Android Malware: Why You Shouldn't Be Scared

Android Malware
If you've read much news lately, you know it's that time of year again -- time for the semiannual Android malware freakout show.

You know what I'm talking about: Some company, usually one that happens to sell a virus protection program for Android, comes out with a slew of blogs and press releases warning us of a super-duper-scary virus monster just waiting to attack vulnerable Android phones. Countless news stories follow, making sure we're aware of the unprecedented danger headed our way. Soon, the streets of America fill with men and women flinging their phones and running for their lives.

All right, that last part might be a stretch, but you get where I'm going here. Our latest Android malware episode started a few days ago when Lookout, a company that -- wait for it -- sells a virus protection program for Android, posted a blog and sent out a press release warning of a newly found threat. Called "DroidDream," the threat lurked in about 50 apps within the Android Market, Lookout said. If installed on your phone, those apps could potentially let an attacker install additional programs and ultimately access some of your device's data.

Long story short, Google axed the infected apps from the Market, remotely removed any traces of the programs from users' phones, and released a patch that'd prevent the apps from doing any more harm. Android engineers say the only thing the attacker might have gotten his hands on was a series of phone-identifying codes -- no personal e-mails, no phone numbers, nothing else.

Is this mildly concerning? Sure. Is it a cause for the kind of panic-and-mayhem-ridden headlines we've seen around the Web this week? Absolutely not.

Google Android Market Security
Let's step back for a moment and put this in perspective: The Android Market is an open ecosystem. That means any registered developer can create and upload programs without the need for a manufacturer's approval. Inevitably, that also means something shady will show up from time to time.

It's kind of like another open ecosystem we all use: the Internet. There are tons of programs, good and bad, available for us to download. There's even (gasp!) porn. Yes, my friends, it's a big, bad, scary world out there. But the answer isn't locking it down and having some panel preapprove everything before it gets uploaded. The answer -- in both environments -- is exercising a little caution and a little common sense.

We're used to this when surfing the Web, right? We evaluate programs before we download them. We look to see how many other people are using things and what kind of reviews they're leaving. If something seems shady, we click away.

The Android Market is no different; in fact, it makes the process even easier: You have the benefit of being able to see verified information about an app right on your screen. You can see how many people have installed it, what they're saying about it, and -- most important -- exactly what permissions it'll be able access on your phone.

If you don't want to entrust those judgments to yourself, like with the Web, there's no shortage of third-party programs that can do the policing for you. These utilities -- Lookout's antivirus software and other similar apps -- watch what you download and alert you when something questionable comes up. That kind of safety net isn't necessarily something you need with Android, but if it makes you feel more comfortable, it's certainly available.

I've said it before, and I'll say it again: Threats are everywhere. The answer isn't locking down the world; it's taking basic precautions. With freedom of choice comes a small level of responsibility -- and whether we're talking about the Web or talking about our smartphones, the tradeoff is almost always worth it in the end.

JR Raphael is a PCWorld contributing editor and the author of the Android Power blog. You can find him on both Facebook and Twitter.

For comprehensive coverage of the Android ecosystem, visit Greenbot.com.

Subscribe to the Smartphone News Newsletter

Comments