Comments
Android Security: Threat Level None?
Newest First  |  Oldest First  |  Threaded View
Abaddon
50%
50%
Abaddon,
User Rank: Apprentice
12/15/2011 | 3:57:50 PM
re: Android Security: Threat Level None?
I would have to agree with ANON on this... The Android marketplace is what is spreading the applications that contain malware not the phones. Here's how it works. User buys an app, then user installs app on the phone. Once user launches the app, the app exploits vulnerabilities in the phone's operating system to gain root level privileges and do what it needs to. Operating systems have vulnerabilities. The problem is that this is still a relatively new frontier for public knowledge so people are not as informed about it as they should be even though vulnerabilities in the mobile operating systems are being discovered. This is not about viruses on mobile devices, it's about malware and trojans on devices. There are differences. There is also a stark difference in the way applications are reviewed and published between the two companies and that is part of the issue as well. I'm not saying that this type of issue couldn't happen on the IOS side of the world, However, until Android/Google start taking this seriously and implement a real application review process this could potentially have some nasty consequences for Android users.
ANON1237925156805
50%
50%
ANON1237925156805,
User Rank: Apprentice
11/22/2011 | 7:32:35 PM
re: Android Security: Threat Level None?
I agree with the prior post that it's melodramatic to say the least to rant about 10s of thousands of people getting attacked. However he's right about the nature of the Android threat. It isn't the fact that viruses are contagious; it's that applications with malware are less likely to be detected in advance in the uncurated Android marketplaces than they are in curated ones, whether those be the Apple store or the Amazon marketplace for that matter.

To say that is not to be an Apple fanboi; it's to be accurate so that users can make educated decisions. At one point in the past year Android removed some 50 apps from the marketplace after complaints and uninstalled them from users' phones. One piece of malware required killing software on 300,000 phones. Add to this the fact that the phones don't always have the latest security patch and you've got risks there. OS changes don't push over the air and because of all the flavors, an update strategy like synching via iTunes isn't feasible. These things can't be glossed over.

The Android guru is right to point out the self-interested exaggeration of Symantec et al, but he doesn't address these other elements. My final take is that it's up to the consumer to know where the risk is; to read the fine print when downloading applications and pay attention tto their settings; and to ensure before purchase that the carrier has a credible strategy for distributing OS updates and security patches on a timely basis.

Speaking of fanbois, whoever trotted that tired epithet out of his back pocket and lobbed it at Mr. Zeman, pls take it back. This is fair and balanced reporting that if anything tells the folks carrying Androids that they are not at imminent risk of attack. It's a very fine piece of reporting.
seattlemkh
50%
50%
seattlemkh,
User Rank: Apprentice
11/22/2011 | 12:04:46 AM
re: Android Security: Threat Level None?
This is a carefully chosen set of words to obfuscate the issue in favor of one company or another - as all marketing BS is. A "virus" connotes something that moves from system to system independently, exploiting some vulnerability to do so. Very 20th century. Malware that monitors keystrokes, steals data from banking apps, or makes expensive SMS/phone transmissions are the issue. Those are legitimately becoming a concern, and when organized criminals figure out a way to monetize access to smart phones, the emphasis will shift altogether. A/V companies produce malware protection. Parsing the word, "virus" and emphasizing the lack of automatic propagation is disingenuous.
ExpatZ
50%
50%
ExpatZ,
User Rank: Apprentice
11/21/2011 | 2:23:53 PM
re: Android Security: Threat Level None?
AAAAAHHHHHAHAHAHAHAHHHHHHHHHHHHHHHHH!!!!!!!!
THE END OF THE WORLD IS NIGH - REPENT SINNERS!!!!!
ONLY THE CULT OF STEVE CAN SAVE YOUR PHONES NOW!
BITE OF THE APPLE AND SAVE YOURSELVES FROM CERTAIN PWNAGE!
FOR ONLY THROUGH THE GLORY AND THE MAGIC OF THE iVERSE CAN YOU ACHIEVE SAFETY!

