Virus Attack! Google Wants to Control Your House, but It Can't Even Control Malware

Last Updated May 23, 2011 5:57 PM EDT

At yesterday's Google I/O conference, Google (GOOG) showed how Android@Home will control all of our Android devices with one touch. The presentation was fascinating, but overshadowed by an ugly fact: Android malware is rising significantly faster than similar threats on Apple (APPL) iOS. Maybe Google should focus on cleaning up its market before trying to control your refrigerator.

Ambitious connectivity

Android@Home will make special programming libraries available to third-party device manufacturers. When a library is included, the device can "talk" remotely with other similarly equipped devices.

As Gizmodo describes:

Imagine carrying your tablet or phone around the house, and if you forgot to shut off a light or appliance, you can do it remotely by tapping a button on your screen. Or, imagine your house turning into a giant, Android-powered media streamer. It's going to use an as-of-yet undefined wireless protocol (we'd guess Bluetooth-related, since it's low-power and will be "open"), which means, yep, you'll need all-new gear for it to work.

Sounds fine so far. Early adopters -- who would jump on Android@Home -- are willing to buy new products, so that's not an issue, either. The rub is that even existing Android products are having security problems -- and it could only get worse by adding more connectivity.

Malware from open source

Unfortunately, some studies see Android malware on the rise:

  • Juniper Networks reports that Android malware has increased 400 percent since summer 2010. The same report said Apple "suffers from relatively little-known malware".
  • AVG finds that, as of Q1 2011, 0.2 percent of all Android apps were malicious (PDF). The percentage seems small, but AVG adds "...~3.9 Billion applications were downloaded, this means that potentially ~7.8 Millions malicious applications were downloaded. We expect to see a dramatic increase during 2011 and further."

To be fair, as my BNET colleague Erik Sherman pointed out recently, one study from the security vendor Fortinet puts Android and Apple iOS equal in the number of malware apps.

However, there are some key differences in how the two platforms handle malware. First, Google has virtually no app clearance system, so malicious programmers can add malware to the Google Market faster than the relatively well guarded Apple App Store. Second, Google may update the Android software to stop malware, but, unlike Apple, device manufacturers aren't required to use it and users aren't required to update. Third, by claiming that Android is an open source platform, Google may be more of a target by malware creators than Apple and its relatively secure iOS system.

As I mentioned during January's Consumer Electronics Show, Android devices are popping up everywhere from cars to kitchens. An Android@Home setup could transfer a piece of malware from device to device. Getting a virus on the phone is annoying and costly at best, but having a piece of malware in, say, a vehicle is more than a bit scary. Like Google Music, Android@Home shows Google rushing into the next phase when it hasn't laid the proper groundwork.

Photo courtesy of hunterseekerhk // CC 2.0