Following a recent Symantec report about an Android.Counterclank malware outbreak, which had possibly infected as many as 5 million users, bloggers have reacted with skepticism and contempt for “sensational” media coverage.
“The story of Android security continues, and it simply creates great press,” says Robert Nazarian at TALKANDROID.COM. “[Are] malware and trojans an issue for Android? I won’t say it isn’t, but there really hasn’t been any major catastrophes as some of these articles and posts would like you to believe. It’s the job of the security firms to make money, so putting a little extra fear into the public’s mindset isn’t a bad thing to them, but at the same time we have to educate ourselves by reading beyond the titles.”
The controversy was further stoked by a blog post by Lookout Mobile Security, a company that specializes in combatting Android malware, which disagreed with Symantec’s characterization of the offending apps as true malware.
As Meghan Kelly at VENTUREBEAT.COM put it, “Apperhand skates on the line of what is an accepted intrusion from an advertisement. The applications do identify your device in its servers, but it does not collect other data. It also able to send push notifications to your phone, what some call the ‘pop-up window of mobile.’ These are annoying because, like a pop-up, they really do disturb your activity and force you to take an action.”
Many bloggers were surprised that two security companies were at odds over a reported security threat. For instance, Kristen Nicole at KRISTENNICOLE.COM said, “If you have an Android device, malware threats are nothing new, just something with which you’ve learned to deal. Mobile security companies usually alert the public when any major malware or Trojan threat is discovered in the Android Market, but rarely do they disagree over what’s actually considered malware.”
Some bloggers, such as Jill R. Aitoro at the Washington Business Journal, kindly linked to a Computerworld.com report on the alleged malware outbreak. She said the weak link in the Android app market was the humans downloading them.
“Even with information security standards in place, this latest incident again reinforces the primary challenge facing computer security: people. As reported by Computerworld, the infected apps request an uncommonly large number of privileges, which users must approve, then collects and alters various details included in the device settings.”
Others, however, were not so pleased with Computerworld’s handling of the news. “On the issue of privacy and wanton sharing of user data, we’re not loving it,” said Jerry Hildenbrand at ANDROIDCENTRAL.COM . “But it’s not malware.”
Hildenbrand criticized the media’s hunger for “sensational” news, suggesting that this particular report was an insult to one’s intelligence:
“We’re not security specialists, and we never claim to be…That being said, we are experts at catching bullshit, and this one reeks of it. Nobody likes ads, but we can’t just call them malware anytime we like. They’re a part of the ad-supported app model, and we should expect to see more than we like. When they misbehave, call for someone’s head, but not before.
“But that’s not sensational. Headlines like Computerworld’s “Massive Android malware op may have infected 5 million users” cause controversy, and everyone loves a controversy. Explaining that the 5 million mark is from adding the high end of the download counters, which allows for a 4 million-device margin of error, is conveniently forgotten. And we’d like to think that if as many as 1 million devices on the low end had been infected, Google and the Android Market team would have said something.
“The long and the short of it is, we’re sleeping just fine tonight. Move along.”