No news here! Google says download apps from any source other than Google Play, and your Android world, could come crashing down.
China, for example, does not have Google Play, and Chinese search engine Baidu recently paid $1.9 billion for local online app store, 91 Wireless.
No surprises that Symantec conveniently then found the ‘Android master key’ malware in two applications on 91 Wireless store. The two apps were legitimate but a hacker had used the vulnerability to inject code to remotely control the device, steal sensitive data, send premium SMS Messages and disable Chinese made security applications. Perhaps only Symantec can keep Android safe as well.
Fragmentation a.k.a. cesspool (yes I am a broken record about this horrendous issue) is Android’s greatest threat, and we now see several - no, make that dozens of variations - that take Android further from Google’s custodianship. Simply put, when a major vulnerability strikes, there is not enough coordination to shut it down quickly and effectively for all users.
Amazon, Sony, LG, Samsung, Huawei, Lenovo, ZTE and other equally respected manufacturers want to run their own versions and have their own app stores, which is where the money is.
And by necessity, there are many Chinese versions that legally circumvent the need for Google registration. It all boils down to whether you trust that app store to validate the integrity of its app. Baidu and 91 Wireless will learn very quickly.
Such is the nature of Android (Open source) and organised crime (closed source making too much money) that this problem will not go away in the short term.
Android will remain the ‘wild west’ operating system and users will need to be extra cautious and definitely use anti-malware and virus protection.