Android users are less cautious when it comes to security

The image of Android users as people who seek out danger and live on the edge may not be far from the truth. That's the image that Verizon has been trying to project in some of their ads for the Droid Razr and a new study from Websense suggests that it's an accurate portrait – but in ways that Verizon had rather not project.

The study suggests that while iPhone users are happy to stay within the bounds of Apple's walled garden, enjoying music and video from legitimate sources, Android users spend more times exploring the web's less reputable districts.

Unlike iPhone users, Android owners spend more time reading about guns and 'exploding shuriken' than they do playing Angry Birds, and many of them venture out in search of information on hacking and other 'illegal or questionable' activities, as shown in the chart below. Almost all iPhone users get their apps exclusively from Apple's carefully crated App Store, but Android users have no problem getting their apps from a wide variety of unsanctioned (and sometimes illegal) marketplaces.

While a lot of fuss has been made about Google's lack of tight control over what apps get into their marketplace, users are really sticking their neck out by getting their apps elsewhere. It's remarkably easy for a legitimate looking Android app to be repackaged with malware and most users won't know the difference until they are already infected.

A lot of questions have been raised about the security of Google's mobile OS. McAfee recently reported that Android was shattering records for mobile malware, with almost all new viruses being targeted at it. While Microsoft's Windows Phone and Apple's iOS remain relatively safe, some security experts are suggesting that it might be wise to keep your Droid protected with security software, as reported over at Monsters & Critics. Some have gone so far as to call Android the 'smartphone Windows of the future,' referring to the high number of security threats targeting Microsoft's venerable OS.

Image courtesy of WebSense

Report a problem with article
Previous Story

No Bing for Russian Windows Phones

Next Story

Kingston: SSDs could be storage of choice by end of 2012

56 Comments

Commenting is disabled on this article.

The official Android market is a mess. There is no app approval process that makes sure that the app is doing the right thing, it becomes "User responsibility" by presenting a list of permissions before installing the app. There is no explanation why an app would need a particular permission and there is no way to deny or sandbox particular permissions so you can 'wait and see' what it's for (or you could plain not understand what the permissions mean), so it gets to the point where you blindly accept any permissions presented to you.

The other major problem is that Marketplace apps present in-app Ads, which can link to other apps on non-market sources. So in essence there is the ability for a developer to publish on the market, then escape and direct the user malware on a 3rd party site (complete with simple instructions for the user on how to install non-market app when prompted)

I think that Android has a lot of potential of what it could be, the problem is not fragmentation, it is the market. If you don't want to be stuck in Apple's closed garden, then the choices are limited. You basically have to conform to the masses if you want a safe market experience (and still have a widest selection of apps).

There's a simple answer.

Don't install something you don't trust. I read reviews on the market, but I don't have any apps that would contain crap-ware. My apps are reputable and ones that hundreds of thousands of people have installed (tech savvy and non-tech people) <-- no reviews about malware there.

Apple's carefully crated App Store

Really? Carefully crafted?

Even with regard to the topic of the article, Apple's approval process for Apps has more to do with ensuring the software doesn't infringe on Apple or Apple's income than they are tested for malware or security threats

Apple is not the 'stellar example' when it comes to how to deal with malware and security, if you want to reference 'carefully crafted', you might want to mention WP7 that is an OS model that is specifically crafted with layers of security and an App store that does a lot of malware and security testing before releasing Apps.

Sadly though the article is accurate about Android...

Android has horrible security, Google has a horrible screening policy that is non-existent even on their marketplace, and yes it is sad that Android users assume that they magically become some super geek cause their l337 phone has a Linux kernel.

They don't realize it is a crippled Linux kernel running a horrible and bloated Javaish VM on top that is less smart about processes and memory let alone security than Windows 3.0 that is 20 year old technology.

