For some reason it seems to be the week to pile on Android over security concerns. Earlier in the week we saw a report about a trojan that captures phone conversations, and that was followed by a report of a growing trend of Android malware, and finally came a report suggesting that Android users are less concerned about security than iPhone and Blackberry users. Combined the news paints a picture that Android is terribly unsecure and ought to be avoided.
PCWorld has an article that points out that there is not agreement on whether the trojan that Computer Associated wrote about is actually a trojan. Some people have pointed out that capturing an audio recording of a phone conversation might actually be a legitimate function for an app such as eBlaster Mobile. There is no confirmation that the audio recordings are transmitted from the phone without the user’s knowledge.
Next, there is a report from Lookout that states Android users are two and half times as likely to encounter malware today as 6 months ago. Lookout, who provides free and paid versions of security software for Android, also says a half million to a million people were affected by Android malware in the first half of 2011. Of course, sites like AppleInsider jump on this information and emphasize that iOS is much safer.
Finally, there is a report from electronics retailer Retrevo that says only 49% of Android users secure their device with a password, compared to 61% of iPhone users and 62% Blackberry users.
All of the reports that I read acknowledge that it is impossible to make a computing device 100% secure. The way to keep a smartphone most secure is to never install apps and never connect it to the Internet, both of which are counter to the whole reason for having a smartphone. Security thus is a matter of balancing between trade-offs.
If you want to the most flexiblity, you do so accepting some risk that you are more vulnerable to malicious attacks. If you want the most security, you do so accepting less flexibility; these trade-offs are not new to mobile devices, they also exist for PCs. There is nothing wrong with someone who prefers a more secure device to pick an iPhone, which provides more security through manual verification of apps submitted by developers to the iPhone App Store.
However, here is the message some don’t seem to accept, it is equally ok for people who want more flexibility to chose Android knowing full well that because apps they install on the phone have not been manually reviewed by someone before they were made available for download their device may be less secure. Android users who are concerned about security can take steps to make their device more secure, which include:
- Only download apps from known markets such as the Google Android Market or the Amazon AppStore
- Before downloading an app, read the reviews for the app in the Market or do a search on Internet for the app name to see if there are any known problems
- Install one of the security apps available for Android, most are available for free.