Android Market has grown heaps since it first arrived in in October of 2008. In just three short years – seriously, it still feels like I bought my first Android phone just last week – Google's Android Market has hit the 250,000 application milestone. That's more apps than one could ever wish use in a lifetime and honestly more than I ever want to have to sift through. While Market may be the place where you find all of the fun and addicting games and other content for your Android device, it's also turning into a good place to run into unexpected (and undetected, for that matter) malware.
Since the very beginning, Google has let Android Market and the supporting developers maintain themselves with very little intervention. The only time Google has intervened to date has been over legal matters (i.e.: game console emulators infringing on copyrights, a questionable dog fighting app that eventually returned, piracy concerns, etc.). For a developer to publish an app to Android Market, they must create an account, pay a $25 fee and are then free to publish away. You can probably see the problem here.
Back in August, Lookout Mobile Security published a Mobile Threat Report, which revealed some rather daunting information about our favorite little robot. In over 700,000 applications installed on over 10 million devices, the malware threat had grown 250 percent over a six month period. Android users were two and a half times more likely to run into malware on Android than they were six months before.
On top of that, malware developers are evolving. They are becoming more creative in the way they hide malicious code in applications and in their deployment methods. Some of the most recent malware concerns via mobile are SMS Trojans which, unbeknownst to the user, send text messages to premium SMS services that charge the user per message. Others will secretly steal your private data and some will direct you to phishing websites. The worst part is that a lot of this could go on without the user ever knowing they were infected.
Unfortunately and unsurprisingly, things are only getting worse. Jim Dalrymple of The Loop reported on a recent study done by Juniper Global Threat Center, which reveals that malware on Android has increase a full 472 percent since July. Ouch.
Of course, this could simply be chalked up to "the price of having an open store model for Market." Maybe, but it affects users and puts their privacy and security at risk. It's one thing for there to be a single malicious application in Android Market that Google can quickly pull the plug on. But when Market becomes infested, which could easily happen quicker than you might think, what then?
This begs several questions. What should be done to prevent an infestation? Should Google step in and at least place some precautionary measures that would weed out a good portion of developers for malicious apps? Or should Android Market continue as it is, for better or for worse, solely out of principle?
If Google leaves Android Market untouched, its integrity could be lost anywhere in the near future. Malicious applications and malware threats are expanding exponentially – 472 percent growth over four to five months is nothing to scoff at. Legitimate applications are being downloaded and repackaged with malicious code and published as new, seemingly legit apps. Even with all the precautionary steps you could take as a user and with the aid of a mobile security app, if the problem become bad enough, your efforts could be futile.
Personally, I think Google needs to implement a "quick check" system. I don't mean Google needs to perform a thorough check like Apple does and approve or deny apps based on content or quality. We wouldn't want Android to turn into a walled garden, now would we? But much like Lookout or Norton Antivirus would do, each submitted application to Android Market should be subjected to a scan that parses for any known exploits or possible code of question. It wouldn't be fool-proof – that's where crowd sourcing and relying on users to report possible threats comes in – but it could easily cut down the amount of apps that get through the cracks and would be a virtually painless and fairly quick process.
What say you, pups? Should Google intervene and create a buffer for the benefit of users? Or should it be up to the users to protect themselves from the ever-expanding issue of malware on Android?
Image via Lookout