Sophos Cloud Optix
Do you still think that there’s no need for an anti-virus on your Android smartphone? Soon you might not have any choice.
Judging by a report on the Android Police website, a new edition of the Google Play app (Android’s equivalent to the iOS App Store) has put in place the foundations for some kind of anti-virus functionality.
Looking at the code seen inside the app, it appears that Google could soon have the capability to perform anti-malware scans on your smartphone. Our own examination has confirmed the existence of strings in the app’s code such as:
"Allow Google to check all apps installed to this device for harmful behavior? To learn more, go to Settings > Security."
"Installing this app may harm your device"
"Installation has been blocked"
"To protect you, Google has blocked the installation of this app."
There are also some interesting-looking graphics (well, not that interesting.. but you can probably imagine how they might be used):
Our examination of the new code in Google Play suggests that the company is building an API framework for virus-scanning in the future, and that the functionality will not be available until at least API level 17 (which will be supported in the version of the Android operating system after Android 4.1 (Jelly bean).
This functionality would also make use it seems of the Google Safe Browsing API.
Google attempts to keep malware out of its official Google Play Marketplace (with varying levels of success), but that doesn’t stop users from installing Trojans from unofficial sources.
In the past we’ve seen fake versions of Instagram, Angry Birds and many more popular Android apps distributed via non-official channels with the intention of infecting Android phones and tablets.
My advice would be for Android users to protect their devices against malware. The problem is becoming too serious to ignore. Sophos has a free anti-virus for Android which you can download (naturally enough) from the Google Play store.
Hat-tip: Android Police
VirusTotal API
AVG is best antivirus for Android
Android isn't inherently any less secure than iOS, but the open nature of Google's app store and operating system makes it a LOT easier to get people to install Malware. It seems reasonable that Google is trying to address that.
Google should start vetting their apps. Because of the open nature, Android is the most targeted mobile platform. The Android Exploit Framework makes the problem even worse. The biggest reason why iOS remains untouched is because Apple’s tight controls when it comes to App Development. All developers must identify themselves, and Apple checks the Apps for any malicious code and if found, the App is rejected. The developers certificate is revoked and therefore banned. Android, however, developers can remain anonymous, which is dangerous. Google needs to take full control of Google Play if they want to keep malware out. Openness doesn’t mean secure, and because of that, Android will always remain vulnerable. Google wouldn’t have to do this if they made Android closed. It may not sit well with most users, but it’s a wait and see. Anti-Virus programs can be defeated, however, so it remains a cat-and-mouse game for malware writers and anti-virus programs. Of course, none this really matters if someone used a weapon that destroys any technology in milliseconds.
Would like to be able to still have the option to download from wherever, don’t want to have a closed system like the iPhone.
Google just purchased VirusTotal. I wonder if they'll leverage that on Android.
I thought that the agreement with Google was that you could not 'reverse engineer' the code for any reason? Is this not a violation of the Google 'terms of service' or access agreement?
Just wondering, who cares I use an iPhone??? Just kidding…
I'm pretty sure anti-virus research counts as fair use or fair dealing