The App Malware Problem: Is There a Solution?

Google had to remove some criminal's idea of fun from the Android Market - no surprise there. But reaction isn't sufficient - failure to address this threat puts much of the future of mobility at risk.

The news that there is malware in the Android Store comes as no surprise. Any open marketplace presents an opportunity for the criminal element to ply their disgusting trade, as they have for so long on the Internet. So, the big question is what can be done about the problem. As more and more of us use our handsets and related devices as our primary information tools, a solution here is essential.

Is that solution the Apple model? I'm often reminded by a good number of people that the relatively closed nature of the Apple App Store should provide a greater assurance of quality. But does Apple guarantee such? Um, no. And there's no way they could, even if everyone at 1 Infinite Loop spent their entire day reading source code. Functionality in Apple's apps is already restricted to a high degree, part of the reason why it's more difficult for malware to creep into their ecosystem, but it's not outside the realm of possibility that disaster could strike even here.

Or is the future more along that of what we've become accustomed to in the PC world - device firewalls, virus checking, spyware monitoring, and etc.? Well, I hope not. The PC became a bloated, inefficient mess in part due to the lack of strategic architectural thinking on Microsoft's part. And we bought it because there wasn't anyplace else to turn (Macs were viewed for most of their history as expensive and exotic).

Or should we concentrate on building more robust and hardened platforms, rather than imitating the PC as we do today? This could work, but such will take a good deal of time and investment that most device builders won't want to make. Margins are thin enough already.

Or should we move to more of a Web-services/cloud-computing model, with little software actually running on the local device? No guarantees here, either.

Or is there another model to assure software functionality? This has been an area of active research forever, and I'm unaware of any definitive findings in this direction.

Or is it simply time for the world to come together and agree that we have a contextual problem, and that successful civilizations run on trust, and that without trust and some general assurance of mutual goodwill, we might as well give up now? There are far too many cyber-criminals on this tiny planet, and I think it's time to ask why we let these miscreants get away with it. Who's up for an international treaty here? Sure, that will take time. But the very economy of this planet, fragile as it already is, is further put at risk if the future of so many human activities is clouded by criminality.

Copyright © 2011 IDG Communications, Inc.

The 10 most powerful companies in enterprise networking 2022