SC Magazine recently reported a malicious application in Google’s Android online market store http://www.scmagazineus.com/malicious-apps-found-in-googles-android-online-store/article/161001/. Due to the highly open nature of Android applications, this is going to probably be a huge problem. Here is the real irony. Many people will probably switch from Android to the iPhone because of the security concerns. Why is it ironic? Because the biggest threat a user will likely face with an android phone is choosing to install an application that they should not. Apple simply refuses to let you choose to install anything they haven’t explicitly approved, unless you jailbreak your iPhone, which probably makes it roughly the same as an Android when it comes to security.
If you want to use a mobile banking application then find out from your bank what they support and recommend. First Tech Credit Union even advises their customers that they don’t have a banking application for the Android http://www.firsttechcu.com/home/security/fraud/security_fraud.html
As for all of those other cool apps, I recommend that you don’t be an early adopter. In most cases you have no idea who wrote the app, what their intentions are, or what training they have had in writing secure applications. A well intentioned developer doesn’t mean a well trained developer. A poorly written application can be a gaping security hole.
Be wary of any applications you install on your mobile devices. Be VERY choosy about where you download from. Not all that long ago there was a story about a service provider in the United Arab Emirates who sent out an SMS message to BlackBerry user’s indicating that there was an update for their devices. The update was spyware sent from a telephone company. If there is an update to improve my Blackberry’s performance then I will get it from RIM, the makers of the Blackberry. There may be certain times that software must come from my service provider, but the RIM website will advise me of that.
If there is an app that is just so cool you have to have it, wait until it’s been out for a while and see what’s reported back.
It looks like 2010 is going to be a pivotal year for mobile malware. We may not see a lot of it this year, but we are seeing a robust infrastructure reaching enough maturity to support wide scale attacks. A stock Android will probably be relatively safe, but the applications you can choose to put on it may make it very unsafe.
The key differences in the threat against an Android and a Blackberry is that it costs a lot more to develop an application for a Blackberry and many users are restricted by corporate software policies that prevent them from installing applications that are not approved. If you have a Blackberry that is not restricted, don’t expect that all applications you can download are safe… they aren’t.
Yeah, ESET has a mobile antivirus solution for some types of mobile devices. We will probably cover many more devices in the future, but your strongest defense is making good decisions about what you install. It’s really the same for your Mac or PC as well.
Director of Technical Education
Author ESET Research, ESET