If You Use an Android Phone, Please Take Me Out of your Contacts…

home-bugdroid

I know that sounds harsh.  Especially so considering the large usage share that Google’s Android mobile OS enjoys.  Everyone knows someone with an Android phone.  In fact, chances are, at least a plurality of your friends are using the platform on their phones.  There are somewhere around, I don’t know, a gazillion or so different handsets on the market sporting Android.  There is no question it’s popular right now.  Even though I am partial to another platform (in fact, I proudly work for the company that produces my mobile OS of choice), I don’t begrudge the search giant their success in numbers right now.  And for my friends and colleagues who use such phones, I respect your choice.

Just take my personal information out of your contact list.  Please.

You see, the Android ecosystem is a mess, and it’s not hurting just the Android users.  As many have found out, when you buy and start using a smartphone, you’ve bought not just a device, but you’ve bought into an ecosystem of sorts.  A modern smartphone OS is a platform, just like Windows or MacOS, on which applications, utilities, even companion desktop software is built.  So while you purchased a Motorola, or a Samsung, or an HTC (or other) device, you also bought a platform.  And part of that platform is a huge collection of “apps”, or applications.  That’s one of the beautiful things about a smartphone (or any healthy technology platform); it will be able to do more tomorrow than you realized today it can do.  That’s the magic of software.

These applications are usually found today in marketplaces designed for the platform.  Each mobile OS has it’s own marketplace.  In the case of Apple’s iPhone, it’s called the Apple App Store.  For Microsoft’s Windows Phone, it’s called the Windows Phone Marketplace.  And for Android, it’s, well, a bit more confusing.  I’ll revisit this in a moment.

History (not for the easily bored, skip to ‘The Goodies’ below if you’re in a hurry)

A little background may be in order here.  There are several different approaches being taken today for smartphones by their creators, but history plays a role in getting to where we are, so I’ll cover that quickly.

The original battle as smartphones started to exist was between Microsoft’s original mobile platform and, first, Palm, and then Blackberry.  This played out through the early to middle part of the last decade.  Microsoft’s approach was to license the OS, which was highly flexible and complicated, to the OEM phone manufacturers, and let them do with it what they wanted to.  They could include certain modules, leave others out, create the hardware any way they wanted, use different sizes and shapes of screens, etc.  Also, back then, there was no official place to get apps; each OEM and each user were on their own.  RIM (the creator of the Blackberry) took a different approach.  They owned the hardware AND the software, as well as enterprise server products to manage these for companies.  They had the beginnings of a “walled garden” in which they owned everything from the device to the OS.  They released a line of phones that became quite popular with business users.  But, they had a problem.  They were competing with a platform (eventually to be known as Windows Mobile) that had devices proliferating like crazy.  Their walled garden was attractive to businesses (IT departments were in control), but inevitably, the single-vendor approach, while successful, didn’t garner the market-share that the many devices, one (sort of) platform approach could.  I remember seeing a statistic back in maybe 2004 or so (don’t quote me, I can’t find it right now) that more Windows Mobile based handsets were sold that year than the whole current, at that time, user base of RIM’s handsets.

Great plan, right?  Well, if you know anything about the history of smartphones, that open, free-for-all approach ended up backfiring on Microsoft, and they’ve lost almost all of that market share.  How?  Simple.  The ecosystem, while ultra-flexible, was a mess.  Meanwhile, RIMs end to end approach may have slowed “innovation” a bit, but it kept the platform from becoming a mess, and this paid of big with businesses.  RIM ended up surpassing Microsoft in the latter part of the decade based on this idea of control and order.

Then the iPhone was released, and everything changed.

Here was a brand new platform being released that was innovative, desirable, beautiful, and completely closed.  In fact, it was as closed as the so-called “dumb phones” are still today.  There were no third-party applications available at all; everything that was able to go on the phone was put there by Apple explicitly.  The inventors of the platform wanted to keep it pristine, so no one else could play in the sandbox.  So, it was the “walled garden” taken to the extreme.  And, as it turned out, a lot of people wanted one.  It was an amazing leap in both handheld technology and market acceptance of certain practices (especially when it came to carrier control).

Eventually, even Steve Jobs and Apple loosened their stance on third party apps when it was demanded by the market, but they took the unprecedented step of creating a marketplace (known as the app store) that was itself a walled garden, cultivated and pruned by Apple themselves so as to have the last word on keeping their new platform as pristine as they could.  So not only did Apple approach this market as they had (with varying market success) the PC market by controlling the platform from the hardware and software standpoint, they took the next step of controlling even the third party software by creating an approval process and payment processing all wrapped into one.  And there was no other official way to get apps onto on iPhone.  All roads to the iPhone went through Apple.  Oh…and they took a 30% cut (but also dealt with all the payments, bandwidth, etc., for developers).  And then, over 400,000 apps were released.

Everyone quickly began to realize that there was a lot of potential value in running an app store, or marketplace, for a growing or popular platform, so everyone had to have one.  In fact, all the major players in smartphone platforms clamored to duplicate what Apple had done with their app store.

