Google engineer and security vendors spar over Android malware threat

November 21, 2011
3

With all the stories about Android malware as of late, it might be easy for a novice smartphone user to get nervous. Security software vendor McAfee agrees: they've sent out a much-publicized report claiming that threats for Android have increased by 37% in just three months, and they're predicting "75 million unique malware samples" across all mobile platforms by the end of the year. Juniper Networks is claiming a 472% increase since July. Google's Open Source Program Manager Chris DiBona had a pointed rebuttal to this and other Android malware news on his personal Google+ page, mostly (go figure) in defense of Android's open source nature.

DiBona's argument refutes the idea that Android's open source architecture make it inherently unsafe, or at least more so than competing platforms like iOS. Ge gives a history lesson on open source software and operating systems, noting that, yes, as platforms become more popular the level of malevolent interest and intent also rises. Previously the threats have been found and dealt with, both on iOS and Android, and despite a considerable amount of media attention the current state of mobile security is nothing like the Wild West days of Windows in the late 90s and early 2000s - you're not going to pick up a Trojan simply by browsing the web.

He goes on to call out reports on the insecurity of Android, specifically from software vendors:

If you read a report from a vendor that trys to sell you something based on protecting android, rim or ios from viruses they are also likely as not to be scammers and charlatans. [sic]

So, where's the truth here? McAfee has a lot to gain by making Android users afraid, but DiBona isn't exactly a neutral source either. (It's important to note that the views expressed in his post are his own, and not technically a representation of Google's official stance.) Malware for Android is increasing - that's a fact. It's also a fact that the vast majority of it eventually requires users to manually install apps outside of the Android Market, purposefully disabling the security measure that's designed to keep novice users out of trouble. In the instances when malware has been discovered in the Android Market, it's been promptly removed.

I invite you to form your own conclusion on who's "right" as far as the validity of threats is concerned. In the meantime, repeat that often-heard security mantra: never install apps or software from a source you don't fully trust.


Recent Stories

  • http://profiles.google.com/gscholton Graham Scholton

    I can’t stand these so called “Security” software vendors. I don’t know how people are so dumb to not realize that these companies profit on the existence of virus’s so they would obviously trump up the data to encourage the purchase of “Security” software. I bet the virus’s out there were created by these losers. The beauty of the android platform and its open architecture is that apps have to request permissions. If you don’t grant them, they don’t have them. So, if you are downloading an app from a lesser known publisher, just take the five seconds to read the permissions and if they make sense for the app.

  • http://www.facebook.com/profile.php?id=671085503 Louis Philippe

    Just like people are appalled by those shady websites ripping them off when they give their credit card numbers, ppl will be appalled by malware being distributed on the internet!

  • James V Feragola

    Does anyone known anyone, that hasn’t been doing odd things, that has gotten a virus on their phone?  Out of the Dozens and Dozens of people I know and work with, some that even do and view some questionable things, none have ever said that they acquired a virus and had to take their phone in.