The same week a Microsoft developer discovered a new e-mail botnet taking over Android devices, USA Today reported that the U.S. military is getting involved in efforts to make the mobile operating system more secure.
The Defense Research Advanced Projects Agency (DARPA) has hired Invincea to create software for Android that makes it more difficult for malicious hackers to gain control of devices, and also less likely that data can be extracted from lost or stolen tablets or phones. Invincea is already putting the $21 million grant to use, testing its software with 3,000 soldiers in Afghanistan.
Android’s open philosophy has helped it with consumers, propelling it to a solid lead in smartphone market share in the U.S. At the same time, corporate clients have been more hesitant to adopt Android devices. Plenty of security solutions exist, but mostly rely on the end user to install antivirus software.
Invincea hopes to introduce its own consumer security software based on its military work, said the company’s founder and CEO Anup Ghosh. If it does, it would join companies like AVG, Lookout, and Symantec, which have released independent antivirus and antimalware apps for Android. It could also go another route: joining with Google and integrating directly with the operating system. That would make Android inherently more secure without sacrificing all of the freedom Android users enjoy.
There is middle ground between being totally open and totally locked down like Apple’s iOS. One Android security feature – which is easily disabled if desired – is the prevention of installation of apps not from Google Play. Third-party security software can scan every app at the time of installation, and even every time they’re opened, for signs of infection or malicious behavior.
Unfortunately, that still puts the processing burden on the consumer’s device. Apple’s approach has the advantage of providing a trusted source, the iTunes App Store, for apps. Still, even that approach isn’t perfect: though far less malware exists for iOS than for Android, it’s been demonstrated to be possible. “Jailbreaking” an iPhone to allow it to run apps from anywhere puts it at the same risk of downloading risky code as an Android device.
It could be a year or two before Invincea’s solution makes its way to consumer devices. By that time, perhaps Android will already be less vulnerable to malware.