The Android Market, the single
largest repository of Android
software, is open to all sellers.
That openness is part of the
Android platform's appeal, but
it comes at a price. There have
been several instances of
malicious apps being
distributed in the Market, and
they've raised questions about
what responsibility, if any,
Google has to ensure the wares
in its store are safe.
Android apps are becoming
more popular as the Android
operating system gains ground
in the mobile market.
IDC expects Android to take more
than 40 percent of the
worldwide smartphone market
in the second half of 2011.
However, with Android's
growing popularity comes a
growing risk of malware attacks.
Malware has hit apps in the
Android Market on at least two
notable occasions this year, in
March and then in early June,
forcing Google (Nasdaq: GOOG)
to pull about 75 tainted apps in
all.
Improper coding also affects
users of Android apps. Motorola
(NYSE: MOT) CEO Sanjay Jha has
commented, in essence, that bad
apps are behind 70 percent of
the returns of Motorola's Android
devices.
Google's open approach to the
Android Market plays a part in
these problems. Unlike Apple
(Nasdaq: AAPL) and Microsoft
(Nasdaq: MSFT), Google doesn't
test or pre-vet apps submitted to
its apps market.
Is it time Google clamped down
and began testing Android apps
before letting them into the
Android Market?
Google's Malware Problems
There are about 300,000 apps in
the Android Market, and this
number is expected to hit
425,000 by the end of August,
Research 2 Guidance has
predicted.
Meanwhile, In-Stat's research
shows that Android and Apple
users are "significantly more
likely" than BlackBerry users to
download mobile apps.
The two malware attacks that hit
Android apps this year used
variants of the same code.
Lookout Mobile Security, which
discovered the attacks,
christened the malware
"DroidDream."
It's not clear exactly how many
people were impacted in all, but
Lookout Mobile estimates the
June attack ht between 30,000
and 120,000 victims.
Sink, Swim or Go With the Flow
"The ubiquity of Android and its
flexibility creates a real systemic
risk if it's not managed with
care," Tom Kellerman, chief
technology officer at AirPatrol,
told TechNewsWorld.
Android "has a very innovative
model and takes extensive
measures to make the system
secure and control access to
private information," said Alicia
diVittorio, a spokesperson for
Lookout Mobile Security.
While both Apple's iOS and
Google's Android platforms "have
a level of systemic risk, Google
has opted for an open model to
give users more choice, and with
more choice comes more
responsibility," diVittorio told
TechNewsWorld.
Where Does the Buck Stop?
Google's response to both
DroidDream attacks was to pull
the infected apps from the
market.
Should it have taken a more
proactive approach, possibly by
having apps pre-vetted? Perhaps
that approach could have
prevented some bad apps from
reaching phones, but no net is
100 percent effective.
"There is no authority on the
Internet that keeps users from
downloading malicious
applications from any source,"
Stephen Gates, director of field
engineering at Top Layer, told
TechNewsWorld.
"So why should we blame Google
if we download a malicious app
onto our Droid smartphone?"
Gates asked.
User responsibility is a major
factor in security, suggested Fred
Touchette, a senior security
analyst at AppRiver.
No comments:
Post a Comment