Jill Knesek is supposed to have made the observation that:
More specifically, she noted that:
Is that likely?
If one in three apps is infected, and the average device has - what? - ten apps installed, then it doesn't sound terribly far-fetched that almost every device might be compromised.
But if it's often not clear whether a device is infected, how can we be so sure that one in three apps really is compromised?
Perhaps the risk is much smaller and more knowable than Knesek suggested?
Emil Protalinski over at ZDNet went to the trouble of asking BT if they really were sure about that "one in three apps are dodgy" claim, and he seems to have received some good news: they aren't.
So we can all relax:
The anti-malware industry cops enough flak - we write all the viruses, remember? - without this sort of misinformation. Knesek may well be "an employee" - but according to BT's Secure Thinking blog, she's also the Chief Security Officer of BT Global Services.
Android malware is on the increase, and it is a threat to keep in mind. But the sky is not falling. There are plenty of legitimate apps for the Android platform, and plenty of trustworthy developers in the vibrant coding community which has grown up around it.
If you're an Android user and you're worried about malware:
* Stick to the official Google Play Store. (Google doesn't do a perfect job of keeping dodgy apps out - but a company that is smart enough to bring you Google Maps is unlikely to let one third of its officially-sanctioned apps get infected without noticing!)
* Stick to apps which have a positive history and a decent rating. (Crooks can and do play games with online clicks - click fraud is part of the business model for cybercriminals - but it's tricky to sustain a good rating for a dodgy app once someone's blown the whistle on you.)
* Consider using an anti-malware solution on your Android device. (Yes, Sophos just happens to have an Android anti-virus. Yes, it's free. Yes, it scans newly-installed apps before you use them. Yes, it's great. Yes, I would say that. Yes, it's in the Play Store. Simply head there and search for "Sophos".)
As Douglas Adams said, "Don't panic."