Malware aimed at the Android platform has increased five-fold since July, raising questions on the open-door policy Android has in installing apps. IT company Juniper Networks says the reason for this is the Mountain View, Calif. company's own lax attitude when it comes to oversight.
"With no upfront review process, no one checking to see that your application does what it says, just the world’s largest majority of smartphone users skimming past your application’s description page with whatever description of the application the developer chooses to include", it says. Of course, Juniper's description of how the review process works in Android is generalized and somewhat inaccurate.
It's not that no one's watching the hen house: the process is just different. Whereas Apple puts apps through a fair amount of testing before they are approved, Google allows developers to post their work without any interference. The company does review content and removes apps for a variety of reasons, including malicious intent, but only for the Android Market.
Android users have the option to install apps outside of Google's official app repository -- the Android Market. This makes oversight more difficult. "Most of the growth in Android threats comes from applications that are available from sites not associated with Google’s Android Market", spokesperson Danielle Hamel told BetaNews.
Is either way the "right way"? The answer may not be clear cut -- malware has also made it into the App Store. A security researcher has already proven that, and that got him banned from the Cupertino company's developer program as a result.
What may occur soon is Google itself reigning in on who may peddle apps to its users to protect them from malware and hacks. This is something that many Android users will find anathemic to Android's open-source roots.
To put the rapid increase in Android malware in perspective consider these numbers. From 2009 to mid 2010, malicious Android apps increased 400 percent. Compare this with the past six months where malware has increased some 472 percent. Juniper's data shows an increasingly larger problem.
Hamel declined to specify the number of malicious apps it has detected due to competitive reasons. "We are unable to provide more specifics around the baseline malware numbers other than saying we’ve moved from hundreds to the thousands ranges of known Android malware samples", she responds.
The real danger is in the types of apps Juniper is detecting though, Hamel argues. Spyware was the single biggest type "by far", putting users' personal data at risk of transmission to a third party. Almost all Android malware is leveraging one of several platform vulnerabilities that allowed malware to gain root access on the device.
The data may be damning, but Juniper stresses that its findings do not necessarily indicate that Android is less secure. "Across Juniper customers globally, infection rates of between five to six percent are common across a mix of all types of mobile devices," Hamel says.