Don't you ever get bored of trolling these Android articles? All I ever see when I come read these topics is your comments crapping on Android, and while I agree that Android isn't perfect, and needs improvement in the face of stiff competition, you clearly have an agenda. You've come into a newspiece about android users being less cautious about the apps they install, and ended up talking about it having poor memory management?

What you don't get is that geeks like Android not because "it's Linux", we all know that it's fork of the kernel for better or worse. We geeks like it because it's FREE (in both beer and speech). We aren't restricted to handing over money to Microsoft or Apple when we buy apps (not that I want to poo-poo their app stores, they're good), we can buy from the Marketplace, we can buy from Amazon, or we can just circumvent the whole thing and install from a downloaded file. It's great! If I don't like my homescreen software, I can change it. Don't like my Android version, I can install a whole new version; sometimes voiding the warranty, but that's a risk we can take, because we can. THAT is why Android rocks.

Could Android be better? Certainly. But for some of us, the major benefits of the freedom Android gives us outweigh the flaws it has as an OS.

Majesticmerc said,
Don't you ever get bored of trolling these Android articles? All I ever see when I come read these topics is your comments crapping on Android, and while I agree that Android isn't perfect, and needs improvement in the face of stiff competition, you clearly have an agenda.
You've come into a newspiece about android users being less cautious about the apps they install, and ended up talking about it having poor memory management?

What you don't get is that geeks like Android not because "it's Linux", we all know that it's fork of the kernel for better or worse. We geeks like it because it's FREE (in both beer and speech). We aren't restricted to handing over money to Microsoft or Apple when we buy apps (not that I want to poo-poo their app stores, they're good), we can buy from the Marketplace, we can buy from Amazon, or we can just circumvent the whole thing and install from a downloaded file. It's great! If I don't like my homescreen software, I can change it. Don't like my Android version, I can install a whole new version; sometimes voiding the warranty, but that's a risk we can take, because we can. THAT is why Android rocks.

Could Android be better? Certainly. But for some of us, the major benefits of the freedom Android gives us outweigh the flaws it has as an OS.

Well it seems most of these geeks don't understand what they are giving up. All privacy and being so open you leave everything on the line whereas Google just wants to stuff ads in your face with their half ***ed distro. Any real Linux user will understand and root their "Android" phone with a real Linux distro. Android is crap because it is based on Google. Go get a real Linux kernel and distro and you'll see what your phone can really do opposed to Google's buggy, glitchy, laggy, vulnerable and fragmented pile of kaka. It is simply the fact that Google leaves everything open as well is tracking/recording every single thing you do as well as your mic and camera. Doing this users writing apps can tap into this to steal your information as well. With Google's only concern being that their app count beats Apple's they could give two ****s about the consumer. I can at least give credit to Apple and Microsoft being sure to protect their customers because they paid where Google customers pay for hardware and get a garbage OS. Root it with Linux and secure it if you're tech savvy otherwise keep on with the illusion that because you have Android or rooted it with some other Android crap that you're such a pro.

P.S. - I decided to pass on Android because of the sketchy Google involved. I passed on Apple because it is trendy... I picked up a Windows Phone and have been so far satisfied. No it's not perfect but then again name one thing in existence that is... There is none. Perfection is only by opinion and opinions are like ***holes, everyone has got one and they all stink.

Majesticmerc said,
Don't you ever get bored of trolling these Android articles? All I ever see when I come read these topics is your comments crapping on Android, and while I agree that Android isn't perfect, and needs improvement in the face of stiff competition, you clearly have an agenda. You've come into a newspiece about android users being less cautious about the apps they install, and ended up talking about it having poor memory management?

What you don't get is that geeks like Android not because "it's Linux", we all know that it's fork of the kernel for better or worse. We geeks like it because it's FREE (in both beer and speech). We aren't restricted to handing over money to Microsoft or Apple when we buy apps (not that I want to poo-poo their app stores, they're good), we can buy from the Marketplace, we can buy from Amazon, or we can just circumvent the whole thing and install from a downloaded file. It's great! If I don't like my homescreen software, I can change it. Don't like my Android version, I can install a whole new version; sometimes voiding the warranty, but that's a risk we can take, because we can. THAT is why Android rocks.

