|Home » Security
Android Antivirus and You
You don't need it.
Now that Google's Android has launched on T-Mobile's G1 the antivirus cottage industries are going to try to sell you antivirus protection.
For only $10 it may seem like a safe bet but odds are you won't need it.
All new systems have teething troubles and Android is not going to be any different. But Android differs significantly from the other handset systems: it's open source. Better still: it's backed by the Open Handset Alliance.
The currently 34 members of the OHA are as follows.
Aplix, Ascender Corporation, Audience, Broadcom Corporation, China Mobile, eBay, Esmertec, Google, High Tech Computer Corporation HTC, Intel Corporation, KDDI Corporation, LG, LivingImage, Marvell Technology Group, Motorola, NMS Communications, Noser Engineering, NTT DoCoMo, Nuance Communications, Nvidia Corporation, PacketVideo, Qualcomm, Samsung Electronics, SiRFSiRF Technology Holdings, SkyPop, SONiVOX, Sprint Nextel, Synaptics, T-Mobile, Telecom Italia, Telefónica, Texas Instruments, The Astonishing Tribe, Wind River Systems.
And better still: it uses extensive 'sandboxing'.
Independent Security Evaluators
The ISE team which also pounced on the iPhone within days of release were quick to find a vulnerability in Android as well. But the flaw was a matter of Google using outdated code.
Android Designed Secure
But in contrast to the iPhone where everything runs as root (!) Android 'sandboxes' all its applications. Each application effectively runs as its own user and permissions are such that no one user (application) can get at the data for any other.
This is what ISE recommended for Apple's iPhone - in vain.
Effective UID: 0
Already on 1 July last year Rixstep began reporting Apple's iPhone was running everything as root - and doing a number of other questionable things as well. Crash dumps with the clever '8badf00d' ('ate bad food') exception code revealed an effective user ID of zero - root.
SMobile Systems now have a 'security shield' for Android. The cost is a mere $10. They've been supporting Nokia for some time and Nokia recommend its use.
Yet to date no malware has been able to compromise Nokia's S60 without first having to fool a user into cooperating.
Contrary to what well-meaning security gurus will tell you, the SMobile people are trying to scare Android users into thinking open source is less secure than closed source such as Apple's, Microsoft's, and Nokia's. It's important you not fall for the ruse.
Contrary to what antivirus companies would have you believe, open source is always more secure. In fact many respected security experts believe only open source can ever be secure.
Companies usually have a marketing ploy in mind when they steer clear of open source for their most critical components.
Apple and Nokia aren't too interested in proper sandboxing - they're moving on to code signing instead. And thereby threaten to cripple use of their devices over time. Back on Valentines Day this year Mr Blog reported the Nokia code signing system both underwhelming and overwhelmed.
MESSAGE FOR DEVELOPERS
Developer Certificate creation is currently disabled, this is due to a hardware failure specifically in the Developer Certificate creation process. Plans to enable it for periods today have been cancelled due to very high load on the web site. We apologise for the inconvenience caused. We are working on a solution for this and will have an update on this issue on Friday 15th February at 10:00am UK time.
There'll always be the odd Quark Xpress expert who cannot believe corporations can make egregious blunders - that if they decide to whittle down Unix security to that of Windows there must be a very good reason for it.
The G1 isn't as fancy as Apple's iPhone yet but reviews have been positive. And the software market promises to be a lot better than Apple's crimped App Store.
Android Developer Challenge Gallery
Android | Market
Independent Security Evaluators: Exploiting Android
Macworld: Android may not need antivirus software
Macworld: Ballmer doesn't see Google Android as competitor yet
Macworld: T-Mobile, Google, HTC introduce first Android phone
Mirror.co.uk: Review: T-Mobile G1
Mr Blog: Why Symbian Signed must die
New York Times: Security Flaw Is Revealed in T-Mobile's Google Phone
Nokia: SMobile Security Shield
Open Handset Alliance
Rixstep: Alpine Dottie
Rixstep: Effective UID: 0
Rixstep: iPhone OS X System Architecture
SMobile: The First Antivirus to Protect Google Android Phones
T-Mobile G1 Official Site
TrustedReviews: Google Android Based T-Mobile G1 Launches In UK
Webmonkey: Five Reasons Android Might Deliver Where iPhone Won't
Wikipedia: S60 Platform
Wired: Google's Open Source Android OS Will Free the Wireless Web