Android malware, FUD, and the FBI

Summary:A badly written FBI warning about Android malware has been taken to be about Android's security, when it's really about idiot users.

Blown Up Android

The Internet Crime Complaint Center (IC3), a U.S. government task force made up of the FBI and the National White Collar Crime Center, recently issued an Android malware warning. This has been taken by some to be yet more proof of how insecure Android is compared to Apple's iOS. Please. Give me a break.

All the IC3's badly written, vague release really said was that: "The IC3 has been made aware of various malware attacking Android operating systems for mobile devices. Some of the latest known versions of this type of malware are Loozfon and FinFisher." And, what are these?

Loozlon is a Trojan horse that Symantec reports as having less than 50 reported instances. FinFisher is a much more serious spyware program.

FinFisher has been around for years on Macs and Windows PCs as "legal" spyware from Gamma International, a UK security company. Recently it's been ported to all the major mobile devices, including Android, Blackberry, and, yes, the iPhone. It is in no way, shape, or form purely an Android problem.

In any case, both programs aren't classic computer viruses. They require users to go above and beyond the call of stupidity to catch them.

With both, you typically need to open a suspicious looking email, then follow a link, and then agree, in Android's case, to download the unknown Android application package (APK). After that, you have to tell your smartphone or tablet to install it even though it's not in Google's Play Store, ignore the malware warning, and then you finally get to infect your device. 

In short, these malicious programs don't really infect devices. Maliciously stupid users do. Or, in the case of FinFisher, it might be your employer or your government.

The real problem with Android security though isn't malware that requires a fool's active co-operation. No, the true trouble is that Google still doesn't do anything like enough checking of applications for security risks before it lets them go on the Google Play Store. This is one thing that Apple does do better with its app store than Google does.

The good news is that Google finally seems to be getting it act together in stopping these real threats. According to a report, Google will soon be integrating a malware scanner in the Google Play application store . Neither Google, nor anyone else, can stop fools from being fools, but the search giant is finally working more seriously on solving Android's real security problems.

Related Stories:

Topics: Mobility, Enterprise Software, Google, Government : US, iPhone, Security, Developer


Steven J. Vaughan-Nichols, aka sjvn, has been writing about technology and the business of technology since CP/M-80 was the cutting edge, PC operating system; 300bps was a fast Internet connection; WordStar was the state of the art word processor; and we liked it.His work has been published in everything from highly technical publications... Full Bio

zdnet_core.socialButton.googleLabel Contact Disclosure

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.