Although there are numerous "experts" on the web stating that the Android phones do not need antivirus/malware protection, common sense dictates otherwise. The Android phones we love are really just handheld computers and, as such, are vulnerable to viruses, worms, rootkits and other malware, just as any computer. These web-based "experts" seem to focus on the Android's vulnerability to the traditional virus and we all know that malware is area of extraordinary innovation. Having said that, the Android operating system is among the most secure, having been designed by Google to run all applications in a virtual machine (this means that applications are isolated from the underlying O/S). Unfortunately, even this built-in security can be overcome by a cleverly crafted malware and/or user error.
To prove the point that the Android is vulnerable, a local outbreak of a mobile trojan in Russia has shown us that the Android operating system DOES need an antivirus or other security software.The malware was detected by security firm and antivirus software developer, Kaspersky (Kaspersky, a Russia-based security software firm, is often the first to detect new malware threats) who confirmed the file is named “Trojan-SMS. AndroidOS.FakePlayer.a” and is downloaded as a typical .APK Android app. The company stated this is the first known Android-specific trojan (on March 3, 2011, Google pulled over 20 Android apps from its market when it was discovered that they contained malware).
The malware works by posing as a media player app. Once the app is downloaded and installed on the mobile device, the trojan begins to send SMS messages to premium rate numbers without the device owner’s knowledge. Since the trojan’s creators are usually the ones on the other end of those premium numbers, they end up profiting from the scam.This SMS-based type of malware is currently one of the most common forms of mobile viruses. SMS trojans have been around for years on mobile phones, even predating the smartphones we all know and love. The first mobile SMSvirus appeared in 2004, and the first-ever Android malware (isolated incidents of spyware) popped up in 2009.
In recent days, Xuxian Jiang, a computer scientist at North Carolina State University, found an Android-based malware, dubbed RootSmart. This malware contacts command and control servers and then downloads a rootkit that enables it to place premium SMS calls. Symantec estimates that the botmaster is generating upwards of $3,000,000 per year of revenues. The app is bundled with a legitimate application for configuring phone settings.
If you are not convinced that your Android device is vulnerable, then consider these statistics;
* Android malware threats increased 400% from 2009 and 2010
* Between 500,000 and 1,000,000 Android users were infected the first half of 2011
* During the same period the number of malware apps in the Android realm rose
from 80 to 400 or another 500%
The clear message here is that we DO need security on our Android phones, not only for protection from such Trojans as Kaspersky found but also from spam and other threats.
For a review of the best security apps for Android, go to Best Android Security Apps
edited by keith debus