Reflections

Major Malware Attacks on Android: Fact or Fiction?

Posted by on Nov 21, 2011 | 4 Comments

The conventional wisdom concerning Android phones and devices has been that as long as third party apps are blocked, all would be well. Google has maintained that third party applications from unknown developers could damage your Android device and the company has been fairly specific about what should not be installed on your phone or device. There are now allegations from numerous security firms claiming that even those apps, from the Android Market, could potentially be fatal to your device.

So are these allegations nothing more than FUD (fear, uncertainty, and doubt) drummed up by the security firms to sell their anti-virus products? Having been a Windows user for more years than I wish to count, I wouldn’t even start a Windows box attached to the Internet without some type of virus protection. So it only seems logical to me that Android, because of its popularity, would need the same type of protection.

Major Malware Attacks on Android: Fact or Fiction?If I weren’t right, then why does the Android Market have over 1,000 Android anti-virus applications available?

I have already installed an application called Antivirus Free on both my Android smart phone and my Amazon Kindle Fire. The reason I chose this application to protect my systems was because it was free and, second, because it was offered on Amazon’s app store for use on the Fire. I do not believe it is important which anti-virus protection that you choose to use. I believe it is more important just to install the anti-virus protection to be safe. Why take a chance?

The second application I would highly recommend for any Android user is an app called App Backup & Restore.

This application is simple to use and your backups can be saved to a memory card or transferred over to your computer for safe keeping. The second reason I recommend it is because it is free and I personally love free stuff.

If you treat your Android smart phone or other Android device the same way that you treat your Windows computer, with the proper amount of protection, I believe that you should have no issues. Just my two cents. What do you think?

Comments welcome.

  • zzFTWzz

    Yea I personally use lookout on my htc sensation because it has antivirus, phone tracking features, and backing up of certain things(contacts)

  • zzFTWzz

    Yea I personally use lookout on my htc sensation because it has antivirus, phone tracking features, and backing up of certain things(contacts)

  • https://kieran-grant.myopenid.com/ Kieran Grant

    On Android programs run a bit differently then on Windows. Apps run in a separate user account for each app, and can only do things that it has permission to do, that is why an antivirus app won’t be like a traditional antivirus on a desktop computer.

    Yes they may be able to report that you have an app that is malicious and it may be able to block bad apps from being installed (by whatever method provided), but it is still a regular app and cannot scan the directories of the other apps (as they are owned by a different user). When you install a malicious app, it usually uses permissions granted to it to do it’s damage.

    True, the Android OS is not designed in a way that could protect users better, that could be implemented in the future using the Linux Kernel’s built in security systems. Such as filesystem isolation (Chroot) if it’snt already being used, network name-space isolation, PID name-space isolation, UID name-space isolation plus SELinux and Linux Capabilities. If these are used, then even if there is a flaw, if designed correctly will prevent malicious programs from doing anything bad. (Albeit unless there is a kernel exploit, which needs a ‘native application’ anyway to exploit, even this would be difficult as this requires knowing where the kernel functions are, and this is difficult)

    • Anonymous

      @openid-114158:disqus  Excellent point about the sandboxing, but speaking as a former member of a major app developer I think the bigger issue is simply that the way Google set up the Android Marketplace, which has been an unregulated mess even before the transactions backend was finally brought online.

      This opened the door for an unparalleled amount of mobile Malware apps to be installed by hapless users who often will download apps in the spirit of instant gratification with no idea of the consequences can be because the non-tech savy amongst them naively assumes that Google maintains some semblance of control over what developers and apps it allows.

      Personally, ever since dealing with Android in its early days I’ve steered clear of recommending it and Chrome both as a development platform and as potential IT investment for my friends, family and clients because while I can understand the reasons for Google’s design decisions, I have absolutely no interest in being prohibited from installing an application on my Android device of choice simply because there is no way for me to specify up front what I want to allow said application to draw access to from my phone without denying use of the entire app.