The dangers of Android malware may be exaggerated, but you should still play it safe

Not everyone agrees that Android malware seriously threatens security. But taking precautions is still a good idea.

Jagdish Shrimali asked if "it is necessary to install antivirus software on an android mobile device?"

It may not be necessary, but it's still a very good idea. There's definitely Android malware out there. While the level of the threat may be exaggerated, it's really a matter of being better safe than sorry.

[Have a tech question? Ask PCWorld Contributing Editor Lincoln Spector. Send your query to answer@pcworld.com.]

You can't go far without reading horror stories about Android malware. For instance, last fall, hackers discovered a way to hide malicious Android code in images. And just this March, Palo Alto Networks announced the discovery of an Android vulnerability that could impact half of current Android users.

Not surprisingly, Google wants to reassure users that the problem is under control. The company avoids the word malware, preferring the seemingly less scary Potentially Harmful Applications (PHA--which, when you think about it, could also stand for Perfectly Horrid Antagonist). According to Google's first ever Android Security Year in Review report, last year only one percent of Android devices caught malware (I'm not about to start calling them PHAs). And when you count only devices that download exclusively from Google's own Play store, the number drops to 0.15 percent.

Of course, those are Google's statistics.

But more objective experts also suspect the danger is exaggerated. Tech journalist Bill Snyder, author of Infoworld's  "Tech's Bottom Line" column and a colleague of mine, argues that the Android malware threat has been overblown by companies that profit from your fears. "Whether you're hawking handguns or security software, scaring the bejesus out of your potential customer base is often a winning ploy."

Snyder also argues that the actual number of bad actors out there is small. "You'd have to dig very, very deep into that humongous store of Web pages to find actual examples of serious mobile exploits--because there are almost none."

I suspect Bill is right, but I still take precautions. I have Avast Mobile Security running on my phone at all times (I make no claims that it's better than its competitors). And I only download apps from the Play Store.

Tags Googlepalo alto networkspcworld

Show Comments