Must Read: Little Printer: Meet the palm-sized, werewolf-spotting, cheeky face of the internet of things

Topic: Security

Are security firms that warn of Android malware 'charlatans and scammers'?

Summary: Are you worried about Android malware?

Adrian Kingsley-Hughes

By for Hardware 2.0 |

Three reports released over the past few days claim that Google's Android OS is now a major target for malware ... are you worried?

Here are the reports, along with some highlights:

Juniper NetworksMobile Malware Development Continues To Rise, Android Leads The Way

The main reason for the malware epidemic on Android is because of different approaches that Apple and Google take to police their application stores. Android’s open applications store model, which the lacks code signing and an application review process that Apple requires, makes it easy for attackers to distribute their malware.'

Kaspersky LabsIT Threat Evolution in Q3 2011: From Malware in QR Codes to Targeted Attack on Corporations

'Individual users should also be on their guard; the number of malicious programs for mobile devices is increasing at an alarming rate. In particular, the last quarter saw the share of all mobile malware in 2011 targeting Android OS reach 40%, firmly establishing this platform as the leading target of malicious programs.

McAfeeThird Quarter 2011 [PDF]

Last quarter the Android mobile operating system (OS) became the most "popular" platform for new malware. This quarter Android became the exclusive platform for all new mobile malware. The Symbian OS (for Nokia handsets) remains the platform with the all-time greatest number of malware, but Android is clearly today's target.

Here's another report, from February, from Symantec:

SymantecAndroid Threats Getting Steamy

To avoid becoming a victim of such malicious Android applications, we recommend that you only use regulated Android marketplaces for downloading and installing Android applications. Also, in the Android OS application settings there is an option to stop the installation of non-market applications, which can help to prevent against this type of attack. Checking user comments on the marketplace can also assist in determining if the application is safe. Lastly, always check the access permissions being requested during the installation of any Android applications. If they seem excessive for what the application is designed to do, it would be wise to stop installing the application.

However, not everyone things we should be worried. Chris DiBona, Open Source Programs Manager at Google, has some strong words to offer and thinks that Android users don't need protection from malware:

Yes, virus companies are playing on your fears to try to sell you bs protection software for Android, RIM and IOS. They are charlatans and scammers. IF you work for a company selling virus protection for android, rim or IOS you should be ashamed of yourself.

...

If you read an analyst report about 'viruses' infecting ios, android or rim, you now know that analyst firm is not honest and is staffed with charlatans. There is probably an exception, but extraordinary claims need extraordinary evidence.

If you read a report from a vendor that trys to sell you something based on protecting android, rim or ios from viruses they are also likely as not to be scammers and charlatans.

The way I look at it is that there is a problem - a big problem - in the way that Google is curating the Android marketplace. It's too easy for the bad guys to get malware to within a click or so away from end users. Malware might not be a big problem in the US yet, certainly when compared to China and Russia, but with 200 million Android devices out there, and over 500,000 being activated each day, it's the wrong time to be burying our heads in the sand.

So, what's the solution? I see three possible solutions:

  • Educate users about the dangers ... easier said than done!
  • Google cleans up the Android Marketplace and makes it safe for users (this doesn't protect users from 'alternative' marketplaces that might be infested with malware)
  • Other companies step in and offer software to protect users from themselves

Thoughts?

Related:

Topics: Security, Malware

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

23 comments
Log in or register to join the discussion

  • RE: Are security firms that warn of Android malware 'charlatans and scammers'?

    It is like shooting towards a flock of birds with a shotgun. The pellet spread is bound to get you a few kills.
    Symbian has a large market share, Windows has a large market share and now Android has a large market share. Large enough for the malware writers to blast of a shotgun and see how many kills they can get. Even OSX's latest surge (?) in market share got them to try a few things.
    I know many will come here are say that there are no viruses (or only experimental) for nix based OSs. But this is not about viruses. If the user is the weakest link in the chain there is no reason to even search for weaknesses in the software or OS.
    1773
    Reply Vote

    • All too true

      @1773 <br>Most "malware" is now instituted via social and altered "apps".<br>In almost all cases at this time, some common sense can ensure proper protection.

      Add to that, other than install via app by user, how else would you get a spot of malware? There is currently no way to spread like a pc virus of old - auto propogate is not currently doable on smartphones.
      rhonin
      Reply Vote

      • RE: Are security firms that warn of Android malware 'charlatans and scammers'?

        @rhonin

        Please remember those comments when Ed Bott pens another OS X malware article. As I recall, your opinions regarding minor OS X malware issues in the past were decidedly more "harsh" than your well reasoned out responses to these Android malware issues today.

        IMO, malware based on social attack schemes require the same due diligences by the computer user regardless which OS Platform is targeted. And your advice posted above is valid across all platforms.
        kenosha77a
        Reply Vote

      • RE: Are security firms that warn of Android malware 'charlatans and scammers'?

        I am will to be most virus are comming from the company's wanting to sell they anti virus software.
        rparker009
        Reply Vote

    • RE: Are security firms that warn of Android malware 'charlatans and scammers'?

      @1773
      yes, charlatans are spreading FUD about android to sell you crap!
      The Linux Geek
      Reply Vote

      • RE: Are security firms that warn of Android malware 'charlatans and scammers'?

        @The Linux Geek Right... because Google has never had to remove malware-laden apps from it's marketpla... wait they DID have to remove malware-laden apps! And they made statements to that effect. So by YOUR logic [i]Google[/i] must be a charlatan spreading FUD about Android to sell you crap. Now speaking of charlatans trying to sell crap stop flapping your lips about things you do not understand and get me those fries I've been waiting on.
        athynz
        Reply Vote

  • RE: Are security firms that warn of Android malware 'charlatans and scammers'?

