As peculiar as the after-the-fact announcement of Google Bouncer may have been, it was still good news. Perhaps Google was ramping up, trying to make sure that its Bouncer would work as intended and be able to handle the flood of new apps submitted to the Android Market. Perhaps the company just wanted a head start so they could be ready for the malware writers who will surely try to test the system.
Regardless of the reason, the fact that Google has its Bouncer checking for apps with embedded malware is a good thing. Bouncer has several things it does when an app is submitted for inclusion to the Market. First, it scans the app for known malware, and if it finds any, then that app is blocked. In addition, Bouncer checks the app for suspicious functions that may or may not be malware and shuttles those off for manual inspection.
Google also runs every app submitted to it for use in the Market on a simulated Android device in the cloud to confirm that it behaves appropriately. If the Bouncer finds that specific developers are repeatedly sending in apps with Malware, it blocks submissions from that developer.
Google has said that its also in the process of checking apps already in the Android Market for malware. Its not clear how far along this process is, but at some point, Google will have ensured that that everything in the Market is malware-free. Unfortunately, that doesnt really end the malware problem for Android devices, although it does reduce the level of risk.
You Can Download Your Android Apps From Anywhere
One of the good things about Android is that you dont need to get your apps at the Android Market. You can download them from anywhere. But thats also one of its weaknesses. A third-party app download site provides no assurance that its stuff was checked for malware. In fact, you should assume that it hasnt been. And there are a lot of download sites for Android apps, some legitimate, some not. China in particular has a vast array of app stores that are outside Googles protection. Considering that a lot of Android malware seems to come from China, this is unsteady ground indeed.
Likewise, Android doesnt have any real defenses against malware that comes in through email attachments or Websites. Its entirely possible to visit a rogue Web page that contains active content that can place malware on your Android device, just as it is for a Windows PC or an iPhone for that matter. Fortunately, there are solutions. Most of the major security vendors, including McAfee, Symantec and Kaspersky have security software for Android devices. You can download these from the Android Market, and one presumes theyve been checked for malware by Bouncer.
While it turns out that Google has actually been running Bouncer for several months, it does point out a problem that had been mostly ignored since Android first came out, which was the security of this system. It was fairly obvious from the beginning that Apples AppStore had a significant security benefit, first because theres relatively less malware for Apple platforms, and second because Apple was checking the apps.
With Android, there was always a question. And it was enough of a question that you had to select the ability to download software from places other than the Market before you could do it by making a menu choice. By default, that ability is turned off.
So if theres a security problem thats finally being dealt with in the Android Market and that has been handled since day one by Apple, what about other platforms? Neither Research In Motion nor Microsoft has said much about the security of the products in their respective app stores. However, there is security software available for BlackBerry devices from McAfee and others. Microsoft has released a number of security updates for Windows Phone, but so far, there have been no reports of malware emerging from the Windows Phone app store.
But on a larger scale, the security issues for smartphones continue.
Googles announcement is only the latest news in what is becoming a steady flow of reports of vulnerabilities. And while it closes one hole through which malware can enter a phone, it doesnt close all of the holes. Likewise, all smartphones have vulnerabilities, and all of them are targets. The most likely reason that there dont seem to be any Windows Phone malware attacks is probably due more to the tiny market share than any special quality of the device.
Whats worse is that Apple cultivated the appearance of being invulnerable to malware, and only recently allowed security software vendors to offer their products through the Apple AppStore. This belief that malware doesnt exist for your platform is one of the reasons why malware spreads. Users dont take the precautions that theyd take if they were using their computers to visit Websites or open email attachments. Ultimately, the failure to believe in malware on your phone has its expected consequencesmalware on your phone.