Don’t look now, but there’s another apocalypse a-brewin’ in the world of Android. At least, that’s what you’d think from some of the tales of death and destruction floating around the Web right now.
Are you ready? Brace yourself…
• “Android OS Attacked”
• “New Trojan Horse Wreaks Havoc on Google’s Android”
• “First Android Trojan Causes Fear, Uncertainty, Doubt”
Whew! My boots are shaking. Actually, wait a minute — I don’t wear boots. And, despite what these headlines might lead you to believe, there’s absolutely nothing to be afraid of.
The truth about Android’s trojan tales
These Android security-scare stories are starting to feel slightly familiar, right?
Earlier this month, we had the big bad wallpaper caper (which, of course, turned out to be much ado about nothing). Last week, word broke about an Android app that could secretly send text messages to evil criminals. (It worked only in Russia and was never actually in the Android Market.)
And now, the virtual sky is falling over an Android game that can track and transmit your location — if an attacker were to physically take your phone, install a second program onto it, and then link the original program to the second program by physically typing a code into your device. (The game, by the way, has been removed from the Android Market.)
Not quite as shocking as “FIRST ANDROID TROJAN CAUSES FEAR, UNCERTAINTY, DOUBT” — eh?
Here’s the thing: Aside from the actual truth about what these “havoc-wreaking” apps can and can’t do, there’s a broad misunderstanding about the Android platform that helps propagate the notion of “fear, uncertainty, and doubt” every time one of these stories breaks.
It’s simple: Android is an open ecosystem.
That means you can install any app you want on your phone, no carrier or manufacturer approval required. This approach comes with plenty of benefits users of certain locked-down mobile platforms don’t enjoy — namely, a lack of unexplained censorship. Want an app that lets you tether for free? Download it. Want Google Voice? Get it. Craving such naughty Apple-banned material as political satire, celebrity cartoons, or (gasp!) porn? You name it, you can have it; it’s your phone, and it’s your decision. And if you don’t like what’s within the official Android Market, you’re welcome to search outside of it, too.
Along with that freedom comes a certain level of responsibility. It’s no different than the Internet: In an open environment, people are occasionally going to try some nasty stuff. That doesn’t mean we lock down the Web and require every page and program to be preapproved. That means we take it upon ourselves to be careful about what we do online.
Android and smartphone security
In the case of Android, systems for protecting us are already in place. When you download an app from the Android Market, a screen pops up telling you exactly what permissions the program has requested. This is your red flag: When a game needs permission to access your location data — as the fear-inducing “first Android Trojan” mentioned earlier did — you’ll see this placarded on your display before you accept the download:
As I’ve said before, Google could stand to make this system a bit more user-friendly. More in-depth explanations of permissions and a crystal clear breakdown of why an app might be requesting them would help make the warnings easier to digest. But the information is there. And it’s not hard to determine that a simple game shouldn’t need access to your phone’s GPS.
On top of that, you have the advantage within the Market of being able to see how many people have downloaded an app and what they’re saying about it. (The GPS-connected game had been installed by fewer than 1,000 people, rated by only 11, and commented on by seven — the majority of whom gave the program one star and a negative review.) Like with the Internet, you put all these pieces together to make educated decisions about what you do and don’t install.
If you feel like you need a guiding hand in making those decisions, then — just like with your PC — there are plenty of options available. Third-party security programs such as Lookout and Antivirus Pro can run in the background of your phone and scan incoming apps to make sure you don’t stumble upon anything fishy. Are they necessary? Not necessarily; truth is, nothing’s invading your phone unless you invite it. But if you feel more comfortable having a safety net in place to evaluate your decisions, the options certainly exist.
Threats are everywhere. The answer isn’t locking down the world — it’s taking precautions. And lest you think a locked-down system is a risk-free utopia, remember that the iPhone has had its share of shady programs, too. That walled garden is more about protecting Apple’s business interests than protecting its customers.
Questionable programs are a good reminder for us to use common sense and keep our guard up. They aren’t, however, a cause for alarm — and they certainly aren’t a sign that Android’s open model has failed.