News Analysis: Recent news that malicious applications had infiltrated the Android application market demonstrates that there are pluses and minuses to having the freedom to get your apps from just about anywhere.
The news that Google is remotely removing 58
malicious applications from
Android devices shows that opening up the
supply of software to a variety of sources has its risks, including malware
similar to what has been infecting Windows for years.
To many, it's good news that Google is able to remove
this malware by remote control-although some Android users have told me that
they don't like the fact that Google can "invade" their phones and
pull things off without telling them first.
The fact that malware is appearing on Android
shouldn't be a surprise to anyone. Google has been fairly relaxed
about screening its Android Market, and as a result some infected applications
have found their way into the Market. But in the case of Android, there are
other risks. Android devices also give you the ability to download apps from
third party sources-places that aren't part of the Android Market. You have to
make a selection from a menu on the device to allow this, but it's not exactly
I'm sure there are many out there who will suggest that
this makes Android devices less useful in the enterprise than, say, Apple or
BlackBerry devices. The fact is, the usefulness balances out. If you need to
create an application for internal use, it's a lot easier to get one on to your
Android devices than to do the same thing with BlackBerry and Apple devices.
The freedom to load applications from anywhere gives Android devices
significant flexibility that you don't get with other devices.
So on one hand you have greater flexibility, but on the
other hand you have greater risk. But that doesn't mean that Android is the
only mobile platform with risks from malware. There's already a variant of the
Zeus Trojan, named Zitmo, attacking
that apparently comes from visiting infected Websites or
from infected e-mails.
Meanwhile, security researchers are finding evidence of
iPhone malware prototypes, so it's only a matter of time before we start
hearing of iPhone, iPad and iPod Touch infections as well. These won't be
coming from Apple's App Store, just as the BlackBerry App World probably isn't
sending out malware-infected software.
But the point is that you don't need to be sending out
infected software to load malware on a mobile device. You just have to get
someone to visit an infected Website or open an infected e-mail. This works
just as effectively regardless of what brand of mobile device you're