We use cookies on our websites. Information about cookies and how you can object to the use of cookies at any time or end their use can be found in our privacy policy.
"Android is a Malware Cesspool - and Users Don't Care"
2 min read 5 comments

"Android is a Malware Cesspool - and Users Don't Care"


Those were the words that Galen Gruman, the executive editor of Infoworld, typed as the headline in a blog post yesterday. The IT expert was ranting about the lack of security in Android Market, the recent discovery of almost a dozen malware-addled apps and the general apathy he perceives among users who "happily give malware apps the permission the Android OS makes them seek to access information stored on the device as well as access to other apps on the device."

Old news, right? But by leveling charges at individual users, not just Google, Gruman constructs a fairly innovative argument. It's not Google that's the problem, says Gruman, but the users who, when confronted with access requests, click through message after message from the app's manufacturer, giving permission for the app to access text messages, and even local data like bank info and photos.

Gruman highlights a company called BullGuard that's working on a green / yellow / alert authentication system within Android Market to alert users to developers BullGuard finds suspect. The notification system would look much like "how modern browsers color-code sites' URLs."

But ultimately Gruman finds users at fault, and he pontificates a number of punishments for users who download phishy apps, such as disabling smartphone access or even cutting bonuses.

Certainly, users need to be held responsible for OK buttons they click. And it is often clear, just from reading reviews, that a certain app is phishing around for user data or sending spammy text messages. But Google is part of the problem, too -- as much as this fact distracts from crafting a polemic blog post. And Google, for one, could start taking a harder look at their apps. Not by screening them beforehand, as perhaps that is too difficult since malware evolves so quickly. But the company should at least start taking a look at the reviews of apps and noticing trojan trends.

It's one thing for a phishy app to remain in the Market for a day or so. But for months? That is unacceptable

Source: Info World


Write new comment:
All changes will be saved. No drafts are saved when editing

  • red Jun 16, 2011 Link to comment

    Vasilj: thanks for posting a link for me. Unfortunately, my samsung galaxy s isn't rooted. It's a shame because the app you suggested sounds great. Too bad there isn't one that doesn't require root. Thanks again.

  • Fabien Roehlinger
    • Admin
    • Staff
    Jun 16, 2011 Link to comment


  • red Jun 16, 2011 Link to comment

    I know I would feel better if I had control over what connects to the net. My former smartphone allowed me to give permission to have whatever program I launched to connect to the internet. I didn't allow all programs to connect and felt I had control. The problem with this idea for android is when you connect your data, many programs will connect in the background anyway without your permission. I wish there was a program to help me do just that - allow which programs to connect.

  • I agree completely, but all in all, yes the users should look what they are installing. If the app name has cute asian girls, would you install it?? Why would you? Or Angry Birds from unknown developer? It's almost like in PC world. We have so much malware there, and most of the users doesn't use antivirus software, as for myself, I just don't click on untrusted sources, and I'm safe. But for unexperienced users, there's antivirus. Maybe I'm wrong, but I'm feeling pretty comfortable right now, and in my opinion, the antivirus companies should take care of such problems, not the market holders.