There's a battle brewing over how secure the Android operating system is -- or isn't. Juniper started the brouhaha last week with a report that said mobile malware on Android platforms has climbed 472 percent since July.
Juniper's Global Threat Center report noted the main reason for the malware epidemic on Android was because of different approaches that Apple and Google take to police their application stores.
"Android's open applications store model, which lacks code signing and an application review process that Apple requires, makes it easy for attackers to distribute their malware," Juniper said. "There is still no upfront review process in the official Android Market that offers even the hint of a challenge to malware writers that their investment in coding malware will be for naught."
Security Firms Agree
Kaspersky Labs is essentially backing up Juniper. In a Thursday report, Kaspersky said the last quarter saw the share of all mobile malware in 2011 targeting Android OS reach 40 percent, firmly establishing that platform as the leading target of malicious programs.
"Kaspersky Lab analysts had anticipated that cybercriminals would look for new ways to make money on Android malware, and it didn't take long to happen," the firm wrote. "In July, an Android Trojan of the Zitmo family was detected that works together with its desktop counterpart Trojan-Spy.Win32.Zeus to allow cybercriminals to bypass the two-factor authentication used in many online banking systems."
Of course, these sorts of reports are nothing new. Symantec led the charge earlier this year by confirming Android malware was on the rise. In a February report, Symantec pointed out the latest threats and suggested that consumers only use regulated Android marketplaces for downloading and installing Android apps.
What Is the Truth?
Chris DiBona, open source and public sector engineering manager at Google, took exception to the reports about Android's security. He lashed out in a post on Google+.
"Virus companies are playing on your fears to try to sell you BS protection software for Android, RIM and iOS," DiBona wrote. "They are charlatans and scammers. If you work for a company selling virus protection for Android, RIM or iOS you should be ashamed of yourself."
DiBona admitted that a virus of the traditional kind is possible, but he said it's not probable. So what is the truth?
"The truth is that Google doesn't curate its app store. Developers can put anything they want out there," said Michael Disabato, managing vice president of Networking and Telecom at Gartner. "If I had a target like that, I would go attack it. The return on investment isn't good with iOS because it's protected by humans."
Are Juniper and Kaspersky trying to make a dollar off of the Android controversy? Perhaps, Disabato said. Although Juniper makes a virus scanning app for Android, Kaspersky doesn't. Kaspersky commented from the perspective of a security firm.
Posted: 2011-11-24 @ 3:55am PT
I think it is difficult for the android market to be protected as any developer can put there what they want.