Recently an article popped up about a paid virus protection app being number on the Google Play Store. This app as it turns out, is malicious. (Link for the lazy: virus protection on google play is secretly malware )
Another twist/publicity jump from Microsoft is that they are now cracking down on any and all malware that is challenging to uninstall, looking at you random toolbars and programs that come with “free” downloads. (Link for the lazy: microsoft cracks down on malware)
This is an interesting turn of events for security in our modern time. This year has shown Americans stand against the NSA and learn more about data freedom than ever before. But how did something so malicious slip past the Google reviewers? I am all for an open source code for the operating system, but I want to trust something as simple as an anti-virus program.
Malware on Android is no secret, it runs rampant in APK files that are not always on the Play Store. Apple has the same issues but they have a swifter acting review process. There are tens of millions of applications on both app stores, but there has to be something in process to check on every applications behavior. Things like this are going to ultimately hurt independent developers in the long run, and there is always a need for creative independent developers.
Steam has an independent “store” called Greenlight. Everything is voted on by the community and if the community vote wins then it is then allowed on the Steam Store. This process allows for far more scrutiny and security for the user. Look back to when Flappy Bird went viral and then made a quick exit, all of the copy cat applications thrived and hit ad revenue jackpot and more and likely mined personal data from your phone.
To keep this short and simple, be careful and read in detail the privileges applications are granted when you install them. There are other ways to monitor applications built into the Android operating system, but you have to use common sense and learn how to read real reviews from fake ones. Your personal data should remain personal.