"Android is a malware cesspool – and users don't care"

According to Gruman, who is something of a communications veteran, Android smartphones (and tablets) are amongst the least secure ones available, "thanks mainly to the Android Market being full of trojan horses and other malware masquerading as legitimate apps."

The Infoworld executive editor's comment come as Google - as reported earlier this week by Infosecurity - removed another batch of infected apps from its official Market store.

Like a desktop operating system, says Gruman, Android is open to apps, and as it gains market share, it's become open to cyber criminals., though Apple's iOS has been largely safe from such attacks, thanks to its tighter control of what goes in its App Store.

However, he notes, iOS is not immune, but the number of successful malware placements in the App Store is very low.

"What's scary about the Android Market being a malware cesspool is that there's not much that can be done technologically about the problem. You can't really lock down an Android device as you can BlackBerry OS or iOS" he says.

"And the security mechanism that Google has built in to Android is easily defeated - by users, who happily give malware apps the permission the Android OS makes them seek to access information stored on the device as well as access to other apps on the device" he adds.

Interestingly, Gruman quotes Claus Villumsen, CTO of BullGuard, as saying that the user is prompted for that access by the OS, but clicks OK until he gets through to the promised game or service.

But things on the Android front could be about to change, as Gruman reports that BullGuard is working on a whitelist app that would use a green/yellow/alert system as a front end to the Android Market, similar to how modern browsers colour-code sites' URLs based on the confidence they have in the sites' legitimacy.

Villemsen, he says, claims this technique does reduce downloads of dangerous apps and media files, "but he acknowledges that mobile customers show little interest in buying such a service, at least today."

Users, concludes Gruman, "Need to take their share of the responsibility, not punt the problem to others."

Another feature that is changing with Android is the fact that the default setting with Android 3.x - Honeycomb, seen on tablet computers - is for the ability of the operating system to block downloads from sources other the Android Market, Infosecurity notes.

As Gruman implies in his column, this doesn't stop Android users from being unwise and allowing APK s to be downloaded from anywhere, but the default setting should stop Android novices from making simple security mistakes.

What’s Hot on Infosecurity Magazine?