REPEEEEEEEEEEEEENT!

Idiot fanbois.
DLYNCH294
50%
50%
DLYNCH294,
User Rank: Apprentice
11/21/2011 | 1:53:04 PM
re: Android Security: Threat Level None?
Hey, look, an anonymous idiot says that the Android Market is spreading malware. There are "10's of thousands of people with malware on their phone RIGHT NOW"? Says who?

It's impossible for any piece of software to install itself on an Android phone. Read that again. Impossible. The user has to accept the permissions and then initiate the installation. The permissions page lists exactly what the software will be able to do. That's not something that a programmer can fake. It's part of the operating system and there's no way around it. If you don't want apps to have access to your personal data, then don't install apps that say they are going to access your personal data. It really is that simple. No app will ever have access to your personal data unless you have explicitly given it permission to access that data.

If these companies want to market and sell "stupid protection", there would be nothing wrong with that because that's all their software does. It protects you from your own stupidity. If you don't understand what the permission mean, then why are you installing software from some goofball developer that you've never heard of?

We all understand that you're an apple fanboy who hates the fact that Android is crushing your silly, locked-down operating system, but you really need to work on your presentation a bit because you're just making yourself look like a fool.
ANON1244594108572
50%
50%
ANON1244594108572,
User Rank: Apprentice
11/21/2011 | 1:37:44 PM
re: Android Security: Threat Level None?
apparently you skipped the part where the Android MarketPlace IS THE MASS BREAK out point of malware... Phones are not spreading malware from phone to phone, but the point is that the Marketplace IS SPREADING malware to phone to phone... GET IT?????

no you shouldn't trust a security vendor, but what you did was instead trust a Android vendor????

trust neither one... trust the facts...

there are 10's of thousands of people with malware on their phones RIGHT NOW....growing exponentially... not from spread form their friends, but from spread of malware from the ANDROID STORES...

literally if you plug into an Android marketplace in China or Russia, or korea you have more than a 50% chance of getting malware or a stolen product, instead of a legit app...

in the US you have somewhere close to 5% chance.. but that figure is growing exponentially....

THAT is the threat....

Android is destroying Android.... no one else.
Bprince
50%
50%
Bprince,
User Rank: Apprentice
11/21/2011 | 1:57:58 AM
re: Android Security: Threat Level None?
Good article. There was an article recently in Mac Observer that also questioned some of the common assumptions about Android malware. Worth a read.
http://www.macobserver.com/tmo...
Brian Prince, InformationWeek/Dark Reading Comment Moderator
Steve_CISSP
50%
50%
Steve_CISSP,
User Rank: Apprentice
11/19/2011 | 6:10:37 PM
re: Android Security: Threat Level None?
This is a great article! Finally a journalist that is asking the right questions about mobile anti-virus. I have been very suspect to the FUD around this, if anything it is about marketing hype, people assume that since their computer needs anti-virus so do their phones and these companies are taking advantage of this. I think one of the biggest offenders is Lookout Mobile Security, who not only have scammed the public, but also investors, as they have raised close to $80 million dollars on the hype and fears of mobile anti-virus. When it comes down to it though their software has done nothing to protect their customers, it is complete BS. However, they release their pretty infographics and the media love it and fan the flames.


The Business of Going Digital
The Business of Going Digital
Digital business isn't about changing code; it's about changing what legacy sales, distribution, customer service, and product groups do in the new digital age. It's about bringing big data analytics, mobile, social, marketing automation, cloud computing, and the app economy together to launch new products and services. We're seeing new titles in this digital revolution, new responsibilities, new business models, and major shifts in technology spending.
Register for InformationWeek Newsletters
White Papers
Current Issue
InformationWeek Tech Digest - September 10, 2014
A high-scale relational database? NoSQL database? Hadoop? Event-processing technology? When it comes to big data, one size doesn't fit all. Here's how to decide.
Flash Poll
Video
Slideshows
Twitter Feed
InformationWeek Radio
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.