Could Android be better? Certainly. But for some of us, the major benefits of the freedom Android gives us outweigh the flaws it has as an OS.

+1

Apple may not be so in tune with security but hey, they seem to be doing alright even with a large market share. Microsoft us used to being attacked on all OS's so they now build with security in mind. Everyone cries wolf about viruses in Windows but they never reference which Windows... pre Vista such as XP and prior yes... Vista got the reset during Longhorn and picked up the Windows Server kernel built around corporate security hence Vista/7/8 are more secure by leaps and bounds.

Just do a Bing search of "windows 7 most secure os versus windows xp" without quotes and check the softpedia article. At least Microsoft tries, Apple tries and Google could care less.

My SGS is rooted just for the adblock app.
But that been said you have to be careful where you get your apps from.
Third party apps could easily contain malicious code and a inexperienced user
with it enabled will probably get in to trouble.
The beauty of the Beast is no walled garden but with that their is peril.
I flash roms all the time and i like it that way

To be fair, Android Market is crawling with malware. Good thing that I have mine rooted so I can at least adblock the damn adware.
On a PC adware is frowned upon so strongly that if old ladies did it, they'd trip on their own wrinkles. On Android? It's the most superb business model. But, hey, what could one expect from a platform made by world's largest ad broker.

Android's permission model is fundamentally flawed, it's useless, it gives an illusion of control, a false sense of security. It's impossible to explicitly deny a certain permission. It's either accept all they throw at you or gtfo, find another app that likely requests the same.

With that indeed the walled garden is more secure if only objectionable in all other aspects, I'll give Apple that honor.

cralias said,
To be fair, Android Market is crawling with malware. Good thing that I have mine rooted so I can at least adblock the damn adware.
On a PC adware is frowned upon so strongly that if old ladies did it, they'd trip on their own wrinkles. On Android? It's the most superb business model. But, hey, what could one expect from a platform made by world's largest ad broker.

Android's permission model is fundamentally flawed, it's useless, it gives an illusion of control, a false sense of security. It's impossible to explicitly deny a certain permission. It's either accept all they throw at you or gtfo, find another app that likely requests the same.

With that indeed the walled garden is more secure if only objectionable in all other aspects, I'll give Apple that honor.

I do like androids permissions, i at least know what the app plans to access. Who really checks those though, i know i do, but sometimes i forget to.

I think well hit an era in the next year when the quad core phones start rolling out where android sec will take a huge leap, AV, encryption, etc. Oh, and i mean Real AV, none of the garbage thats there right now)

That being said tho, i have no malware threat to worry about. I only DL reputable apps, no junk, dont grant root access to apps that i wouldnt see fit, etc etc.

Beyond Godlike said,

I think well hit an era in the next year when the quad core phones start rolling out where android sec will take a huge leap, AV, encryption, etc. Oh, and i mean Real AV, none of the garbage thats there right now)

Nice, with all that power Android gives you, you can even assign the cores to specific tasks!

Core #1 for general processing
Core #2 for antivirus
Core #3 for encryption
Core #4 for advertisements, tracking, and background data mining

Beyond Godlike said,

<snip>

Isn't it impossible to have anything close to a "real" AV on an Android without giving it root? If so, then by giving any arbitrary security systems root we'll soon have "unreal" AV as well, side by side with the real ones. Once again, a feedback loop, no?

Meanwhile, the clock's ticking. And some purses are being snatched.

Beyond Godlike said,

I think well hit an era in the next year when the quad core phones start rolling out where android sec will take a huge leap, AV, encryption, etc. Oh, and i mean Real AV, none of the garbage thats there right now)

From what I've read on here, most people (the tech savy ones, at least) don't seem to have had any problems with malware so far. That's good. But I don't think I'd really consider having 'real AV' a leap. I'd rather not have to worry about AV or malware on my phones. I'll take it just works over freedom in that case. Personally, I like Windows Phone & iOS. But, choice is good, whatever floats your boat!

