In a recent post, Windows IT Pro Paul Thurrott claimed that Microsoft is offering free Windows Phone handsets to Android maiware victims.
What sweet irony that the most successful Linux derivative OS platform in history is facing criticism from Windows advocates for being a magnet for malware and viruses. Certainly, the Java Dalvik VM abstraction is what allows the malware to operate --- it isn't an exploit of the Linux kernel itself -- but personally, I think that is just splitting hairs. The end result is still that a consumer-oriented, commercially-successful Linux derived fork is getting as much press for malware and virus trouble as Microsoft suffered at the peak of their security woes.
When I reviewed the HTC Trophy Windows Phone 7 for Verizon, I mentioned that one of my co-workers was so interested in the device that he decided to get one. I recently asked him what he thought of it, and his response revealed why a comparison between the Android and the Windows Phone platforms right now isn't exactly apples to apples.
Paul's story asserted that this week alone, "Google removed 22 malware apps from its Android Marketplace."
But according to my co-worker, the number one disappointment he has with Windows Phone is that there still aren't very many apps in the market to begin with. In fact, the most recent article I can find claims that Windows Phone Market only has 45,000 apps.
Everyone knows my position -- it isn't the number of apps you have, it's about having the right apps. From the perspective of protecting your market, vetted or not, it's much easier to manager 45,000 apps than the 250,000+ in the Android Market or the 350,000+ apps in the Apple Store. This is like an airline that's only flown 100,000 miles without a crash criticizing a competitor who's flown millions of miles with an isolated accident or two.
Another thing that seems to go under-reported among tech writers concerning Android security flaws is that the majority of these issues exist in applications targeted at overseas users. Paul failed to note that the most recent group of apps that were pulled only exposed European users to fraudulent activity. Eastern European and the Pacific Rim appear to be hotbeds of Android malware, but these stories are often reported as if they are immediate domestic threats to users in the United States.
Personally, I've been using Android since day one of the original Verizon Droid release. I've downloaded and side-loaded countless apps and transferred my account across multiple Android devices, most of which were rooted and placed in developer mode. I haven't been particularly careful, and I find that many of the software solutions designed to protect Android users from threats are a cure that's potentially worse than the disease (this is traditionally a liability of virus protection and anti-malware software).
I know quite a few people with Android devices, and none of us have ever hit by any kind of rogue application that leaked personal information (other than the ones put on the device intentionally by the carriers and the handset manufacturers -- and I don't trust HTC to be any better about that on their Windows Phones). However, like most users, we stick to the same solid core of well-known and highly popular apps instead of installing obscure, gimmicky app packages.
If I had to hazard a guess, the Android users who are getting hit by malware are the same kind of people who follow links in e-mail, download free inspirational pointers and backgrounds, and click on banner ads that proclaim they've won a free iPad 2 as the 10,000,000th visitor to the torrent web site. In other words, the real problem is the people, not the platform -- and Windows Phone handsets aren't going to make them any smarter.
The freedoms of the Android ecosystem are pretty great, particularly when held side-by-side to either the iOS or WP7 platforms -- but we all know that they come with more personal responsibility and risk. The ability to do more comes with the requirement to know more about what you are doing. Personally, I think the risk is generally well worth the reward.
What about you? Have you experienced Android malware issues first hand? If so, were you just minding your own business when you were innocently the victim of a stealth malware attack -- or were you in a part of the Android Market where you knew you might be rolling the dice and taking your chances when you got hit? Please share you comments in the discussion thread below.
Donovan Colbert has over 16 years of experience in the IT Industry. He's worked in help-desk, enterprise software support, systems administration and engineering, IT management, and is a regular contributor for TechRepublic. Currently, his professional role is as a Linux support engineer for a fast-growing Linux/FOSS consultancy group. You can follow him @dcolbert on Twitter or his personal blog, located at http://donovancolbert.blogspot.com.