In another thread, the poster keeps referring to AV software on his phone. It would never occur to me to get that – seems like you’re paying for removing essentially a zero risk. So, that’s the question. Now, let’s see if I can set up a poll.
I voted “yes” but dispute two assumptions in the OP.
First, it’s noticeably more than a zero, though still a very low risk for most users (do NOT get me started about people who get sketchy “free” software from untrusted sources).
Two, I don’t pay - I normally use a free edition.
I probably wouldn’t use a paid version for my Pixel based on my Android usage/risk profile, but especially with imperfect adblocking on mobile devices, you could always click on something you didn’t intend too… and it’s nice to have something installed to check to make sure.
[given your implied issues with polls @RitterSport, I’m sure if it had been cooperative you could have made a more full featured poll for these scenarios as well!]
Interesting. I’ve never felt my phone was at risk at all – you’d really have to go out of your way to install some piece of malware on purpose, and what is a risky link going to do? My phone would warn me before installing any software (open with…, at least).
I just use the builtin “Google Play Protect” and “Live threat detection” (inconsistent capitalizing courtesy of Google). I also run my phone with “Advanced Protection” enabled, which adds some more security features. These should be good against store apps that go completely rogue, once that behavior is detected by Google.
All of the anti-user behavior I’ve encountered in apps, such as tracking and deceptive ads, is completely acceptable to virus scanners and Google. I have in the past used scanners that tell me what tracking SDKs are used in various apps, but I don’t bother anymore. It’s just a massive tracking platform, and I can try to limit my exposure, but the only way to eliminate it is to go full Luddite.
“out of your way to install” being one of the operative phrases. Remember, now quite a few years back, I was working for T-Mobile in Tech support. The sheer number of people I saw who would go outside the Play store (and even that lets a lot of malware through) and install some gambling app, “free” streaming app, or (almost never admitted) porn app and, well, there you go.
And yes, as @echoreply mentioned, if you to a site that doesn’t police it’s ads, well, there’s worse than just “deceptive” ads out there. A low order risk, but I was going to an online reader app (nothing illegal, but not well policed) and I brushed an ad where a browser hijack tried to insert itself into the system.
Once every 2-3 years? Again, just as you said, a low risk factor. But not zero. Which is why I said I have a free anti-virus/anti-malware (my bigger concern) but wouldn’t pick one I had to pay for, especially if it was a subscription model.
Though I may get one for my father, because when I visited last month his phone was paaaaaaaaacckkked with Google Play certified adware. Phone “cleaners”, “optimizers”, “instant-boosts”, etc.
Oof. Yeah, I don’t touch any of that stuff. I’ve downloaded a few things from F-Droid – maybe I just got lucky.
People always say this, like anyone has any control or even knows where the ads are coming from. Ads ranging from merely deceptive marketing to ones that contain malware can show up on any site, any app, from any ad network, at anytime. This isn’t meant as an attack on you, rather against the whole idea that there are “safe” parts and “dangerous” parts of the internet.
Ads are bid on and loaded at the last second. Websites don’t careful select who is placing ads, so the most wholesome site out there can end up with ads that try to hijack browsers.
F-Droid should be safe. Google and Apple’s play stores have both ended up carrying malware at times, so even sticking to just those aren’t 100% protection. To me, the absolute biggest concern is if you install an app that you’re told to install by someone over email or any form of private messaging, or if you install an app that claims to have removed pay requirements (pirated).
Sideloading an app from Github or F-Droid is probably safe. No guarantee, and software supply chain attacks are definitely a real thing, but those are not the apps that scare me.
The ones that I’m most worried about are Play store apps that haven’t been updated for a very long time, that have been on my phone for a very long time (which means I’m still using them at some level), that all of the sudden get bought by a new developer, and then updates start coming out. Every single time I’ve seen this happen, completely boring and safe apps all of the sudden start asking for new permissions and bloat up with various tracking and advertising SDKs.