“Google! Stop playing with that copy of Angry Birds and go up to your Android Market room and clean it up right now!” Alas, Google is as likely to pay attention to my command as my once four-year old daughter was.
The security software company McAfee recently stated that the amount of malware targeting Androids phones jumped 76% in the last quarter (PDF), making it the most heavily attacked of all mobile operating systems. "Overall attacks are becoming more stealth and more sophisticated, suggesting that we could see attacks that remain unnoticed for longer periods of time," said Vincent Weafer, senior vice president of McAfee, in a statement.
Of course, they don't need to be stealthy. Most people download their malware right off the Android Market
You see, it’s not that Android is especially vulnerable to malware. It should actually should be quite secure. Android is based on Linux, which is immune to many of the common attacks that makes Windows such a target. On top of that, it runs applications in a Java-like virtual machine (VM), Dalvik. That means any malware that does get on an Android smartphone or tablet should be locked in the VM where it can’t harm any other applications or get direct access to the hardware.
So why is your Android device in danger of malware? The reason is simple: Google doesn’t do a adequate job of checking out Android programs before placing them into the Android Market.
Google does only minimal security checking. Once a problem is found in an app (by, say you), then Google blocks the bad application and “prevent[s] additional malicious applications using similar exploits from being distributed through Android Market." Until someone reports a problem, though, it seems as if you're on your own. Great.
If, by the way, you think your Android device has caught something, you can tell Google all about it as the rather oddly named Report Inappropriate Apps page. At least that way, other people won't get the same dose.
Come on Google. Just go into your app store, run the applications on some test devices, and see what they really try do. See if they grab resources and data they shouldn’t be grabbing. It's not that hard. And, if you don't, you're in for a paddling young company!