Over the past several months there has been a notable rise in the amount of Android malware. While many of these attacks won’t affect the average user that sticks to well known App markets, security is still a real problem.
While the iPhone is a locked down platform, and like OS X, has enjoyed a relative free ride in the malware department, the open nature of Android has led to some issues.
During this same time period, Android has seen huge growth, with 500,000 activations a day. This is good news for users that want more apps, but it isn’t all roses. The larger install base means that the platform is a bigger target for hackers and malicious coders. Combine this with the increase in Android smartphones in the hands of first time smartphone owners without the knowledge of how to secure a smartphone or any training on what to look for when installing an app — and you’re asking for trouble.
Android Users Lax on Security
It would be great if users didn’t need to know as much about security on Android devices as they currently need to, but that’s the reality of opening up a system to a large number of users and providing little guidance and security built-in.
Essentially, Android is on the way to becoming the next Windows XP. For years Microsoft depended on the user to know which steps to take to secure their device. This meant obscure warnings, malware issues that tricked even careful users and reliance on third parties for security solutions. It wasn’t until recently that Microsoft began offering Security Essentials and extra warnings to help prevent the spread of malware.
On the Android side we see the same issues. The warnings which are supposed to prevent malicious apps by telling users what the app will do. In theory this is great, but in practice, obtuse. The warnings appear for the most innocuous things, which leads to users quickly tapping OK, even when something shows up that shouldn’t, like the ability to record your calls and send them to a third party. You can see a collection of permissions which apps can potentially show users. You’ll notice that the permissions list is quite long, and when you look at an app on your device the list requires a decent amount of scrolling.
Instead of addressing this problem, Google is relying on third party vendors like Lookout to handle security. Third Parties can do a good job of protecting users, but a large number of Android users don’t even know about the built-in security functions let alone to go out and look for malware protection.
A survey be Retrevo shows that only 32% of Android owners know that their phones can be infected with malware. 27% of Android users don’t know that their phones are susceptible. Further evidence of the lax security mindset of most Android users is the fact that less than half use a password to protect their data.
What Google Can Do About Android Security
Google doesn’t need to lock down the Android platform to fix these issues. Instead, Google could simplify the warnings to the point that users only see warnings for big permissions, like recording phone calls or accessing your data. It is safe to assume that installing apps will allow for network access, not so much that they will be able to listen to your conversations.
Google can also take a greater role in the Android Marketplace. For the most part the malware is arriving on phones through third party app stores, but there have been several cases of apps in the official app store doing bad things to phones.
It’s not too late for Google to keep Android from becoming the Windows XP of the mobile world. A few small steps, with some backend work by Google, could help prevent much of the malware that the average Android user will come into contact with, and that’s all we can ask for. When users venture out to third party app stores Google can’t do much, but it could offer a tool that scans for problematic app permissions, to help users find malicious apps as a core part of Android. Unfortunately any changes will likely take years to trickle down to users of current devices that won’t see updates in a timely fashion.
What would you suggest Google do to handle the malware issues plaguing the platform?