Android Security: Threat Level None? - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

IoT
IoT
Mobile
Commentary
11/18/2011
04:30 PM
Eric Zeman
Eric Zeman
Commentary
50%
50%

Android Security: Threat Level None?

Security firms are fanning the flames of fear about mobile malware and viruses, while others accuse such firms of being scammers. Who's right, and who's wrong.

Earlier this week, Juniper Networks lit a fire with its report claiming that the amount of mobile malware has jumped 472% since July. According to Juniper's numbers, the number of malware samples collected in October jumped 110% compared to September, and 171% over what was collected in July.

"These days, it seems all you need is a developer account, that is relatively easy to anonymize, pay $25 and you can post your applications," the company wrote in a blog post. "With no upfront review process, no one checking to see that your application does what it says, just the world's largest majority of smartphone users skimming past your application's description page with whatever description of the application the developer chooses to include."

Earlier this year, Symantec, too, warned of mobile malware in the Android Market. In its own blog post, Symantec said, "Android malware is on the rise. Android.Pjapps is another example of a Trojan with back door capabilities that targets Android devices. As seen with previous Android threats, it is spreading through compromised versions of legitimate applications, available on unregulated third-party Android marketplaces."

Symantec, of course, sells security software for both PCs and mobile devices.

[ Want to avoid Android App stinkers? See 10 Android App Flops. ]

Let's not leave out Kapersky Labs (which also sells security software.)

"When it comes to attacking smartphones, there were clear signs that cybercriminals have made Android their platform of choice," the company said in a blog post on Thursday. "Increasingly sophisticated operations by malicious programs were also noted in Q3 along with some tried-and-tested methods: innocuous QR codes are now being used to conceal malware and computers are facing threats even before their operating systems start as cybercriminals revisit BIOS infection methods."

Are you scared yet, Android smartphone owners?

Are you quaking in your boots? Are you ready to buy antimalware and antivirus software from these companies? Should your corporate IT department be licensing protection schemes in bulk?

Hold on just a minute.

Google's open-source Guru, Chris DiBona, had some harsh words about these reports and the companies that generate them.

"Virus companies are playing on your fears to try to sell you bs protection software for Android, RIM and IOS," he wrote on Google+. "They are charlatans and scammers. If you work for a company selling virus protection for android, RIM or iOS you should be ashamed of yourself."

So, is there a risk then? Yes, says DiBona, but it's not what you think.

"A virus of the traditional kind is possible, but not probable. The barriers to spreading such a program from phone to phone are large and difficult enough to traverse when you have legitimate access to the phone, but this isn't Independence Day, a virus that might work on one device won't magically spread to the other."

DiBona is right. While some malware and viruses have tried to make use of Bluetooth and Wi-Fi radios to hop from device to device, it simply doesn't happen the way security companies want you to think it does.

But DiBona has one more thing to say. "Policy engines, and those tools that manage devices from a corporate IT department are not the same thing at all, but sometimes marketers in companies that sell such things sometimes tack on 'virus' protection. That part is a lie, tell your vendor to cut it out," he wrote.

Now that we have a few different views on this topic, who do you think is right? Well, there's some truth to what the security vendors are telling us. Smartphones--and apparently Android devices in particular--can be infected with malware through careless use.

But DiBona is right, too. How do we know that he is? Because there haven't been mass break-outs or major epidemics of malware spreading from phone to phone to phone. It simply hasn't happened yet. Could it? Yes. Will it? Probably not anytime soon.

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
InformationWeek Is Getting an Upgrade!

Find out more about our plans to improve the look, functionality, and performance of the InformationWeek site in the coming months.

News
Becoming a Self-Taught Cybersecurity Pro
Jessica Davis, Senior Editor, Enterprise Apps,  6/9/2021
News
Ancestry's DevOps Strategy to Control Its CI/CD Pipeline
Joao-Pierre S. Ruth, Senior Writer,  6/4/2021
Slideshows
IT Leadership: 10 Ways to Unleash Enterprise Innovation
Lisa Morgan, Freelance Writer,  6/8/2021
White Papers
Register for InformationWeek Newsletters
2021 State of ITOps and SecOps Report
2021 State of ITOps and SecOps Report
This new report from InformationWeek explores what we've learned over the past year, critical trends around ITOps and SecOps, and where leaders are focusing their time and efforts to support a growing digital economy. Download it today!
Video
Current Issue
Planning Your Digital Transformation Roadmap
Download this report to learn about the latest technologies and best practices or ensuring a successful transition from outdated business transformation tactics.
Slideshows
Flash Poll