Marketers frequently discuss the benefits of market leadership – the ability to charge premium pricing, attract the best talent, retain customers – and the like. Today, there is a new metric: if you develop operating systems, applications and other kinds of software, if someone isn’t trying to hack your work, then you must not be a market leader.
Android developers are discovering the downside of their new-found popularity. McAfee’s Third Quarter Threats Report, notes that Android malware samples by quarter rose from just over 20 million in Q1 2011 to approximately 60 million in Q2 and more than 90 million in Q3. Oh, that my stock portfolio should show such growth!
There are several layers of interesting information here, covered well by GigaOm’s Ryan Kim in August. First, that hackers are shifting their focus to mobile platforms - clearly where the action is today in terms of innovation and rapid subscriber growth. In addition, Android’s app store lacks the strong oversight that reduces malware threats in Apple’s App Store, and allows users to sideload apps.
Earlier this month, Microsoft urged Android owners to share their Android-related malware issues, entering those who responded into a contest to win a new Nokia Windows smart phone. Smart ploy or cheap gimmick? Well, with just 2 percent of the U.S. smartphone market, Microsoft has little to lose.
Eric Chien, Symantec’s Technical Director of Security Response, notes in an October white paper, seven schemes attackers often use malware for against Android subscribers:
As Android popularity continues to grow, attackers will continuously find new ways to monetize malware schemes. This is why Google needs to work in concert with Android developers to combat the malicious efforts of these attackers. Google should establish requirements for higher quality and force Android Market to scrutinize applications more closely for structural quality – at all would be a nice start – before making an application available.
As for the developers themselves –the legitimate ones at least – would likely welcome such scrutiny. They should embrace such a vetting process as a sort of third-party corroboration of their application’s security and structural quality, which could be a competitive differentiator.
By establishing standards for application software structural quality, mobile app stores like Android Market would certainly foster a growth of application integrity among developers by frequently assessing and improving how their code is designed and implemented.
Granted, quality software won’t absolutely prevent attackers from plying their malicious trade, but much like the car thief who targets unlocked cars first, it may slow them down enough that they find another app to hack in place of yours.