According to curiously-anonymous researchers at Juniper Networks, there's been a "472% increase in Android malware samples since July 2011." Seriously? Can that really be true? And even if it is, what does it mean?
The report implies that the rise in malware was measured on Google's Android Market. However, that's not actually the case. As Gregg Keizer points out, the vast majority of these malicious apps can be found at the "scores of alternate...Chinese app stores."
These shady locations are where we saw previous infestations of Symbian and Windows Mobile malware. Back in the day, these also caused loud proclamations of concern. However, those worries were full of sound and fury, signifying nothing.
So, does this mean that average Android users are four or five times more likely to infect their phones than they were a few months ago? No.
The average Android user doesn't seek out apps from shady, no-name app stores. Neither do they delve into scarily-named settings menus, uncheck the box that restricts their phone to the Android Market, and ignore the dire warning that then gets displayed.
Basically, this statistic is, if not a damn lie, then at least extremely carefully worded to imply that the Android Market is riddled with malware, while not actually saying so.
By the way, it's incorrect to say that the Android Market "lacks...an application review process." As I said last week, if you seriously think Google runs the Store as a laissez-faire, care-free operation, I have a delightful bridge to sell you.
It's also meaningless to say the Android Market "lacks code signing." A signature doesn't protect you from malware, it simply gives you a measure of assurance in who published the code. Nobody--for suitably small values of "nobody"--checks application signatures before downloading an app. It's basically meaningless.
This is a large ball of FUD. It's just the latest scare by an Android AV vendor to separate you from your money. Don't be fooled.
Richi Jennings is an independent analyst, specializing in blogging, email, spam, security, and other technology topics. His writing has won American Society of Business Publication Editors and Jesse H. Neal awards. You can encircle him at +richi, follow him as @richi on Twitter, pretend to be his friend at Facebook.com/richij or just use boring old email: firstname.lastname@example.org.