Not only is this story bogus, the people in the tech media, the high profile tech bloggers all pushing this thing because they hate any company that challenges Apple? They all know this story’s bogus, and they’re telling it to you, anyway. Either that, or they don’t deserve paid positions writing about tech, as they know roughly as much as my mom does about the subject, and she’s terrified she’ll blow up the computer if she chooses the wrong menu item.

Anyway, it’s bogus, and here’s why: find one. Find an Android virus. Or a worm. Or a trojan. Or hell, find a bad Android cookie that crashes the browser or resets your home page, even.

There aren’t any. There never have been. Go do a search for "Android" and "malware" or "virus" and you will find the same story over and over, at base: Android could get viruses and malware, at some vague point in the future, under undefined circumstances. Usually this is used to spin the user freedoms and relatively open nature of the Android platform as a negative, because you have to do something when you’re in love with a company that makes you wait three years to copy and paste text on your six hundred dollar, allegedly smart phone, I guess.

Feel free to challenge me on that one, if you like, but get ready to spend hours searching and end up frustrated. You won’t find any critters.
 
###
 
Taking advantage of people’s uninformed fears of malware in the tech media is one example of low and craven character; selling people unnecessary "anti-virus" or "firewall" apps to run on Android phones is another. And unfortunately, and without naming names, there are some devs and companies doing just that.

Without getting into technical details about *NIX systems – which Android and the iPhone OS are both based on, one of the reasons the media techies definitely know better when they spread this story, or they shouldn’t be writing about tech at all – and how they’ve been banged on for decades and don’t have the same vulnerabilities as, say, Windows…here’s why you’re getting scammed if you buy anti-virus or anti-malware or firewall software for your Android phone.
 
###
 
First, a little professional background on me: I redesigned all of the McAfee Windows products in the late nineties, designed new products for Mac and Lotus Notes and etc., was in charge of UI and graphic design and worked on international localization for all their products for a while, and worked very closely with the antivirus labs there, to the extent that I got called in on weekends to build emergency sites for the kinds of infestations that end up on CNN and Saturday Night Live, that week.

I have some passing familiarity with how this stuff works, in other words, especially for somebody who isn’t a security engineer or cryptography expert.

And here’s how it works, in a nutshell: one, you have giant and growing databases of all the evil code that ever was and could attack your target platform, and your software checks selected strings of code against those databases for matches. That’s the bulk of malware scanning – the software looks at something new and then looks it up in a giant library of malware that already happened. That’s the reason you do those regular updates, if you run a computer whose OS is a target.

There aren’t any Android bugs to use to build a database. There’s nothing for an Android "antivirus" app to check for. The library is empty.
 
###
 
Anti-malware software also uses heuristic scanning – you may have seen that word around or in the documentation for your software. The word may sound a lot harder to get than it is, really: it means "rule of thumb." Heuristic scanning is made possible when your anti-malware or security application has been given the limited ability to make guesses and predictions, based on past observations. Just like you and I do, which is pretty cool. (Or terrifying, depending on your perspective.)

Heuristic scanning is used the way you use the wisdom your parents gave you and the wisdom the world beat into you after you left their house. You live, you learn, you make mistakes, occasionally, and it’s hoped that in the future you avoid the situations that tripped you up . You develop heuristics like "I like gin more than it likes me" or "Probably best not to jump from one relationship directly into another" or "I bought a computer that cost twice as much as anything else and they wanted me to use a paper clip to get discs out whenever it froze, which was all the freaking time."

Heuristic malware scanning attempts to identify as-yet unknown bad code by comparing its characteristics and behaviors to the those of past malware you’ve got in your library, already.

You should be seeing a pattern, here, and developing your own heuristics to better guard against human malware in the future.
 
###
 
As there is no history of Android malware, at this point, there aren’t any libraries of bugs to check. And because there aren’t any bugs…you can’t develop heuristics, either. I mean, you can, but they’ll be meaningless and useless, if not harmful. (Human heuristics like this, based on little or no actual data? We call those "prejudices.")

So that Android antivirus software you bought, if you bought it? Is doing nothing but running your battery down. I downloaded a free version of a popular one, just because I was curious when writing this thing. I let it do a "scan" the first time, walked away, and figured I’d come back and see what the results looked like. I never got any results. My phone died. The "antivirus" just ran and ran and ran until the battery was dead, it never stopped.

Honestly, I was just glad it didn’t screw anything up while it was pretending to protect me.
 
###
 
Anyway, people who tell you that Android phones are riddled with scary bugs are either infected with bullshitware, or they are human bullshitware, themselves. If the person got paid to tell you that, they’re a walking, talking virus, it’s safe to assume that – they did that on purpose. If not, they’re probably just infected and repeating something they heard and can’t help repeating, the way Outlook can’t help sending crap to everybody in your address book when it swallows something similarly bogus.

People who sell you Android anti-malware and security apps, at this point, only fit in the latter category, I’m afraid: they’re bugs pretending to be people. And while you may or may not face issues with malware on Android phone in the future, you will deal constantly with human malware, for as long as you live.

My advice is to worry not at all about viruses infecting your phones until such point as you’ve at least heard about any documented infections. You’ll know when you need protection, because phones will be getting bugs. Until then, you don’t need it. Also, any legitimate future enterprise of this sort will have one big tipoff: a library of nasty bugs at their web site you can use to look problems up yourself, just like McAfee and Norton and AVG and Avira and Kapersky and Panda and etc. all have now. Anybody who doesn’t have that, at least, is scamming you.

Do, however, keep your anti-bullshitware firewall and scanners up, active, and be sure to update them at least once a week. Those are free, and human malware, unfortunately, continues to be an issue no matter how many times the platform gets upgraded or patched.
 

^RNL