Three reports released over the past few days claim that Google's Android OS is now a major target for malware ... are you worried?
Here are the reports, along with some highlights:
Juniper Networks: Mobile Malware Development Continues To Rise, Android Leads The Way
The main reason for the malware epidemic on Android is because of different approaches that Apple and Google take to police their application stores. Android’s open applications store model, which the lacks code signing and an application review process that Apple requires, makes it easy for attackers to distribute their malware.'
Kaspersky Labs: IT Threat Evolution in Q3 2011: From Malware in QR Codes to Targeted Attack on Corporations
'Individual users should also be on their guard; the number of malicious programs for mobile devices is increasing at an alarming rate. In particular, the last quarter saw the share of all mobile malware in 2011 targeting Android OS reach 40%, firmly establishing this platform as the leading target of malicious programs.
McAfee: Third Quarter 2011 [PDF]
Last quarter the Android mobile operating system (OS) became the most "popular" platform for new malware. This quarter Android became the exclusive platform for all new mobile malware. The Symbian OS (for Nokia handsets) remains the platform with the all-time greatest number of malware, but Android is clearly today's target.
Here's another report, from February, from Symantec:
Symantec: Android Threats Getting Steamy
To avoid becoming a victim of such malicious Android applications, we recommend that you only use regulated Android marketplaces for downloading and installing Android applications. Also, in the Android OS application settings there is an option to stop the installation of non-market applications, which can help to prevent against this type of attack. Checking user comments on the marketplace can also assist in determining if the application is safe. Lastly, always check the access permissions being requested during the installation of any Android applications. If they seem excessive for what the application is designed to do, it would be wise to stop installing the application.
However, not everyone things we should be worried. Chris DiBona, Open Source Programs Manager at Google, has some strong words to offer and thinks that Android users don't need protection from malware:
Yes, virus companies are playing on your fears to try to sell you bs protection software for Android, RIM and IOS. They are charlatans and scammers. IF you work for a company selling virus protection for android, rim or IOS you should be ashamed of yourself.
If you read an analyst report about 'viruses' infecting ios, android or rim, you now know that analyst firm is not honest and is staffed with charlatans. There is probably an exception, but extraordinary claims need extraordinary evidence.
If you read a report from a vendor that trys to sell you something based on protecting android, rim or ios from viruses they are also likely as not to be scammers and charlatans.
The way I look at it is that there is a problem - a big problem - in the way that Google is curating the Android marketplace. It's too easy for the bad guys to get malware to within a click or so away from end users. Malware might not be a big problem in the US yet, certainly when compared to China and Russia, but with 200 million Android devices out there, and over 500,000 being activated each day, it's the wrong time to be burying our heads in the sand.
So, what's the solution? I see three possible solutions:
- Educate users about the dangers ... easier said than done!
- Google cleans up the Android Marketplace and makes it safe for users (this doesn't protect users from 'alternative' marketplaces that might be infested with malware)
- Other companies step in and offer software to protect users from themselves