希望让产品进入iOS App Store的软件开发者们经常报怨苹果（Apple）在他们头上强加了各种条条框框，不过苹果这样做也是有原因的。除了要拿到30%的收入分成之外，还有一个原因，可以从上周五美国联邦调查局互联网犯罪举报中心（FBI’s Internet Crime Complaint Center）发布的警告中看出来。

    警告开篇写道：“FBI互联网犯罪举报中心了解到，近期有大量恶意软件在攻击安卓（Android）系统的移动设备。最新为人所知的两个此类恶意软件叫做Loozfon和FinFisher。

    •Loozfon是一个盗取信息的恶意软件。犯罪份子利用这个软件的各种伪装来欺骗受害者。其中一个伪装就是提供一个在家工作的机会，称用户只需在家里发发电子邮件，就能赚到不少钱。这种虚假广告一般都有一个链接，会自动转到一个恶意网站上，将Loozfon软件推送到用户的设备上。该恶意应用会从用户的电话簿里窃取联系信息，同时也会偷到受感染设备的电话号码。

    •FinFisher是一个能控制移动设备的间谍软件。安装后，无论目标在何处，黑客都可以通过FinFisher对该移动设备进行远程监控和控制。FinFisher可以藏身在特定的网页链接里，也可以伪装成一条系统升级短信。只要用户点开它，它就会轻而易举地直入到智能手机里。

    FBI给三星（Samsung）、摩托罗拉（Motorola）和HTC等运行谷歌（Google）安卓系统的智能手机机主提出了以下建议：

    •购买智能手机时，要了解这款设备的功能，包括默认设置。尽量关闭不必要的功能，将遭受攻击的可能性降到最小。

    •根据手机的类型，有些操作系统可以进行加密。手机丢失或被盗时，加密程序可以保护机主的个人信息。

    •移动应用日益增长，用户们在下载应用前应该看看开发者或开发公司的评测文章。

    •下载应用的时候，先看看需要向这个应用开放哪些权限。

    •密码可以保护移动设备，它也是保护移动设备中的内容的第一层实体堡垒。除了使用密码之外，还应开启自动锁屏功能，让手机待机几分钟后就自动锁屏。

    •用恶意软件防护程序来保护移动设备。不少专门的防护软件都可以保设备免遭流氓程序和恶意软件的侵害。

    •当心那些需要共享地理位置的应用，因为它们会追踪用户的地理位置。这种应用可能被用作营销之用，但也有可能用于违法活动，比如跟踪或盗窃。

    Developers often complain about the hoops Apple (AAPL) makes them jump through to get their wares into the iOS App Store. But the company has its reasons -- besides its 30% cut of the revenue -- and one of them was illustrated by the warningissued Friday by the FBI's Internet Crime Complaint Center (IC3).

    "The IC3 has been made aware of various malware attacking Android operating systems for mobile devices," it begins. "Some of the latest known versions of this type of malware are Loozfon and FinFisher."

    •Loozfon is an information-stealing piece of malware. Criminals use different variants to lure the victims. One version is a work-at-home opportunity that promises a profitable payday just for sending out email. A link within these advertisements leads to a website that is designed to push Loozfon on the user's device. The malicious application steals contact details from the user's address book and the infected device's phone number.

    •FinFisher is a spyware capable of taking over the components of a mobile device. When installed the mobile device can be remotely controlled and monitored no matter where the Target is located. FinFisher can be easily transmitted to a Smartphone when the user visits a specific web link or opens a text message masquerading as a system update.

    For owners of smartphones running on Google (GOOG) Android platform -- including those made by Samsung, Motorola and HTC -- the Bureau offer these safety tips:

    •When purchasing a Smartphone, know the features of the device, including the default settings. Turn off features of the device not needed to minimize the attack surface of the device.

    •Depending on the type of phone, the operating system may have encryption available. This can be used to protect the user's personal data in the case of loss or theft.

    •With the growth of the application market for mobile devices, users should look at the reviews of the developer/company who published the application.

    •Review and understand the permissions you are giving when you download applications.

    •Passcode protect your mobile device. This is the first layer of physical security to protect the contents of the device. In conjunction with the passcode, enable the screen lock feature after a few minutes of inactivity.

    •Obtain malware protection for your mobile device. Look for applications that specialize in antivirus or file integrity that helps protect your device from rogue applications and malware.

    •Be aware of applications that enable Geo-location. The application will track the user's location anywhere. This application can be used for marketing, but can be used by malicious actors raising concerns of assisting a possible stalker and/or burglaries.

    •“越狱”或“ROOT”可以用来解除设备生产商或手机运营商对设备的某些限制，它使用户可以自由决定安装哪些程序以及如何使用设备。不过，“越狱”或“ROOT”会带来重大的安全隐患，增加设备遭受攻击的风险。无论是一名用户、一个应用或一项服务，一旦它在操作系统中“不受限制”地运行，或在“系统层面”运行，都有可能将设备的控制权拱手让人。

    •不要让设备连接到陌生的无线网络。这些无线网络可能是一些恶意接入点，可能会获取你的设备向另一台合法服务器发送的信息。

    •如果你想把设备卖出去，或是以旧换新，切记要先清空设备（重设为出厂状态），避免泄露设备上的个人数据。

    •智能手机需要升级才能运行某些应用和固件。如果用户忽略了这一点，设备遭到攻击的风险就会加大。

    •不要点击或下载来源不明的链接或软件。

    •你在使用电脑时是怎样防范恶意程序的，在智能手机上就怎样做。

    译者：朴成奎

    •Jailbreak or rooting is used to remove certain restrictions imposed by the device manufacturer or cell phone carrier. This allows the user nearly unregulated control over what programs can be installed and how the device can be used. However, this procedure often involves exploiting significant security vulnerabilities and increases the attack surface of the device. Anytime a user, application or service runs in "unrestricted" or "system" level within an operation system, it allows any compromise to take full control of the device.

    •Do not allow your device to connect to unknown wireless networks. These networks could be rogue access points that capture information passed between your device and a legitimate server.

    •If you decide to sell your device or trade it in, make sure you wipe the device (reset it to factory default) to avoid leaving personal data on the device.

    •Smartphones require updates to run applications and firmware. If users neglect this it increases the risk of having their device hacked or compromised.

    •Avoid clicking on or otherwise downloading software or links from unknown sources.

    •Use the same precautions on your mobile phone as you would on your computer when using the Internet.