Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

BLOG: Keep your pants on: A reality check about this latest Android malware scare

JR Raphael | July 10, 2013
Is the Android malware threat real or hypothetical?

It happens like clockwork: Every few weeks, a new story emerges about some big, bad, scary Android malware threat and how everyone who owns an Android device is in serious soil-your-pants-style danger.

The only problem? In nearly every scenario, the threat is purely hypothetical — and the chances of an actual infection are next to none.

That's certainly the case with our latest doom and gloom story — a fright-inducing app signature vulnerability brought into the public eye by a new security company called Bluebox (which, like almost every company that releases scary-sounding info about Android threats, is a business built around the sales of Android security software — go figure).

The vulnerability, according to Bluebox, allows hackers to modify legitimate Android apps and transform them into Trojan programs that — you guessed it — will steal your data, take control of your phone, and kill your friends and family. (Okay, maybe not that last part, but it's only a matter of time before someone claims that, too.)

That all sounds pretty scary, right? Here's the thing, though: In the real world, few if any people are actually in danger. Why? Because Google scans all apps within its official Play Store for this exact sort of malicious code. Given that the vast majority of Android users obtain apps from the official Google marketplace, there's no need to panic, destroy all electronic devices and flee to the nearest forest (unless that's just your idea of a lovely summer evening, in which case you should proceed as planned).

But wait — it's possible to install apps from outside of the official Play Store, right? Of course, silly goose; this isn't a dictator-controlled fruit farm. But in order to install an app from a third-party source, you'd have to first manually enable an option within your device's settings that allows the installation of non-Play-Store apps. It's not something that's going to come up and bite you while you're sleeping.

Even if you are an advanced user and have that setting enabled, you'd then have to manually opt to install an app from a dangerous third-party source before any evil genie could take over your phone. You'd go through multiple layers of warnings about the risks of installing such a program before anything bad could happen. And beyond all of that, Google's app-scanning system actually extends to non-Play-Store installations as of the latest Android release — so even if you ignore all the other red flags and move forward, your phone could still catch the conniving code before any damage is done.

(Remember, too — that just like on your PC — if you want another layer of protection on top of everything else, you can always opt to install a third-party virus scanning utility that'll also look over every new download for you. I don't think it's necessary, myself, but there are certainly plenty of options out there if it makes you feel more comfortable.)


1  2  Next Page 

Sign up for CIO Asia eNewsletters.