) number, as you'll need this if it gets stolen.
The IMEI identifies your phone to the network and is usually located on the back of your phone underneath the battery, as well as on the box the phone came in.
Only scan codes you know are legit.
Smartphones have the ability to scan QR codes, which give you access to product information or online promotions.
QR codes are normally pretty safe to use, but if you scan a corrupt or fake one then you could leave your phone open to security attacks. Make sure you only scan codes that are provided by brands you recognise and trust.
Erase EVERYTHING before selling or recycling your mobile.
A study by insurance provider CPP earlier this year found that over half of second-hand mobile phones sold on eBay and in used electronics shops contained extensive personal data, putting their previous owners at risk of identity theft and fraud.
If you're going to sell your old phone, trade it on or recycle it, you should restore the factory settings. Make sure you log out of websites, such as Facebook and Twitter, delete texts and emails and clear the cookies and cache of your phone's browser.
Get Martin's Free Money Tips Email!
For all the latest deals, guides and loopholes - join the 10m who get it. Don't miss out
Antivirus and security apps
If you decide to get a security app for your mobile, here are some of the best free ones for phones that support Android, and some paid-for apps for iPhones. If you have any security app recommendations, please list them in the forum discussion.
Always be careful to check any software you put on your mobile is suitable and compatible with your existing set-up. No liability can be accepted for any individual problems caused by acting upon the information given.
Internet security stalwart AVG has a free version of its antivirus software for Android phones, to combat bugs and malware. AVG Mobilation also provides loss and theft protection as it has the ability to track and control your smartphone remotely if you should ever lose it.
Available from the Android Market, it works on all versions of Android OS, v1.6 onwards.
Norton Mobile Security Lite
Norton's put its security expertise into a new Android app called Mobile Security Lite, which protects your mobile from loss, theft and malware. Its automatic antivirus scans any apps you've downloaded as well as any app updates, and removes any security threats.
You can also remotely place a security lock on your phone with a simple text message so thieves can't access your info or run up your bill if your phone gets lost or stolen. Call blocking and text blocking features help you avoid spam too. It works on all versions of Android OS, v2.0 onwards.
Apple's iOS is pretty safe and secure, and there's no known malware that'll cause detrimental affect to your phone, though there's been minor malware attacks in the past.
Graham Cluley of Sophos explains: "We have seen some iPhone malware - but it's all been for jailbroken devices. Examples include the iKee worm, which changed your wallpaper to an image of Rick Astley, and the Duh worm which stole banking information." But because of the restrictions Apple puts on the App Store, these attacks are very small, and often caught before an app is listed on the App Store.
However, iPhones can act as carriers to malware, bringing viruses to your computer without you knowing when you sync them up. Getting a malware scanning app will limit this, though the choice of security software for iPhones is smaller than that for Androids:
Trend Micro Smart Surfing
Available for the iPhone, iPad and iPod Touch, the Trend Micro Smart Surfing app protects you from web threats while browsing the internet on your device. Once downloaded it'll block access to any URLs that are unsafe or malicious, and a notification will appear in the browser. It does this by quickly and invisibly checking the URL against a constantly updated Web Reputation database.
It's available free from Apple's App Store, and works on phones with iOS v2.1 or higher.
Intego's VirusBarrier was the first antivirus and malware scanning app to be approved and listed on the App Store.
Unfortunately, unlike the Android Lookout Mobile Security app, VirusBarrier can't auto scan your file system or run scheduled checks owing to iOS constraints. However, instead when you receive an email attachment, you can hold down on that "Open in VirusBarrier" to scan for malware.
It's a bit of a pain that it's not automatic, but it can protect against anything malicious that is sent your way, including spyware, Trojan horses, adware, hacker tools, dialers and keyloggers. It costs £1.99 and is suitable for all iPhones running iOS 4.
Know of an app we should feature/got feedback on one of the above? Please post in the Free Mobile Antivirus Discussion