Android Malware Shows Why Security Risk Is the Price of Freedom

News Analysis: Recent news that malicious applications had infiltrated the Android application market demonstrates that there are pluses and minuses to having the freedom to get your apps from just about anywhere.

The news that Google is remotely removing 58 malicious applications from Android devices shows that opening up the supply of software to a variety of sources has its risks, including malware similar to what has been infecting Windows for years.

To many, it's good news that Google is able to remove this malware by remote control-although some Android users have told me that they don't like the fact that Google can "invade" their phones and pull things off without telling them first.

The fact that malware is appearing on Android devices shouldn't be a surprise to anyone. Google has been fairly relaxed about screening its Android Market, and as a result some infected applications have found their way into the Market. But in the case of Android, there are other risks. Android devices also give you the ability to download apps from third party sources-places that aren't part of the Android Market. You have to make a selection from a menu on the device to allow this, but it's not exactly difficult.

I'm sure there are many out there who will suggest that this makes Android devices less useful in the enterprise than, say, Apple or BlackBerry devices. The fact is, the usefulness balances out. If you need to create an application for internal use, it's a lot easier to get one on to your Android devices than to do the same thing with BlackBerry and Apple devices. The freedom to load applications from anywhere gives Android devices significant flexibility that you don't get with other devices.

So on one hand you have greater flexibility, but on the other hand you have greater risk. But that doesn't mean that Android is the only mobile platform with risks from malware. There's already a variant of the Zeus Trojan, named Zitmo, attacking BlackBerry devices that apparently comes from visiting infected Websites or from infected e-mails.

Meanwhile, security researchers are finding evidence of iPhone malware prototypes, so it's only a matter of time before we start hearing of iPhone, iPad and iPod Touch infections as well. These won't be coming from Apple's App Store, just as the BlackBerry App World probably isn't sending out malware-infected software.

But the point is that you don't need to be sending out infected software to load malware on a mobile device. You just have to get someone to visit an infected Website or open an infected e-mail. This works just as effectively regardless of what brand of mobile device you're running.

Wayne Rash

Wayne Rash

Wayne Rash is a freelance writer and editor with a 35 year history covering technology. He’s a frequent speaker on business, technology issues and enterprise computing. He covers Washington and...