Clueless Android Users Make Enticing Targets: Rich Jaroslovsky

The Google homepage is seen on a Motorola mobile device running on Google's Android software. A Symantec Corp. report earlier this year found that Android provides significantly less protection against malicious software than Apple Inc.’s iOS devices. Photographer: Tim Boyle/Bloomberg

Do you need an app on your smartphone to protect against viruses, spyware and other threats? If you’re using Google Inc.’s Android operating system, the answer is probably yes.

The same open approach that has helped Android leap into a dominant position among mobile-device operating systems also makes it the most attractive -- and easiest -- target for malefactors.

A Symantec Corp. report earlier this year found that Android provides significantly less protection against malicious software than Apple Inc.’s iOS devices. And Intel Corp.’s McAfee unit said last month that Android has now become the most-targeted platform for malware.

At the same time, a survey by the gadget-advice-and-shopping site Retrevo found Android users to be significantly less security-conscious than owners of devices made by Apple or Research In Motion Ltd. Android users take insufficient steps to reduce their vulnerability not only to penile enhancement ads but to theft of confidential information, e-mail addresses and other files they thought were secure.

As a general rule, mobile devices -- which have been designed from the ground up with connectivity in mind -- are more secure than personal computers, which were well-established before the age of the Internet. Research In Motion, for one, built its BlackBerry business on a security system beloved of corporate information-technology managers. It’s so robust that RIM has taken flak from foreign governments.

Dubious Origin

Even the strongest of systems is no match for human indifference, though, and when it comes to mobile devices, we’re our own worst enemies. We fail to set passwords, open and respond to e-mails of dubious origin and install apps from sources we’re not sure of.

So anyone who’s ever lost an iPhone, or been asked by a newly-installed Android app to give it permission to access who-knows-what, is entitled to ask whether companies are doing enough to protect us from ourselves.

The two top consumer operating systems for mobile devices, Android and iOS, differ sharply from each other in their approaches to security. Apple seems to think security is mostly its responsibility; Google seems to think it’s mostly yours.

Keep Out

Both Apple and Google limit the access of third-party apps to the core functions of your mobile phone or tablet. This concept, called “sandboxing,” is designed to make sure an app doesn’t stray from its advertised functionality to do bad things, or inadvertently open a channel through which bad things can happen.

Apple, though, reviews every app before allowing it into the App Store, which is the only approved source of third-party software for iDevices. While the review process sometimes drives developers to distraction, it explains the lower incidence of security problems on iPhones and iPads.

Google, by contrast, has made Android an open platform. The Android Market has no pre-approval process; anyone who’s created an app can place it in the market for download.

Luckily, Android Market is full of security apps, many of them free, that provide at least a basic layer of protection. Most of these will scan newly downloaded apps for viruses and spyware. Many also offer paid versions with additional features, such as the ability to remotely erase your phone if it goes missing. (Before signing up, make sure you’re not buying services you’re already getting through your wireless carrier or other sources.)

Name Brands

One of the best-known names is Symantec, with its Norton Mobile Security Lite. The free version can scan not just a phone, but any SD card you might insert. It also lets you remotely lock your phone if it’s lost or stolen. A $30-a-year subscription service adds remote locate-and-wipe abilities.

Another popular choice is Lookout Mobile Security, from Lookout Inc., which in its free version not only lets you pinpoint a phone’s location, but also order it to emit a loud alarm even if it’s on silent. Another option is AVG Antivirus, a new version of DroidSecurity, one of the most popular Android security apps, which AVG Technologies acquired last year.

You may have to try more than one before you find a program you’re comfortable with. Depending on the program and the capabilities of your particular device, you may notice a slight drag on performance and battery life. In most cases, the effects should be minimal.

There’s also the danger that any such software can impart a false sense of security. Troublemakers continually probe for new points of entry. Still, combined with commonsense precautions like setting an unlock code for your phone, they can at least reduce your risk.

Policing Android Market

Both Google and the broader Android developer community police the Android Market, and malicious software is usually identified and pulled out. But the system makes it possible for users to stumble into trouble before a problem app is identified.

Moreover, there are many sources for Android apps besides Google’s market, with no assurance that what you may find has been vetted. The result is what Juniper Networks Inc. has estimated to be a 400 percent increase in Android malware since last summer.

If you think that’s bad, remember this: Every new use to which we put our gadgets makes them even more attractive targets. Just imagine the opportunities for mischief as we start using them for payments.

(Rich Jaroslovsky is a Bloomberg News columnist. The opinions expressed are his own.)

Before it's here, it's on the Bloomberg Terminal. LEARN MORE