Recent articles caution that Android users are at high risk for malware, but are you really in danger? TUAW cites a 2012 Government report showing the breakdown of malware on mobile operating systems:
according to the government’s findings, only 0.7 percent of all mobile malware is designed to take advantage of iOS. This figure is in stark contrast to the Android OS, which the memo reports accounts for 79 percent of mobile malware threats.
This article matches expectations, but seems to be a bit out of date. Data from 2012 is light-years away from what we see today. Android is not the same platform it was in 2012, and evidence is mounting that iOS applications are reviewed for mere seconds before being approved, and there is no validation or protection from online content. Finally, there needs to be more industry effort to define what malware is. There is malware that may collect your contacts, even as part of legitimate applications such as Path. There is malware that looks like real applications, such as several paid YouTube applications found on the Windows 8 Store. Both of these are malicious, but could be solved with education and training of users. The final type of malware which I would not expect to see on iOS or Android, is remotely installed applications. This would include viruses that plagued Windows for years. It’s not clear if the report includes any of this type of malware, which would be the most alarming.
The report breaks the security threats into three groups:
- SMS Trojans
- Fake Google Play Domains
SMS trojans and fake Google Play domains go hand in hand. It is very unlikely you will download a trojan, or any kind of malicious file from the Google Play store. It is possible (just as possible as it is on iOS) that an application will sneak through but it will most likely be discovered and removed. The double-edged sword is Android users have the ability to download and install applications from any source they choose which opens the door for fake Google Play domains or any domain to trick users into installing trojans and rootkits. However you need to give the device explicit permissions to install software from “unsafe sources” before doing so. On iOS it is simply impossible to install anything except official approved apps (unless you jailbreak).
Even what they refer to as Rootkits represents a disagreement between smartphone subscribers and the carriers. Software known as “Carrier IQ” was installed by telephone carriers such as Sprint or Verizon monitor user activity, but these actions are understood and part of the risk of relying on those companies, rather than the malicious actions of an unseen party.
There is not any more risk in owning an Android device as long as you restrict your installing activity to trusted sources only.