Linked by Thom Holwerda on Thu 27th Feb 2014 23:35 UTC
Google

Google's Android head, Sundar Pichai, on security (original in French):

We cannot guarantee that Android is designed to be safe, the format was designed to give more freedom. When people talk about 90% of malware for Android, they must of course take into account the fact that it is the most popular operating system in the world. If I had a company dedicated to malware, I would also be addressing my attacks on Android.

Malware authors may be writing a lot of malware for Android, but they're not very good at it - less than 0.001% of all application installations on Android (in and outside of Google Play) penetrate Android's security.

In other words, this is a complete non-issue - no matter how often antivirus companies and certain bloggers drum it up.

Thread beginning with comment 583719
To read all comments associated with this story, please click here.
Even 0.001% is lots of devices
by riha on Fri 28th Feb 2014 12:26 UTC
riha
Member since:
2006-01-24

Even if we are talking about 0.001% of the softwares, that does not say how many devices that ends up infected. That is the interesting question i would say.

In worst case scenario you could have only 1 single malware that could infect all devices in the world.

Read "in worst case scenario" before you start commenting on my comment.

Reply Score: 2

Thom_Holwerda Member since:
2005-06-29

Please read more carefully. It's not 0.001% of software packages - it's 0.001% of all application installations. There have been 1.5 billion application installs, meaning a total of only 15.000 infections.

That's it. That's negligible. This is a non-issue.

Reply Parent Score: 3

gan17 Member since:
2008-06-03

I dunno. If the news channels were reporting on some strain of flu and said "it has already infected 60,000 people around the world", I'm pretty sure viewers and the WHO would not treat it as a non-issue, even if it was non-fatal.

Reply Parent Score: 1

Deviate_X Member since:
2005-07-11

Even if we are talking about 0.001% of the softwares, that does not say how many devices that ends up infected. That is the interesting question i would say.


The 0.001% is fake. It assumes absolutely that the maleware follows Googles prescribed method of installing inself.

It does not take into account software which use faults in the operating system to install itself, or bundled apps.

One SMS infection hit 300,000 users http://www.v3.co.uk/v3-uk/news/2328691/android-apps-with-trojan-sms...

Edited 2014-02-28 14:43 UTC

Reply Parent Score: 3

Alfman Member since:
2011-01-28

Deviate_X,

It does not take into account software which use faults in the operating system to install itself, or bundled apps.
One SMS infection hit 300,000 users http://www.v3.co.uk/v3-uk/news/2328691/android-apps-with-trojan-sms.....


I read the link thinking that it would actually be about an operating system vulnerability through an SMS attack vector, indeed that's something I'd be very interested to know about. However it's not that at all. It's merely convincing users to install the malicious app with SMS permissions.

Edit: The pandalabs post is much clearer:
http://pandalabs.pandasecurity.com/new-malware-attack-through-googl...

Still, that 300k users were affected says alot about the lack of user security awareness. And of course it should have been pulled earlier from the app store.

The recommendation by a Panda Labs rep was "please always read the permissions needed to install each application and if among them it is the one letting the app read your SMS and connect to internet and it is not really needed, do not install it,"

Edited 2014-02-28 15:50 UTC

Reply Parent Score: 4