You’ve heard it a
thousand times - Android is full of malware, viruses, and who knows what. It is
just not secure, you need an antivirus app, just like on Windows, and the list
of myths just snowballs from there.
"Damage to the
OS" is the keyword when we speak about malware. To understand why they are
irrelevant on Android, we have to focus on the way Google built its platform,
using a model called sandboxing. In a nutshell, the sandboxing idea is that apps
only get a limited “sandbox” where they operate.
Everything out of
the sandbox is something apps don’t have access to. This contrasts with the way
Windows for example treats apps where they can do everything the user can.
That’s not the case on Android (and iOS too). Malicious apps simply won’t be
able to access the low-level system files and break your
system.
Malware and scaremongering
This does not
stop security companies from repeating the malware mantra, though. Earlier in
2012, security company Sophos claimed a game called “The Roar of the Pharaoh”
was actually a trojan that could steal your phone number and IMEI. Only slight
issue is the app was never on Google Play, but rather on a conveniently unnamed
“unofficial download sites.”
McAfee also
jumped in on the scare train saying some phones were infected with two new
Android viruses in 2011, the NickiSpy and GoldenEagle viruses. Interestingly,
later on it was confirmed that the NickiSpy virus was found on between 0 and 49
Android devices. That’s practically zero given the fact that Android grows by
1.3 million devices per day. Most recently, McAfee tried to scare Android users
again reporting on malware supposedly increasing by 700% on Android. Truth is,
the report never mentions the Google Play store, but rather looks at all kinds
of third-party stores and websites. Again, simple common sense would tell you
not to download anything from there.
Do
anti-virus apps work on Android?
Sandboxing
however also means that anti-virus apps are largely useless against malware.
Why? For the very same reason - they don’t have access to the low level system
files, so they cannot protect them. Remember Google engineer Chris DiBona’s
eye-opening Google Plus post. Here is the essence of it:
"Virus companies are playing on your fears to try to sell you bs protection software for Android, RIM and IOS. They are charlatans and scammers."
"Virus companies are playing on your fears to try to sell you bs protection software for Android, RIM and IOS. They are charlatans and scammers."
But anti-virus
apps do exist on Android, and question remains what is their function? At best,
they will check your existing applications against a list of corrupt third-party
apps, but nothing more.
The fact that
Android has no malware doesn’t mean it is 100% free of security problems. While
the sandboxing model protects your device, it cannot protect you from
yourself.
Fake
apps and premium texting apps exist
The reality of
the situation is that there are generally two types of corrupt applications -
rogueware and spyware on one hand, and dialer and texting apps that will hit
your phone bill on the other.
Again, if you
stick with common sense and don’t install unknown apps from all kinds of
suspicious sources, you’d be fine. A universal solution would be not to allow
apps from unknown sources on your device. For this, you simply head into
settings and disable the ‘Unknown Sources’ option (which should be disabled by
default).
The most common
problem now seems to be fake apps that would blow up with pop-ups for the few
days they are allowed on Google Play. But that’s not really the malware you
should be terribly worried about.
To quickly recap,
malware on Android is not the issue some want you to believe it is. The
sandboxing model keeps your phone safe, and common sense and the Google Play
market make it bullet-proof against spyware and other corrupt apps. Everything
else boils down to scaremongering and third-partyapp catalogs, and you already
know you shouldn't download anything from there, don't you?
0 comments:
Post a Comment