With all the stories about Android malware as of late, it might be easy for a novice smartphone user to get nervous. Security software vendor McAfee agrees: they’ve sent out a much-publicized report claiming that threats for Android have increased by 37% in just three months, and they’re predicting “75 million unique malware samples” across all mobile platforms by the end of the year. Juniper Networks is claiming a 472% increase since July. Google’s Open Source Program Manager Chris DiBona had a pointed rebuttal to this and other Android malware news on his personal Google+ page, mostly (go figure) in defense of Android’s open source nature.
DiBona’s argument refutes the idea that Android’s open source architecture make it inherently unsafe, or at least more so than competing platforms like iOS. Ge gives a history lesson on open source software and operating systems, noting that, yes, as platforms become more popular the level of malevolent interest and intent also rises. Previously the threats have been found and dealt with, both on iOS and Android, and despite a considerable amount of media attention the current state of mobile security is nothing like the Wild West days of Windows in the late 90s and early 2000s – you’re not going to pick up a Trojan simply by browsing the web.
He goes on to call out reports on the insecurity of Android, specifically from software vendors:
If you read a report from a vendor that trys to sell you something based on protecting android, rim or ios from viruses they are also likely as not to be scammers and charlatans. [sic]
So, where’s the truth here? McAfee has a lot to gain by making Android users afraid, but DiBona isn’t exactly a neutral source either. (It’s important to note that the views expressed in his post are his own, and not technically a representation of Google’s official stance.) Malware for Android is increasing – that’s a fact. It’s also a fact that the vast majority of it eventually requires users to manually install apps outside of the Android Market, purposefully disabling the security measure that’s designed to keep novice users out of trouble. In the instances when malware has been discovered in the Android Market, it’s been promptly removed.
I invite you to form your own conclusion on who’s “right” as far as the validity of threats is concerned. In the meantime, repeat that often-heard security mantra: never install apps or software from a source you don’t fully trust.