We recently mused about a study by the German company AVTest that concluded that the free anti-malware apps available through on the Android app market were “almost completely useless.” It appears this study launched a heated debate on the topic of mobile tech security in general.
In the red corner, we have Google’s open-source software manager Chris DiBona, who recently posted on Google+ a defense of his company’s embrace of open-source software, stating that “no major cell phone has a ‘virus’ problem in the traditional sense that windows and some mac machines have seen.” We won’t get into the technical jargon concerning sandboxing models and kernels and the like, but suffice it to say that DiBona didn’t pull any punches. “Virus companies are playing on your fears to try to sell you BS protection software,” DiBona wrote, referring to such companies as “charlatans and scammers,” and concluding that “if you work for a company selling virus protection for Android, RIM or iOS, you should be ashamed of yourself.”
And in the blue corner, we have the mobile security industry, which itself was quick to respond to DiBona’s criticisms. Kaspersky Lab – which, it is worth mentioning, was one of the controls used by AVTest in its study of free Android anti-malware apps – was quick to point out that the “traditional virus problem” affecting desktops is decidedly not the only, nor even the major, security concern affecting mobile technology. Rather than creating malicious software designed to spread from phone to phone – which is more or less how traditional viruses function – those targeting mobile tech devices rely much more on Trojans. Kaspersky mentions, for example, that the attack on the DroidDream affected over 100,000 users. While that number represents a tiny percentage of total Android users, it appears the cybercriminals are gravitating towards Android as their target of choice. Another analytics firm, Juniper Networks, noted a 400% increase in Android malware between 2009 and 2011 and explained how simple it is to get that malware on the market: All you need is an anonymous developer account and twenty-five bucks.
We’ll continue to monitor developments in the Android security debate, but in the meantime, remember that there’s no substitute for user vigilance.