The Android malware monster is coming! RUN!!

By JR Raphael (@jr_raphael)

I don't know about you, but reading Android news lately, I'm starting to feel a real sense of déjà vu.

Android Malware

Have you noticed the pattern? Every few months, some shocking new Android malware story hits the blogosphere. Nine times out of 10, it originates from a company that makes money selling malware protection software for Android phones -- coincidence, I know. The Internet's echo chamber effect kicks in, and the headlines become increasingly alarmist and sensational. (I figured I'd get in on the fun this go-round -- and yes, if it wasn't immediately apparent, this story's headline was meant to be taken sarcastically.)

Guess what happens next? A bunch of Android users see the news, become concerned, and click over to buy some malware protection software for their phones. And guess which company's name they're going to remember? The one mentioned 55,000 times in all the shock-and-awe stories scattered around the Web? Ding! When you stop and think about it, it's an interesting connection. 

Android Malware: The Latest Scares 

This week, we've had a couple good tales of Android malware-made death and destruction. First, word broke that a big, bad, scary virus was lurking in the Android world and secretly recording the phone calls of unsuspecting users. That story came courtesy of CA Technologies, an IT management company that -- wait for it -- sells malware protection software for Android phones.

CA Technologies told the folks at Android Central there were "very high chances" that someone could "customize [the malware] to lure their victims to fall into the trap." They forgot to mention, however, that the malware hadn't actually been tied to a single infection stemming from the Android Market.

In fact, the "malware" might not even be malware at all: Symantec did some digging and found that the software in question is available mainly in China, where it's clearly marketed as a "solution for concerned users to confirm suspicions of infidelity by tracking a significant other's calls and whereabouts." Creepy? Sure. But a virus waiting to take over our phones while we sleep? Not even close. (On a side note, Symantec said the program didn't even work on most Android phones.)

The other big tale came from a veteran of Android malware media campaigns -- a company called Lookout. (Do I even have to tell you what they sell?) Lookout posted a "Mobile Threat Report" stating that Android users are now 2.5 times more likely to encounter malware than they were six months ago. Reading the report is enough to make you want to hide under your desk and pray your phone doesn't find you. Hang on, though: Beyond all the hype, there's really little reason to be scared.

Android Malware: Beyond the Hysteria

Here's the truth: While many of the threats we hear about are misconstrued and exaggerated, legitimately malicious apps are periodically going to pop up in the Android universe. It's an unavoidable reality, given the platform's open application ecosystem -- wherein any registered developer can create and upload programs without the need for a committee's approval.

That kind of open application ecosystem comes with plenty of perks. Android allows you to install anything you want, whether it's a third-party keyboard like Swype, a full-fledged alternate browser like Dolphin or Firefox, or an app with content that's too edgy for someone else's values (you know, like satirical cartoons or (gasp!) girls in bikinis). As a user of the platform, you aren't subjected to someone else's judgment, be it moral- or business-driven, about what you should and shouldn't have on your phone; it's your device, and it's your decision.

But, as I've said before, an open ecosystem also comes with a certain level of responsibility. As I wrote last August (I told you, déjà vu): 

It's no different than the Internet: In an open environment, people are occasionally going to try some nasty stuff. That doesn't mean we lock down the Web and require every page and program to be preapproved. That means we take it upon ourselves to be careful about what we do online. 

It's really quite simple: Just like you do on the Web, you practice a combination of caution and common sense. To revisit my words once more:

Filtering or censoring the Web would be ridiculous, right? Well, the same notion applied to a smartphone is no less absurd. Like with the Net, it all comes down to being cautious and intelligent about what you do. Before you download something, you evaluate it carefully. You look and see what other people are saying about it. In the case of the Android Market, you even have the advantage of being able to review exactly what types of data it'll have access to (you know, that little warning screen that pops up before your download begins?). If something looks questionable, you click away.

A little less scary-sounding, right? Remember, too -- that just like with the Web -- if you prefer having a helping hand, you can always opt to install a virus scanning utility that'll look over every new download for you (the companies that issue all those malware alerts would certainly be ecstatic). I don't think it's necessary, to be honest, but if it makes you feel more comfortable, the option is there; pretty much every major security vendor has something available in the Android Market. 

followbox-1.jpg

followbox-2.jpg

Ultimately, we can't stop the Internet from going into full-on freak-out mode every time one of these ominous reports comes along; heck, if history's any indication, we'll be due for another round of panic and mayhem before the start of fall. What we can do, though, is step back from the sensationalism and see the big picture -- and realize that whether we're talking about the Web or talking about our smartphones, the big bad malware monster is only as dangerous as we allow him to be.

JR Raphael writes about smartphones and other tasty technology. You can find him on Facebook, Twitter, or Google+.

Article copyright 2011 JR Raphael. All rights reserved.

FREE Computerworld Insider Guide: Five IT certifications that won’t break you
Join the discussion
Be the first to comment on this article. Our Commenting Policies