Do you need an app on your smartphone
to protect against viruses, spyware and other threats? If you’re
using Google Inc. (GOOG)’s Android operating system, the answer is
The same open approach that has helped Android leap into a
dominant position among mobile-device operating systems also
makes it the most attractive — and easiest — target for
A Symantec Corp. (SYMC) report earlier this year found that
Android provides significantly less protection against malicious
software than Apple Inc. (AAPL)’s iOS devices. And Intel Corp. (INTC)’s McAfee
unit said last month that Android has now become the most-
targeted platform for malware.
At the same time, a survey by the gadget-advice-and-
shopping site Retrevo found Android users to be significantly
less security-conscious than owners of devices made by Apple or
Research In Motion Ltd. (RIM) Android users take insufficient steps to
reduce their vulnerability not only to penile enhancement ads
but to theft of confidential information, e-mail addresses and
other files they thought were secure.
As a general rule, mobile devices — which have been
designed from the ground up with connectivity in mind — are
more secure than personal computers, which were well-established
before the age of the Internet. Research In Motion, for one,
built its BlackBerry business on a security system beloved of
corporate information-technology managers. It’s so robust that
RIM has taken flak from foreign governments.
Even the strongest of systems is no match for human
indifference, though, and when it comes to mobile devices, we’re
our own worst enemies. We fail to set passwords, open and
respond to e-mails of dubious origin and install apps from
sources we’re not sure of.
So anyone who’s ever lost an iPhone, or been asked by a
newly-installed Android app to give it permission to access who-
knows-what, is entitled to ask whether companies are doing
enough to protect us from ourselves.
The two top consumer operating systems for mobile devices,
Android and iOS, differ sharply from each other in their
approaches to security. Apple seems to think security is mostly
its responsibility; Google seems to think it’s mostly yours.
Both Apple and Google limit the access of third-party apps
to the core functions of your mobile phone or tablet. This
concept, called “sandboxing,” is designed to make sure an app
doesn’t stray from its advertised functionality to do bad
things, or inadvertently open a channel through which bad things
Apple, though, reviews every app before allowing it into
the App Store, which is the only approved source of third-party
software for iDevices. While the review process sometimes drives
developers to distraction, it explains the lower incidence of
security problems on iPhones and iPads.
Google, by contrast, has made Android an open platform. The
Android Market has no pre-approval process; anyone who’s created
an app can place it in the market for download.
Luckily, Android Market is full of security apps, many of
them free, that provide at least a basic layer of protection.
Most of these will scan newly downloaded apps for viruses and
spyware. Many also offer paid versions with additional features,
such as the ability to remotely erase your phone if it goes
missing. (Before signing up, make sure you’re not buying
services you’re already getting through your wireless carrier or
One of the best-known names is Symantec, with its Norton
Mobile Security Lite. The free version can scan not just a
phone, but any SD card you might insert. It also lets you
remotely lock your phone if it’s lost or stolen. A $30-a-year
subscription service adds remote locate-and-wipe abilities.
Another popular choice is Lookout Mobile Security, from
Lookout Inc., which in its free version not only lets you
pinpoint a phone’s location, but also order it to emit a loud
alarm even if it’s on silent. Another option is AVG Antivirus, a
new version of DroidSecurity, one of the most popular Android
security apps, which AVG Technologies acquired last year.
You may have to try more than one before you find a program
you’re comfortable with. Depending on the program and the
capabilities of your particular device, you may notice a slight
drag on performance and battery life. In most cases, the effects
should be minimal.
There’s also the danger that any such software can impart a
false sense of security. Troublemakers continually probe for new
points of entry. Still, combined with commonsense precautions
like setting an unlock code for your phone, they can at least
reduce your risk.
Policing Android Market
Both Google and the broader Android developer community
police the Android Market, and malicious software is usually
identified and pulled out. But the system makes it possible for
users to stumble into trouble before a problem app is
Moreover, there are many sources for Android apps besides
Google’s market, with no assurance that what you may find has
been vetted. The result is what Juniper Networks Inc. (JNPR) has
estimated to be a 400 percent increase in Android malware since
If you think that’s bad, remember this: Every new use to
which we put our gadgets makes them even more attractive
targets. Just imagine the opportunities for mischief as we start
using them for payments.
(Rich Jaroslovsky is a Bloomberg News columnist. The
opinions expressed are his own.)
To contact the editor responsible for this story:
Manuela Hoelterhoff at