Symantec stirred up controversy last week when it announced the discovery of apps in the Android Market that it deemed malicious. Symantec has now stepped back from calling the apps "malware", but it still maintains that the apps in question do unwanted things that legitimate apps shouldn't do...so what's the difference, exactly?
First a quick recap. Symantec identified some apps from the official Android Market that were doing suspicious things, and dubbed the "threat" Android.Counterclank. Lookout Mobile Security took issue with the Symantec news and claimed that the apps are simply part of an "aggressive" ad network rather than malware. Upon further investigation, Symantec recanted on its malware claims and agreed that the apps are, in fact, adware or spyware.
The thing is, the apps do things that cross the line. Symantec says the apps can change the default home page in the browser, add bookmarks, and place shortcuts. Those are the sorts of actions I associate with browser hijackers in Windows, and I can say with confidence that I would not appreciate having an app perform those actions without my explicit consent on my smartphone.
Seriously, aren't we just splitting hairs at this point? It's malware. It's not malware. It's a relatively benign app that does some shady things. It seems to me that we're getting bogged down in semantics (not to be confused with Symantec -- no pun intended).
The bottom line is that these apps do things that users do not intend or desire, and that they are generally unaware they have agreed to. Call it adware, spyware, malware, or whatever you like -- as far as I'm concerned, if the app does things that are shady, it's malware. Period.
There is no value from the end user perspective in drawing nitpicky distinctions between types of malware, or just how malicious they are. If it might do something I won't like and didn't authorize, then I want it detected, and I want to be alerted regarding the potential activity.
In its follow-up post, Symantec explains, "The situation we find ourselves in is similar to when Adware, Spyware, and Potentially Unwanted Applications first made appearances on Windows. Many security vendors did not initially detect these applications, but eventually, and with the universal approval of computer users, security companies chose to notify users of these types of applications."
Right. So, why not skip over the debate part and jump straight to the part where we all agree that these things should rightfully be identified and detected as malware?
Over time the lines have been blurred between antivirus and antispyware, and have evolved to become antimalware. We don't need to go through the same lengthy process to arrive at the same destination just because we shift from PCs to mobile devices.
Symantec has taken some heat for being alarmist and spreading FUD (fear, uncertainty, and doubt) related to these apps. Personally, I think Symantec should be commended for bringing attention to the shady activities of these apps, and that it should stick to its guns.
Malware is malware.