To be fair, you have to specifically turn off the Market-download-only restriction in order to download from other places.

testman said,
To be fair, you have to specifically turn off the Market-download-only restriction in order to download from other places.

To be fair, for the Market to have any competition at all (ie., Amazon Appstore), Market-only has to be completely disabled. There are no hooks in the OS for third-party eco-systems to be classified as 'trusted for installs' while still blocking manual apk installation.

If you go to a nonlegit site and download something you deserve what is going to happen. That's like putting your hand in a bee hive to get honey and expecting not to get stung. I do like how Google lets their users do what they want, however, it does not have the best interest of the users in mind.

I think there should be limitations on phones like Apple does with its marketplace.

For those of you who disagree answer me this. If you got a virus on your precious little andriod device would you blame yourself or would you be calling your mobile provider or even google complaining that this should not have happened?

itylernallen said,
If you go to a nonlegit site and download something you deserve what is going to happen. That's like putting your hand in a bee hive to get honey and expecting not to get stung. I do like how Google lets their users do what they want, however, it does not have the best interest of the users in mind.


I think there should be limitations on phones like Apple does with its marketplace.

For those of you who disagree answer me this. If you got a virus on your precious little andriod device would you blame yourself or would you be calling your mobile provider or even google complaining that this should not have happened?


if i got a virus i wouldnt be blaming any of them except myself as it would hav ebeen my own fault, has nothing to do with google or my service provider

I download and install any apk from anywhere without giving two glances at which permissions it asks for. Granted it is on a tablet, so no premium sms or calls can be made - but since getting my first tablet at the beginning of the year, and my latest one a couple months ago, nothing bad has happened and I still own all the email accounts I set up on them

Detection said,
I download and install any apk from anywhere without giving two glances at which permissions it asks for. Granted it is on a tablet, so no premium sms or calls can be made - but since getting my first tablet at the beginning of the year, and my latest one a couple months ago, nothing bad has happened and I still own all the email accounts I set up on them

Hm... That doesn't sound like you've been lucky or anything...

M_Lyons10 said,

Hm... That doesn't sound like you've been lucky or anything...

It comes across as crazy irresponsible, but if you think about it, permissions are presented in a "move along, nothing to see here" fashion on Android. There is no documentation anywhere at any point in the OS explaining the potential risks associated with different permissions. It's roughly on par with an EULA--just something you click Next/Continue quickly to get to the next screen.

While everyone can sit on their thumbs and snarkily say "well then you deserve what you get", that attitude doesn't actually SOLVE anything, or educate anybody, or do anything but make the bearers of that attitude look grumpy.

Joshie said,

It comes across as crazy irresponsible, but if you think about it, permissions are presented in a "move along, nothing to see here" fashion on Android. There is no documentation anywhere at any point in the OS explaining the potential risks associated with different permissions. It's roughly on par with an EULA--just something you click Next/Continue quickly to get to the next screen.

While everyone can sit on their thumbs and snarkily say "well then you deserve what you get", that attitude doesn't actually SOLVE anything, or educate anybody, or do anything but make the bearers of that attitude look grumpy.

So basically like Windows prior to XP SP2 yea....

DJ Dark said,
So basically like Windows prior to XP SP2 yea....

With the small difference that Windows has long been loaded with documentation. Nothing quite as extensive as, say, Linux (but that documentation is insanely difficult to approach as a novice and doesn't even bother to integrate itself in any significant way into the OS).

