Android figure with malware critter embedded

Android malware is on the rise

There’s a new instance of Android malware on the loose, targeting your SMS messages, intercepting them and attempting to use them for profit. It isn’t the first instance of malware on the Android platform; there have been a number of apps posing as other innocuous, even useful, tools that harvested your data for less than honorable purposes. In fact, this latest incarnation of Android malware, named SpyEye, follows on the footsteps of Zeus, an Android version of desktop malware. TheRegister reports that Android malware exploits are set to rise precipitously over the next six months. In that same article, it is surmised that Google dare not “lock down” its applications for fear of developer reprisal, intimating that the problem won’t be rectified with a “walled garden”.

One Android Malware To Go Please

In contrast with Apple’s “walled garden”, Google has adopted what could be termed an “untamed jungle” approach. While there are multiple app stores with varying levels of vetting by the operator, there are ample methods for Android owners to download apps from any location fully on their own recognizance to determine the genuineness and safety of the app in question. This has several positive effects. First, the barrier to entry for developers is lowered as they can offer applications directly from their website without having to register and receive approval from a third party operator. Second, the user has a potentially larger pool of applications to draw from since apps that otherwise might have been rejected are now available (I’m looking at you PhoneStory).

There are downsides, too, though, as Android owners are finding out. When an app store operator vets an app, there is a much lower chance that it will be approved if it will adversely affect a user’s device. There are quality checks made which wouldn’t be outside of an app store environment. Of course, it helps if the app store operator has reasonable standards and a habit of enforcing them but any app store operator worth their salt is going to make the effort in order to preserve their reputation, else customers will bring their money to another app store that serves them better. Outside of these app stores though, anything goes. Without a formal vetting process in place, the bar is lowered for malware authors to infect users’ devices.

Of course, not even Apple requires you to enter through their gates for all of their devices. End users can just as easily install apps from a developer’s website on their iMac as any Windows user could on their PC. There is an App Store for OS X users, but it isn’t required. It offers a degree of comfort, of safety, but isn’t the only way. Users are left to fend for themselves.┬áBut the argument that Google would necessarily lose developers if they chose to lock down Android is without merit. Apple took some heat for what was perceived to be a strong handed approach in terms of what apps were allowed to do but seems to be doing quite well in spite of this. Even when Android first arrived and all of the comparisons of openness vs not-so-openness were cropping up, Apple has still done very well. Developers did not leave the platform in droves. Apple’s world did not end. So it’s not the openness, per se, that Google fears. Rather it’s that they have hyped it so much they can’t back down now. They’ve worked to convince everyone that they champion openness, and the free distribution of Android apps outside of an app store is a major part of that campaign, that any backing down now would seem like a retreat of sorts. And that, Google can’t have.