    The human pushing the buttons is always the weakest link in the chain. If they want to install silly applications that mess up their phone then they'll find a way to do it.
    Ididar
    Reply Vote

    • RE:

      @Ididar You are missing the point. The whole point of "social engineering" is to fool the user into pushing that button -- a trick Google makes easier by such a 'geeky' choice of permissions and names for permissions: the average user has no idea why so many of the apps need permissions for network, contacts or SD card, so they are fatigued into answering 'yes'. The cracker can then take advantage of this fatigue in a social engineering hack.
      mejohnsn
      Reply Vote

  • RE: Are security firms that warn of Android malware 'charlatans and scammers'?

    Well, there are a couple of clear conflicts of interest with those reporting on the malware problem and lack of a malware problem, respectively. Contrary to what Chris DiBona indicates, an indpendent analysis firm is not likely to exaggerate these claims as they have no skin in the game.

    It makes sense that McAfee and Symantec would warn users about the potential dangers and offer their software as a panacea, but that's a bit disingenuous. Equally as disingenuous is Chris DiBona asserting that anyone who so much as mentions malware and Android in the same sentence is a charlatan and/or scammer.

    Generally, IMO, if you keep to applications from reputable providers, only use the legitimate Android store and perform your due dilligence before accepting permissions, you're probably going to be relatively safe. Probably. Relatively.
    swmace
    Reply Vote

  • I'll answer your question

    "Are you worried about Android malware?"

    No. I use iOS devices so I am not at all worried about Android. There is only 1 good mobile platform in this world and that is iOS.
    toddybottom
    Reply Vote

    • Until another malware app slips through Apple's vetting process...

      @toddybottom
      ala Charlie Miller's little stock ticker app that sent all your data to a server
      somewhere!
      wizard57m-cnet
      Reply Vote

      • Charlie Miller doesn't count

        @wizard57m@...
        He wants to put out lit cigarettes in the eyes of Apple consumers. He isn't a credible hacker.
        toddybottom
        Reply Vote

      • RE: Are security firms that warn of Android malware 'charlatans and scammers'?

        @toddybottom Is that like the OS X not being "real" malware because the user had to click something?

        From Wikipedia regarding the "No True Scotsman" Fallacy...

        "No true Scotsman is an informal logical fallacy, an ad hoc attempt to retain an unreasoned assertion. When faced with a counterexample to a universal claim, rather than denying the counterexample or rejecting the original universal claim, this fallacy modifies the subject of the assertion to exclude the specific case or others like it by rhetoric, without reference to any specific objective rule....
        Alice: All Scotsmen enjoy haggis.
        Bob: My uncle is a Scotsman, and he doesn't like haggis!
        Alice: Well, all true Scotsmen like haggis.
        When the statement "all A are B" is qualified like this to exclude those A which are not B, this is a form of begging the question; the conclusion is assumed by the definition of "true A"."

        There was once a book called "Logic and Rush Limbaugh" that taught logic by citing examples from Rush Limbaugh.. and ONLY Rush Limbaugh... for all of the standard logical fallacies. :-) The author should do a follow-up work using the posts of ZDNet regulars.
        jgm@...
        Reply Vote

    • RE: Are security firms that warn of Android malware 'charlatans and scammers'?

      @toddybottom Are yuo capable of making points without hyperbole and inflammatory statements?
      jgm@...
      Reply Vote

    • RE: Are security firms that warn of Android malware 'charlatans and scammers'?

      @toddybottom Yup it's a sick market we are in where iOS is the only game in town - all the Android OEMS and Microsoft OEMS need to just stop making Android and WP7 devices right now and just give it up. After all there is only 1 good mobile platform in the world so why even try? /sarcasm
      athynz
      Reply Vote

    • RE: Are security firms that warn of Android malware 'charlatans and scammers'?

      @toddybottom "He wants to put out lit cigarettes in the eyes of Apple consumers. He isn't a credible hacker."

      Doesn't change the fact that it happened and is thus malware on iOS.
      tallbruva
      Reply Vote

  • Security Essentials for Android?

    I do think Android will have a problem because the majority of users in any ecosystem are not going to be able to protect themselves (lack common sense, don't know enough, whatever you want to call it). However, unlike Microsoft, Android doesn't have to fight back with one hand tied behind their backs, they can build in security software to the OS. I'm not entirely sure why they haven't yet.
    Dodgson1832
    Reply Vote

  • Not any more so than for Mac OS X

    For both Android and Mac OS X, the malware is real. However, the malware problems on these platforms does not come even close to that on the Windows desktop. Due to its continued popularity, the miscreants remain highly focused on the Microsoft Windows desktop.<br><br>Android's biggest problem, at least for many OHA members, is Google's failure to vet apps placed into the Android Market. Careful Android device users can avoid the malware by first adequately researching apps they download from the Android Market and by closely watching the permissions the apps request prior to installing them. Sadly, many Android device users are no more careful of the apps they install than are many Windows desktop users.<br><br>Android's "other" problem is that some (not all) mfrs and carriers are slow to update or upgrade Android on their customer's devices, leaving them with unpatched systems. This has yet to be exploited as far as I know.
    Rabid Howler Monkey
    Reply Vote

  • RE: Are security firms that warn of Android malware 'charlatans and scammers'?

    Q. How to you make money off of Windows.
    A. Sell AV software
    Return_of_the_jedi
    Reply Vote

    • RE: Are security firms that warn of Android malware 'charlatans and scammers'?

      @Return_of_the_jedi Correction:
      Q: How to make money off gullible users ?
      A: Write malware to steal credit card information and spread it all over the marketplace.
      1773
      Reply Vote
CNET Join | Log In | Privacy | Cookies Close