In a week where some of the most talked about Android news was about the apocalyptic end to a safe smartphone OS because of an outrageous increase in malware, most of us in the tech world didn't give it a parting glance. You'd be amazed at how often reports come in about how there's a giant increase in viruses and whatnot. And while normally I ignore the hopeful, fear-spreading cries of software protection companies, the fact that two of my friends came up to me this week and asked whether or not their phone could possibly have a virus made me realize I needed to put a foot down. When these companies are starting to attract mainstream attention is when I realize that something has to be done. So for your benefit I did a little digging on this 472% malware increase on Android. And for those of you thinking you need to start buying anti-virus software for your phone, I'd give my findings a look first.
Okay, so you'd be amazed at how hard it is to actually find concrete data on how much malware is actually in the Android Market today. Every security site seems to reference these percentages of increase, don't specify how they got these apps, and like to point to other security firms' vague data to promote their own. What does this help them accomplish? Believe it or not, selling virus protection software is a business. In order for them to sell you anti-virus software, you have to believe you need it. In order for you to believe you need it, you have to believe your phone has a decent chance of being infected; to the point where the cost of buying their product is less important than the risk of not owning it. They accomplish this buy promoting fear. And before you start telling me that I sound like a crazy conspiracy theorist, let's look at some problems.
1) Most of the infected apps are from third markets
The big scare last year about the rise of Android malware was quickly brushed away when people successfully pointed out that almost all of the apps in question were from third party markets in Asia. How worried are you that you're going to download some sketchy app you got off a Chinese website? When we're talking about the threat to the average Android user, I think we should only look at what most Android users use: The Android Market. I think we should be able to agree that when considering all of this malware the Android Market is should be what is called into question. Now that we have that out of the way, let's look at these numbers.
2) Just how many apps does this 472% bring us to anyway?
This is where things get interesting. Using Juniper's own numbers (you can find their full report here), this 427% increase started from a base of 29 apps on the Android Market last year. So what does this 427% increase bring us to? Well, simple math means we're up to a whopping 137 “bad” applications on the Android Market now (assuming they haven't already been pulled by Google). Let's continue to break this down.
3) Your chances of getting a virus
The Android Market (as of November 2011) lists that there are at least 370, 000 apps in the Android Market. You know what 137 out of 370,000 is? About 0.00037, or roughly 0.0037%. That means if you were to randomly download apps to your phone, you'd have slightly more than a 3 in 10,000 chance of downloading a corrupted app (You'd then have to ignore its permissions settings as well, but more on that later). Now why didn't they use that as their headline? Because shouting “0.0037% of Android apps are corrupted!” won't get anyone to care, no matter how loud you yell.
4) Google has already given you the tools you need to be safe
A lot of people wonder why I don't use protective software on my phone since it is such a big part of my daily life. The simple answer? I can't justify needing it. I could argue that it's wasted money, wasted cycles on my phone (also known as another app running the background, slowing down my phone), or whatever; I just don't get the point in having them. I'm not installing 400 apps a day on my phone, so it's not asking much that I glance at the permission settings before I install something. Plus, because Android sandboxes apps, the “bad” code could only work within your app. Granted, giving it permission to run elsewhere is If you want to feel extra safe, then by all means, go for it. But I've not heard a single first hand account of someone downloading an infected app. Heck, I haven't even heard on the internet of someone getting one (legitimately). Seriously, it takes just as much time (if not more) for common “virus scanning apps” to scan your apps than it would for you to glance at the permissions before installing.
So in the end, I know it will comfort people to have that extra security blanket on their phone. People also use their phones for much more important things than I do on a daily basis, and maybe that would change my viewpoint. But at the end of the day, the relatively small drawbacks for installing one these apps doesn't even outweigh the even smaller chance of me getting an infected app. So don't let these security companies try and sell you on this Android-malware-Armageddon; it's simply how they advertise their product.
SPOT ON!
No such thing as a virus on anything apart from windows…. Virus’ are infectious, just because you infect one phone in your house, doesn’t mean you’ll infect the rest. There might be some malware that gets your contact list though – if, and only if, you installed it and said “yes, please access this data if you want to”.
Plus, there are a few awesome free av tools on the market. So might as well just get that and not worry ever!