One of the nicest things Microsoft did with Windows 9x was the introduction of the [?] button on many dialog windows' title bars. You would simply click it, then click something on that window, and a tooltip would appear explaining the function. This idea, however, was never fully executed, nor did tooltips hyperlink to actual help topics (as far as memory serves me). What's more, it seems like MS abandoned the whole concept immediately after XP, and the task of learning about the purpose of OS elements was placed wholly on the user. I haven't seen a single OS since the 16-bit era include a hand-holding tutorial for new users, choosing instead to create "See what's new!" websites that are little more than marketing (all OSes have turned to this).

Teaching users of a platform anything substantial is a flag that only seems to be waved these days by writers of books and publishers of commercial instruction DVD series. Everything else requires a class or a time investment that can only succeed with the right motivation.

So we have OSes that hide important information from users, advanced users unwilling or unable to deal with the fact that novice users don't always WANT to invest enormous amounts of time to understand technical concepts, and documentation that has become LESS accessible over time. And again, the popular yet destructive and childish attitude that people unmotivated to teach themselves the finer details of computing deserve everything bad that happens to them.

I wasn't referring to documentation, I was referring to the permissions and the "click yes/next" to everything approach (which was very common prior to UAC, even though joe user still disables this GREAT security feature)

The thing about the majority of iPhone users (i.e. non-neowinian normal people) is that they don't even know they have internet on their phone. They don't know the diference between 3g and wifi and they can't tell the diference between the internet and their facebook app.

Android users are not exactly rocket scientists and even though they can't tell the difference between a real and a fake luis vuitton iphone case they can usually tell if a site is areal one or not.

My view is however very skewed as i haven't had to deal with (serious) malware on my own devices since the last president got ellected.

I don't know, from what I've seen I'd say many of the iPhone users do not have the problems you stated and the reason is pretty simple, the iPhone is fairly expensive and people buying it are more likely to know a bit about computers and smartphones than not, same goes for buyers of the more expensive Android phones.

The problem comes with the people buying the cheaper Android phones, this is where you find the majority of the computer illiterate people with smartphones.

Leonick said,
I don't know, from what I've seen I'd say many of the iPhone users do not have the problems you stated and the reason is pretty simple, the iPhone is fairly expensive and people buying it are more likely to know a bit about computers and smartphones than not, same goes for buyers of the more expensive Android phones.

The problem comes with the people buying the cheaper Android phones, this is where you find the majority of the computer illiterate people with smartphones.


Sounds about right...

Leonick said,
I don't know, from what I've seen I'd say many of the iPhone users do not have the problems you stated and the reason is pretty simple, the iPhone is fairly expensive and people buying it are more likely to know a bit about computers and smartphones than not, same goes for buyers of the more expensive Android phones.

The problem comes with the people buying the cheaper Android phones, this is where you find the majority of the computer illiterate people with smartphones.

What a load of wank, everyone i know that has an iphone got it because everyone else seems to have one and most of them can barley turn a computer on, i had a friend who didnt even know what itunes was, my sister only got it cause it looked cool, mums hubby bought it because he thought he needed it, yet every android handset owner i know knows how to use a pc, has most likely rooted there phone also, and also knows what he needs from the marketplace rather than downloading crud

Leonick said,

The problem comes with the people buying the cheaper Android phones, this is where you find the majority of the computer illiterate people with smartphones.

Yeah, I was in the Verizon store earlier today and I saw an older woman (in her 60s at least) buying a Droid. It looked like all of the younger and more tech savvy folks were going for the iPhones. Now, I know there are some decent Droids out there, but mostly I saw people who were looking for cheaper phones swinging in that direction. I didn't see a single Windows Phone on display! O.o

LauRoman said,
The thing about the majority of iPhone users (i.e. non-neowinian normal people) is that they don't even know they have internet on their phone.

drop the drugs mate, i mean, for REAL !

flexkeyboard said,
android has become the new windows xp officially

...meaning it's hard to get people to upgrade to a newer version? :-P

M_Lyons10 said,

...meaning it's hard to get people to upgrade to a newer version? :-P

Virus, malware, spamware, bloatware prone, all of it. Not to mention inconsistent ugly ui.

bdsams said,
Basically, but with that freedom comes risk and unfortunately not everyone knows to be cautious.
True, though it does not exactly apply to mobile operating systems, there is a quote somwhere in a document that says something about freedom and security.

