Google’s (Nasdaq: GOOG) having a pretty rough year on the security front.
Malicious software developers are exploiting its Android operating system and apps in the Android Market are plagued with malware.
Basically, sneaky developers are trying to access smartphones remotely to peek at your personal contact information, record your phone conversations and even track your location.
This is a huge security problem for Google. Especially considering it tallies 550,000 new phone activations per day.
Security firm, Lookout Mobile Security, recently reported that during the first half of 2011, harmful applications from the Android Market had targeted as many as one million Android users.
The firm found that it’s now 2.5 times more likely for an Android user to download malicious software than it was six months ago. It also expects three out of 10 Android users to click on advertisements that link to harmful web pages.
Not really a “ringing” endorsement to jump on the Android bandwagon (pun intended).
So how, then, can Google erase some of its embarrassing vulnerability? Here are two simple ways…
Defense #1: Release Ice Cream Sandwich, pronto. Android’s biggest threat to application security is fragmentation.
Google should fix this problem with its next major OS update, though. As I said before, the new version, called Ice Cream Sandwich, “promises to unify all Android devices, tablets and smartphones alike. Much like how Apple’s (Nasdaq: AAPL) iOS works with the iPhone, iPod Touch and iPad.”
Many Android owners are currently running on older versions of the operating system. By getting all users on the same version of the OS, security updates will be able to get to users as soon as they’re created.
Defense #2: Improve the App review process. Google prides itself on being an open platform where developers can offer apps without approval.
The problem, though, is with this open model, harmful applications can easily find their way to users in two ways:
- A malicious developer can take a harmless app, repackage it with harmful software and upload it for users to download.
- A malicious developer can upload a secure app straight and wait for a bunch of users to download it. Once they have, an updated version is released that has the harmful software baked in.
As a result, Lookout Security estimates that a total of 400 applications are currently infected with malware on the Android Market. On the other hand, Lookout didn’t find any similar issues on Apple’s iOS.
That being said, I don’t think Google should adopt Apple’s rigid gatekeeper policy. And I like the customizability of the Android OS as much as anyone.
But amping up its app review process won’t interfere with Android’s unique user experience. And it should go a long way in improving customer security.
Besides, if Google wants its mobile payment application – Google Wallet – to take off this summer, it has no choice but to make its platform much more bulletproof to protect any new customers’ credit card information.