It doesn't take much malware to do a whole lot of damage, and Android users are in the crosshairs. Businesses and their users are threatened, and Google is slow to react.
How so? Because Google's Android Market relies on customers to flag dodgy apps, leaving businesses and other customers' smartphones open to attack by rogue apps until Google acts, sometimes days later.
Malware banking apps have already been removed from the Android Market, where it seems anyone can post what purports to be a banking application.
Financial services and other companies should expect to see Android malware targeting their customers as criminals see Android's growing market share as creating new opportunities for mischief.
Infected employee smartphones could also compromise confidential business information.
Google's legendary culture of "openness" seems to be running headlong into a cold, cruel world where the bad guys will take any advantage. Android users may be ripe for the taking thanks to Google's inattention to security issues.
While Apple has been criticized for its heavy-handed control over the iPhone and iPod touch apps allowed into its online App Store, there has yet to be a major malware outbreak affecting its users. With so little control over Android apps, it seems like serious problems for Google customers cannot be too far away.
Business customers looking at Google as a corporate platform may want to consider how the company deals with malware before choosing Android-based handsets for their users.
With Chrome OS on the horizon and Google Apps beginning to find market traction, how Google deals with threats to its customers could become a major issue in the months and years ahead.
To avoid that, Google needs to find some sort of middle ground, one that encourages developers (the openness part) while protecting customers and maintaining their confidence. Google doesn't have to become Apple, but it does need to take a more protective stance on behalf of its users.
Google's Android Market has few restrictions and is intended to be self-policing, which is a case of Google creating technology but not being responsible for what happens when it hits the marketplace.
As Android becomes more common, someone is going to have to step-up to do at least some testing on applications before they are posted and then provide rapid response when trouble occurs. The only logical company to do this is Google, but it has so far shown no interest in doing so.
Google is so smart--or has always seemed that way--that its handling of Nexus One and Android marketplace issues seems out of place, naïve, even.
Google needs to become more a part of the world it is doing so much to shape. It cannot just pick and choose the issues it will face. Some, like security and customer support, simply go with the territory.