An Asian boy approaches a man clad in black leather at an outdoor café in Chinatown. He whispers something in the man’s ear. The man grabs his warrior of the future motorcycle helmet and speeds down the streets of San Francisco in pursuit of an armored car caravan. Explosions. Fireballs. Shuriken fly. Back at his lair, the marauder exposes the convoy’s precious cargo: the Droid Razr. A title appears on the screen: Too Powerful to Fall into the Wrong Hands.
That’s one of the more dramatic commercials for Motorola’s hot new Android phone, and while not many Android users have the chiseled good looks or cool clothes of the ad’s action hero, they do like living on the edge — at least unintentionally — when it comes to security, according to the crew at Websense Labs.
“While iPhone users are busy listening to music and watching videos, Android users are surfing through some of the most dangerous areas of the Web,” Websense Labs reports in a recent company blog.
The security firm bases that conclusion on data gathered from the Websense ThreatSeeker Network, composed of 50 million real-time data collecting systems that parse one billion pieces of content daily.
“Android users are more likely to visit sites with real security risks and sites known to have a high probability of leading to real security risks,” the researchers write. “And you can see them surfing through sites on the fringe of criminal activity (Hacking, Illegal or Questionable).”
An analysis of ThreatSeeker data by Websense, shows that Android users visit malicious websites six times more than other mobile users, illegal or questionable sites four times more than other users, and hacking sites nearly eight times more than others.
Not only do Android users have dangerous web surfing habits, but they like to court peril when downloading apps, too, the researchers contended. “While iPhone users almost exclusively get their apps from Apple (with its formal approval process), Android users clearly have no problem downloading apps from a wide spectrum of completely unsanctioned marketplaces,” they note.
Malware Volume Mounts
Criticism like that of the Android ecosystem has been flowing steadily from security firms this year, especially as they see sharp increases in malware directed at the platform. Although Google, the custodian of the open source mobile operating system, has largely shrugged off those knocks, one Google manager just couldn’t take it anymore and recently lashed back at the malware fighters.
“Virus companies are playing on your fears to try to sell you BS protection software for Android, RIM, and iOS,” Google Open-Source Programs Manager DiBona charges. “They are charlatans and scammers. If you work for a company selling virus protection for Android, RIM, or iOS you should be ashamed of yourself.”
Needless to say, the security firms questioned the Google manager’s expertise in security matters. “What he [DiBona] is missing is that mobile security tools (like ours) do much more than just antivirus,” argues Mikko Hypponen, the chief research officer at antivirus firm F-Secure. “[A]ntitheft, remote lock, backup, parental control, Web filter — these features are the main reason why people buy mobile security products. They get antivirus as a bonus.”
Other White Hats were less diplomatic toward Dibona. “Am I ashamed of myself?” asks Trend Micro Director of Security Research and Communication Rik Ferguson in a company blog. “Not at all. I’d prefer to offer protection against a growing threat to personal and business security than to bury my head in the sand and defend my stance with wild accusation.”