If you had to guess, what would you think was the top security issue during the third quarter of this year? My guess was mobile malware, but I had a bit of a cheat sheet, in that several different security companies listed mobile malware on the third quarter reports sent this week. It didn't seem like a week passed this fall where I wasn't hearing something regarding security and mobile devices.
Android appears the biggest target. McAfee reported that malware targeted toward Android devices jumped nearly 37 percent since the second quarter. Perhaps that's not a surprise. In an email to me, Zscaler said that 40 percent of those who use a mobile device for business use are using an Android operating system.
And we should only expect mobile malware to increase. At the end of 2010, McAfee Labs predicted that malware would reach 70 million unique samples by the end of 2011. Because of the rapid proliferation of malware this year, McAfee Labs has increased this prediction to 75 million unique malware samples reached by year's end, making it the busiest in malware history.
Yet, there are questions on whether or not the threat of Android malware is really as bad as McAfee and other security companies are making it seem. Google came to its own defense, according to InformationWeek, quoting Google's open-source guru, Chris DiBona. He said, in effect, that many of the Android malware warnings are a ploy to buy malware and virus protection for your phone. DiBona was quoted as saying:
A virus of the traditional kind is possible, but not probable. The barriers to spreading such a program from phone to phone are large and difficult enough to traverse when you have legitimate access to the phone, but this isn't Independence Day, a virus that might work on one device won't magically spread to the other.
InformationWeek agreed with this thought, but added:
Well, there's some truth to what the security vendors are telling us. Smartphones--and apparently Android devices in particular--can be infected with malware through careless use. But DiBona is right, too. How do we know that he is? Because there haven't been mass break-outs or major epidemics of malware spreading from phone to phone to phone.
I'm the type of person who sides with caution. My smartphone has become too important to my work life to take a risk, and I do believe that the bad guys will continue to find ways to focus their malware on every type of device. So, yes, I'm going to have protection on my phone. But it is an interesting discussion. What do you think?