Microsoft, with the Windows Phone Marketplace, also closed it up and only allows approved apps to be installed.  But Microsoft, like Google with Android, doesn’t make hardware, so the OS has to be licensed by OEMs or hardware companies (like Nokia, Samsung, HTC, etc.).  Microsoft, though, had learned from their mistakes the first time they were in this market (and dominated, actually).  This time they gave the hardware makers criteria around the hardware (called the Windows Phone Chassis Spec), kept control of much of the platform, what could be installed, and required all of the OS to be on the device.  This would help keep the platform uniform and from becoming a mess, as before.  More importantly for the sake of this article, it left Microsoft in charge of the software, the marketplace, the apps, etc.

Google, on the other hand, has an open source platform.  In other words, Android is free to the OEMs, they have the source code, and they can implement it any way they want.  Google is ONLY in control of their marketplace (the Android Market).  The difference is that there are many other marketplaces, and because nobody is in control of the software on the device…applications can be installed from anywhere.  Add to this the fact that Google doesn’t really police their market very well, and we have pretty much pandemonium going on.  Applications on Android have far, far more control over the OS than third party applications can possibly have on an iPhone or a Windows Phone.  It’s more like being an administrator on your Windows PC and installing an app; you tell it once that it has full control, and the app can pretty much do whatever it wants.  This is what led to the epidemic of viruses and malware on Windows at the turn of the century before Microsoft caught the religion.

The Goodies (Bringing it Home)

This is exactly the state of Android today.  Anyone can create a marketplace.  A user can “side-load” any app they download from anywhere.  And apparently anyone can upload really scary stuff even into the official Android Marketplace.  Also, these applications have access to virtually everything on the phone or tablet, including contacts, email, etc.  Add to that the proliferation of Android into so many hands, most of whom are not technical and don’t fully understand the frightening underbelly of technology with it’s privacy and security issues, easy theft of identities, and even worse.  This malware is not just from some 13 year old in his parents’ basement anymore either; most of it is produced by very sophisticated information gathering illegal organizations and is sometimes even state sponsored (by countries such as China and Iran).

And on Android…it’s everywhere.  McAfee, a well-known anti-malware software company who runs a virus lab, says that Android (and only Android) is being widely affected by malware…and it’s on the rise.  In this report by McAfee researchers for Q3 2011, they noted that in the mobile space only Android has had any threats.  It reads, in part:

“Last quarter the Android mobile operating system (OS) became the most “popular” platform for new malware. This quarter Android became the exclusive platform for all new mobile malware.”

And they noted that the amount of Android malware this quarter almost doubled from the previous quarter, and more than quadrupled since Q3 of last year, which was 2010’s most attacked quarter.  Again, note that according to McAfee, there were zero (that’s 0, zilch, nada) malware attacks on Apple’s iOS and Microsoft’s Windows Phone platforms during that same timeframe, and almost 100 NEW virus and malware programs for Android.

McAfee is not alone.  Other virus labs, including Kaspersky Labs, Juniper Networks, and Symantec all agree that Android malware is on the rise.  They each of released reports basically echoing the same sentiments.  Those reports are here, here, and here, respectively.

What’s more, as you can read In this MSNBC.com article, it is reported that Android customers just don’t care yet (There are some other good data points in that article as well, so if you’re interested, I encourage you to read it).  This has been my experience as well.  In fact, a friend of mine who has a small android device showed me a fish background app that she had installed many months ago.  When I told her that I had read that there was Android malware going around that did that, she thought for a minute, shrugged, and noted that it was cool anyway.  I instantly thought, “Well, can you take me out of your contacts, then?”  I can’t remember if I said it out loud or not, but while this was quite some time ago, it was the origin of this article.  Recently, though, it’s gotten so bad on Android, that I had to finally write this.  Oh, and all the anti-virus software that these companies are selling, it’s not going to fix this problem. In fact, unless you buy from a reputable company (including those linked to in this article), you’re likely installing more malware on your phone. Also, even the reputable companies offerings are very limited. Gizmodo did a report on this here.

So, you may be wondering what this malware does.  According to the sources I’ve linked to in article, it can and does do a lot of things.  Anything from simply sending texts to for fee numbers (so they can collect on those fees) to actually recording your phone calls.  It’s scary, scary, stuff, actually.  If you use an Android phone, I highly encourage you to click on these links and do a little reading.  You may not think you’re being affected now, but with Android malware increasing an alarming 472% since July (MSNBC.com article), you probably will.

Personally, I wouldn’t touch Android with a 10 foot, sterilized, pole in these current conditions, but what worries me, beyond having bad things happen to my friends who do use it, is that this can ruin my day, too.  Significant personal information of mine is being carried around in a lot of phones.  I‘m not the most popular guy in the world (or probably even on my block), but I would guess my address, phone numbers, email addresses, and maybe even my kids names, etc., are on at least dozens of Android handsets.  If any one of these gets infected, which is becoming more and more likely every day, that information could easily be shipped off to who-knows-where, to who-knows-whom, for them to do who-knows-what with it.  I can guarantee you, whoever it is, they’re not going to send me a gift basket with that data.  Well, I don’t want them to have it.

So that leads me to my premise.  I love you guys, but if you’re using Android, take my personal information off your phone.  Please.  Better yet…when it’s time for you to get a new phone, don’t chose one based on Android unless this mess is corrected by then (but I wouldn’t hold my breath).  Then we can text and stuff again.  I’ll be waiting.