Mobile Malware Fear Factor -- Is it Warranted?

The rapid rise of technology has in many ways made our lives simpler than ever. Companies in existence for decades have shifted a significant portion of their business to online channels and many businesses are run solely on the Internet. While this has created a positive culture in which people can shop, learn, play, do business, and manage their finances online, it has also attracted some negative elements. Chief among them are hackers who are engineering malware, a brand of remote wireless viral chaos that causes all sorts of computer problems, from disabling a computer's operating system to breaching its security for the purpose of identity theft. In light of well-documented cases of malware attackers wreaking havoc through people's personal computers, antivirus companies have made huge profits selling software that is supposed to protect customers' computers. However, now that so many people are accessing their online accounts via mobile devices, a new debate is raging over the safety of mobile operating systems, including Apple's iOS, Research in Motion's Blackberry OS, and Google's Android. Apple, Google and other mobile technology stakeholders assure customers that its wireless Internet platforms are built to prevent the kind of widespread destruction hackers could use to invade personal computers. On the other hand, some antivirus software companies claim to have documented an increasing threat to such mobile devices, encouraging people to invest in their products to ensure safety. Clearly, both sides have a lot at stake -- so, is this threat real? Or are antivirus software companies playing on people's fears to sell their new products and services.

About a year ago, several companies that develop and produce antivirus software, including Kaspersky and, reported a significant uptick in malware. The companies revealed that while attacks were being deployed on all platforms, Android was being targeted the most. However, after some these reports started coming out, the companies that developed the platforms for Android and others cried foul. One of the loudest of the voices in defense of the safety of the platforms was that of Chris DiBona, Google's open-source software manager, who in no uncertain terms raised a bright red flag on the security software industry. DiBona claims, in this article on CNet, that the antivirus companies were "scammers and charlatans" attempting to "try to sell you BS protection software for Android, RIM and iOS." It is simple logic actually. You see, the antivirus companies are counting every variant of malware created, which apparently run in the order of a thousand a week. The real measure of a widespread malware attack is the number of devices infected, which of course is miniscule (if you exclude users who jailbreak the devices or use unofficial apps/stores). Turns out that users of mobile devices rarely install software outside of the official app store that is native to the device, and the official app stores are policed to varying degrees of effectiveness, but policed nevertheless. Of course, the security vendors fired back that their claims are legitimate and technically, yes they are correct. At least one defensive response from a vendor that the security software does more than antivirus, namely antitheft, remote lock/wipe, web filtering, and parental control, is telling. These are useful products, which I don't doubt as a co-founder of Mobicip myself, but are in no way connected to their marketing claims about the risk that consumers are being exposed to.

While DiBona and others could not deny that there have been some malware attacks, the attacks have been sporadic at best. Also, it is highly unlikely that the malware could spread virally on mobile devices in the same way that it could through personal computers. DiBona said that, while there have been "some little things," the mobile platforms have been built in such a way as to limit malware's ability to spread virally like it could on PCs due to "user sandboxing" and other inherent traits. According to Shankland, sandboxing "confines computing processes to memory compartments and restricts their privileges, making it harder for a compromised program to be used as a launching point for more extensive attacks on a computing device." Beginning this past March, Apple requires developers even on the Mac OS to comply with its sandboxing routines as a means of providing a last line of defense. Accidental bugs or intentional hacks can allow programs purchased through Mac's App Store to access files or networks that could compromise the user's privacy. However, sandboxing inherently isolates the program and allows Apple to closely monitor its behavior.

There will always be two sides to every story, but in this case, mobile operating systems are generally safe for use without having to invest in antivirus software that could also slow down your mobile device. There is no doubt that malware is a real threat in some arenas, but customers using iPhones, iPads, Androids, and other mobile devices to simplify their everyday lives can rest assured that their security is intact, for now at least.