Everyone should make their own decision on what to use and it is their responsability or fault if they make a rash/ bad decision.

Ive never encountered malware on my android devices. You just have to use common sense. Im not putting a bloated antivirus app on my phone, no need for it!

smooth3006 said,
Ive never encountered malware on my android devices. You just have to use common sense. Im not putting a bloated antivirus app on my phone, no need for it!

The problem is that what is common knowledge for you, me and the other visitors to this site might not be so common for the average Android user.

smooth3006 said,
Ive never encountered malware on my android devices. You just have to use common sense. Im not putting a bloated antivirus app on my phone, no need for it!
I always found such comment funny.
It doesn't come on your mind that you might have a malware (ex: backdoor, trojan, whatever) very well hidden in your (not so smart) phone?

Anthonyd said,
I always found such comment funny.
It doesn't come on your mind that you might have a malware (ex: backdoor, trojan, whatever) very well hidden in your (not so smart) phone?

Hahaha it's funny because it is true. Hahah hahaha!

smooth3006 said,
Ive never encountered malware on my android devices. You just have to use common sense. Im not putting a bloated antivirus app on my phone, no need for it!

As far as you know you've never encountered malware on your phone. Most people are unaware even the "tech savvy". Bloated A/V I understand is no fun but getting a good solution for the OS by Google would be best. Microsoft has done this with Microsoft Security Essentials, no lag ever and great protection for free. It would be better for Google to care more for their customers then for their stupid ads instead of protecting its user base. I use WP7 with no issues and only download from trusted which is all as they are all reviewed completely whereas Google would let dog **** go by.

Xxgreatestever said,
You just gotta be smart about it when downloading from the market

Thats the problem. the general population of Tech users are not that savvy and will do stupid things if they are given the opportunity.

Xxgreatestever said,
You just gotta be smart about it when downloading from the market

If everyone was smart, there wouldn't be millions of infected computers in the world.

Xxgreatestever said,
You just gotta be smart about it when downloading from the market

Yeah, the "you just gotta be smart" argument didn't really address the problem for Windows XP users, either.

Aethec said,

If everyone was smart, there wouldn't be millions of infected computers in the world.

That's why I said "from the market". A lot of Malware is installed on Androids because the user doesn't want to check out if the source is untrustworthy. If you want an open and free market then you also have to expect bull****

Xxgreatestever said,
You just gotta be smart about it when downloading from the market

I wonder how many peoples computers are infected just from porn related sites alone...

Xxgreatestever said,

That's why I said "from the market". A lot of Malware is installed on Androids because the user doesn't want to check out if the source is untrustworthy. If you want an open and free market then you also have to expect bull****

Which is exactly why the "open and free" market concept struggles in the real world, and why proponents of it are so naive. Anyone who believes that the consumer needs to educate themselves before they 'deserve' to be consumers is someone who would never be competitive in a market.

This is also why it will never be the Year of the Linux Desktop. "RTFM" is not, nor will it ever be, an effective marketing strategy, no matter how furiously forum kiddies keep up the circlejerk.

rxsoob said,

Thats the problem. the general population of Tech users are not that savvy and will do stupid things if they are given the opportunity.

Well, I AM savvy and the people in my family with smart phones are okay too.
I don't really care if my neighbour's smart phone gets infected.

Now. . . back to those guns.

Xxgreatestever said,
You just gotta be smart about it when downloading from the market

I just consider wreckless behavior to be typical of an Android fan.

Xxgreatestever said,

That's why I said "from the market". A lot of Malware is installed on Androids because the user doesn't want to check out if the source is untrustworthy. If you want an open and free market then you also have to expect bull****

+1