2. Check its permissions. If an Android app wants to do anything more involved than responding to your direct input, even just going online, it must ask in a "permissions list" shown before you download it. DOn't skip over the permissions. Requests for access to the phone's storage and Internet connection should be fine (assuming the app stores data and displays online info or ads). But if an app wants to do things with no clear connection to its features, think twice. In particular, beware: access to your contacts list, calendar or browsing history; monitoring or placing phone calls; sending text messages.
Once again, DC Rider looks clean. As the third screengrab shows, it doesn't seek permission to call or text anybody, while its request for access to the phone's GPS fits with the location-specific information it provides.
3. When in doubt, search. If an app's reviews are inconclusive and its permissions puzzle you, try doing a simple Web search along the lines of "[app name] malware?" A Google query for "Android DC Rider malware?" (I didn't want to see pages about this app's iPhone version) turned up no reports of trouble, as seen in the fourth screenshot. You already know to do this when you're in doubt about a Mac or Windows program... right?
PHOTOS: Hacker's Playbook: Common Tactics
True, you may still get into trouble despite taking those steps. An Android virus can target a system vulnerability; this is why I hate carriers and manufacturers who take their time delivering Google's Android updates for their phones. Con artists may try to rip you off by naming their wares after better-known titles and hoping you'll buy them by mistake. (Sorry, fraud happens in Apple's App Store too.) You may want to use Amazon's more-restrictive Appstore for Android, which requires apps to pass a separate approval process, although adding this store requires disabling a system setting blocking programs from unknown sources.
And yes, you can install an antivirus program like the free Lookout. But the actual numbers of phone viruses are so low that developers of those apps have had to add find-my-phone and remote-wipe features to deal with a much bigger security risk: losing your phone.
Credit: Rob Pegoraro/Discovery