Come on! I like a lot of what Google does, but its refusal to keep malware-laden apps out of the Android Market is inexcusable.
Just today, researchers at Lookout Mobile Security spotted more variants of DroidDream malware in the Android Market. On the same day, Fortinet spotted the Zeus banking Trojan in Android.
It’s not that Android is uniquely vulnerable to malware. It’s not. In fact, Android, which is based on Linux, has not only the Linux operating system’s higher than usual resistance to attack; it also has the advantage of running applications in a Java-like virtual machine (VM), Dalvik. What all that means is that malware should actually have a great deal of trouble running on any Android device, and even if it does get on one, it should be locked in the VM where it can’t harm any other applications.
So why, does security firm Trusteer CEO Mickey Boodaei claim that mobile malware will affect more than one in twenty devices within the next two years? And, specifically that “Compared to Apple’s App Store, Android Market is the Wild West. You can’t always trust applications you download from it.”
I’ll tell you why: Because Google doesn’t do an adequate job of checking programs registered for the Android Market for hostile intent and poisoned payloads before letting the public at them. When you download a malicious program, it’s going to nasty things to you. It’s that simple.