The number of apps on mobile marketplaces contaminated with malware grew from 80 to 400 during the first half of 2011, according to a study by Lookout Mobile Security. Android users are particularly at risk of downloading contaminated apps from markets and download sites. Two of the most commonplace threats, DroidDream and …
Is gthere a simple solution?
Tempting as it no doubt is to declare this a sign that android is a failure, it is nevertheless the very open nature of the android 'ecosystem' that makes it a success.
This presents a problem. An open system can be exploited, which some seize on as 'proof' that the open system is destined to fail and that the apple walled garden approach is the only viable solution. I don't think it's a binary case.
I lile the open model. I also think there's room for a closed, guaranteed market operating alongside it. A two-tiered approach, where both a walled-off area and an open caveat emptor market exist alongside each other would provide both trusted apps and access to the apps that don't meet specific requirements, but which still provide value, without restricting the owner of the device in ways they don't like.
Isnt that supposed to be the case now
I thought that was supposed to be what happnes now. After all the same happens in the Apple world, you can unlock your iPhone if you want, but how many people do?
Android walled gardens exist already
Just use the Amazon app store, all apps are rigorously vetted, problem solved.
... what title?
Are android users users at the front line of the attack?
Not really. They're merely at the back of the queue for defence. That seems to suit google and their customers just fine.
Translation for non-droidbois:
Are android users users at the front line of the attack?
Why, yes - yes they are. And google won't help you.
Not googles fault
This is for the OHA to sort isnt it? After all Android is not Googles product really, I mean we all know that surely? That's what they say when the shit hits the fans anyway
OK, well, there's an eye opener...
Wonder why the various anti-virus firms don't appear to have made Android-happy versions of their packages, or, if they have, why they don't appear to be publicising them very well?
Is it because users dont want to have to fuss with them? Most people don't do this on the home PCs (they usually buy a PC/laptop preinstalled with a virus/firewall installed).
Users will have to learn a new world of virus updates, etc all over again
I have one
I installed AVG for Android as soon as it came out, I'd prefer it if Trend Micro produced one though and bolted it on to my PC Licenses I have at home (they used to do that with Windows Mobile).
Every app I install gets scanned on download.
Prehpas they were just waiting for this sort of news story before they cranked up their publicity machines.
AV packages for Android
Many AV companies have already published AV packages for the Android platform. Many of them are free, too, and can easily be found on the Android Market.
As practically all of John Leyden's articles, this one is just a rewrite of a posting to the blog of an AV company - Lookout Mobile Security in this particular case. And, guess what, LMS publishes an AV package for Android. ;-)
It may scan the app, but it might not find anything wrong with it. Functions to read your SD card and to transfer data to the internet may be valid in other applications. How does the antivirus know 'cut the rope unlocked' isn't supposed to do it?
Glad to see the question being asked, but unfortunately the fact it's being asked is only a sign that Android has overlaid itself on a very old model: that of mobile phone manufacturer / network operator.
The old "big" manufacturers are all but dead now, especially on their own platforms - Nokia, SonyEricsson, Motorola - and android looked like a magic bullet to them, but they didn't alter their model one bit, and they didn't consider security from the outset.
Why on earth is it possible to install *anything* on an android device? I know it's a setting (I've got an android tablet somewhere) but it simply shouldn't be there! It assumes a level of tech-savvy on the part of the average user: what's the point of creating a fantastically rich user experience if you then assume the user understand the concept of malware and knows how to protect themselves? People still die of STDs for god's sake!
This is google's responsibility, but the manufacturers have been just as lax, and the overall ecosystem allows everybody to point the finger at everybody else (as used to happen with network operators and manufacturers before). Add in operator approvals for android versions and bundled crapware, and now the spectre of robbed battery life and CPU cycles for more intrusive TSR antivirus (have you _seen_ what McAfee will do to a dual-core 3.0GHz machine? It's *pathetic*) and frankly Android is a huge pile of sh*t waiting to happen.
The whole windows experience is being replayed, in the mobile arena, and we're all running headlong towards it giving £20 notes to antivirus producers who've just seen that their business model has a whole new arena.
And yes, I run an iPhone. It's jailbroken... and I have made the necessary changes to secure it. When iOS 5 comes along, the features I need will be in, and I'll un-break it.
Android is a platform for the tech savvy. Good for them, but it won't keep the manufacturers afloat with those numbers.
Here to stay
Just like Windows. Fact is not everyone wants a walled garden, and even more importantly there are thousands of consumers who dont care or understand what is meant by this stuff. They want a Phone, they want it to do facebook and play angry birds. Lots would like an iPhone but dont want to pay the contract or cash out, so they will be sold the android devices.
Mobile phone salesmen will soon be selling av packages at point of sale and making a few more quid. As these become ever more complex, users will need new hardware, and so the upgrade cycle begins. Device manufacturers win, mobile phone sales people win, av companies win, and as usual the consumer gets ripped because they dont know any better.
Google can rescue this, but do they really care? Probably not, they will still get their ad revenues, which is after all their business.
How the hell has this happened again?
Symbian fair enough, it was designed/written over a decade ago, but what excuse have Google got for producing an OS which is so easily overrun by malware? FFS, have they learned nothing? Isn't this kind of outcome so painfully obvious?
There is only one infection vector
The only way you can get 'malware' on an Android phone is if you specifically install it, and knowingly accept the fact that 'Jiggly Boobies 3' app really needs to send text messages. You really have to be a special kind of stupid.
I would hardly call that being 'easily overrun by malware'
- Mounties always get their man: Heartbleed 'hacker', 19, CUFFED
- Analysis Oh no, Joe: WinPhone users already griping over 8.1 mega-update
- Leaked pics show EMBIGGENED iPhone 6 screen
- Opportunity selfie: Martian winds have given the spunky ol' rover a spring cleaning
- OK, we get the message, Microsoft: Windows Defender splats 1000s of WinXP, Server 2k3 PCs