BARCELONA — The smartphone industry has given birth to a vibrant growth sector distinguished by its creativity, drive and entrepreneurship. Unfortunately, that sector is malware.

Conversations with security professionals here at Mobile World Congress, the world’s largest mobile tech show, provided a dismaying, but necessary, reminder that the computers in our pockets are targets for authors of malware and other scams — and that many of us don’t care about those risks.

“The amount of thought that consumers are giving to security is almost nonexistent,” said Gary Davis, chief consumer security evangelist at Intel (INTL).

App anxiety

The major malware risk on smartphones remains downloading a hostile app that tries to compromise your data or run up your phone bill. The best advice to avoid such threat is to stick to the Google (GOOG, GOOGL) Play Store instead of downloading apps from third-party stores or off the Web.

The fact that Google screens its Play Store apps makes the risk of malware there “dramatically less than a third-party app store, by far,” said Davis. Still, the Play Store isn’t immune from crooks.

Last month, for instance, the Slovakian security firm ESET found a trojan app on the Play Store disguised as a world weather app. Google yanked the app after ESET notified the company.

“We encounter these things … I would say every couple of months,” said ESET chief technical officer Juraj Malcho. The risk of downloading malware on iOS is vanishingly small in comparison to Android, thanks in part to the strict limits Apple (AAPL) places on how apps interact with the operating system.

A recent report by Intel’s McAfee subsidiary noted a related issue: Many customers still have copies of apps on their devices that have long since been removed from the Play Store. The report urged more notification and disclosure when apps are taken out of the marketplace.

Read the reviews, please

But many users may ignore those alerts if an app looks legit. The McAfee report noted an example of a photo app that silently signed users up for premium text messaging services — and yet still earned a 3.5 out of 5 rating on the Play Store.

ESET’s Malcho said he wished people would look past apps’ ratings and instead check users’ comments. “Many times, we encounter clear reviews in the text, ‘Don’t install this,’ ‘this is bloody malware,’ and people install it anyway.”

Some of the countries represented at MWC don’t have access to the Play Store, because their governments block Google. That leaves those users subject to whatever defenses their local app store alternatives offer.