Dear downvoters: how serious really is this "Android malware problem"? I understand you can put a malicious app on the store and some clueless idiots will install it, but, then, we have windows on buildings and every once and then some clueless idiot falls through one. We don't call it "the window problem".

That's not really an apt comparison, as the windows are not disguising themselves as, say, bathroom doors, a place many people are likely to visit. It doesn't have to be massive to be a problem or even to be significant, it just has to be out of the ordinary. The reason this is a problem is because many people trust their phones, don't expect malware to infect them there, and they have no way of knowing what is a malware app and what is not.

The reason this is a problem is because it is happening, and it is picking up speed. If your engine is leaking oil, you take steps to get it fixed _before_ your pistons seize. That's what this article is trying to highlight.

> it is happening, and it is picking up speed

Again, I refuse to believe I live in a magical land unaffected by the daily problems that cost countless sorrows to the rest of mankind. I never experienced an Android malware and never heard of someone who did. It's entirely possible someone somewhere installed a malicious application or jumped out of a window, but the fact I know nobody who did it gives me pause when people say the sky is falling.

It's not.

>It doesn't have to be massive to be a problem or even to be significant, it just has to be out of the ordinary.

The fact that it exists, regardless of if anyone installed it or was damaged by it, is the problem. It's time to start thinking of solutions for that problem _before_ you or anyone you know is affected.

If we look at it this way, we should address the problem of sandbox escape on WP7 because it can happen we don't know exactly how.

One way to check for malicious software on Androids would be to automatically run it on virtual hardware and flag malicious behavior for review by human beings.

It's probably the same process Apple uses.

I agree. The best way to protect from malware is to stop it before it happens. What better place to be able to do this than on embedded software, where everything can be controlled centrally? It'd be hard to fully protect sideloading apps on Android, but at the very least the marketplaces should be fully protected.

Every app on every marketplace should be tested for malware, and the device should be able to scan for apps acting outside of the limitations imposed in the API. I have a WP7 device, and it's kind of like the new Mac where thanks to its marketshare it's not a huge target. But I'd be willing to bet there's some exploits out there that could be targeted, and that scares me as a netsec employee.