Bouncer is also far from complete when it comes to what it looks for. While it does scan for malware, it doesn't look for 'greyware' code, a category that includes things such as spyware, adware, and aggressive ad platforms. While 'greyware' isn’t technically malware, as far as most people are concerned it's undesirable because it’s annoying and can suck additional bandwidth which can end up costing you money.
As the good guys get smart, the bad guys get smarter.
Malware in the Android Market and other app repositories is not the only problem facing Android. Another threat to the platform comes from ads and bloatware.
Ads present a problem because people don't know at install time whether they're giving the app permissions, or the ad module that's baked into the app. This is a problem because the app might genuinely require specific permissions to work properly, but the ad module that also forms part of the app is unlikely to need the same permissions. This is true despite the fact that the Android OS gives the module the same set of permissions.
This is a problem in the way that Android works, and something that Google could do something about if the company desired.
Bloatware is also a problem that needs solving. While Google is responsible for Android, the handset makers and carriers all want to add 'features' to the code. All this additional and unnecessary code brings with it more vulnerabilities that users have to contend with.
It's hard to see a solution to this other than having greater scrutiny of the code. Google can't ban the handset makers and carriers from adding this code. And the makers and carriers think that personalizing and branding Android handsets is important for differentiation in an already packed, cutthroat market.
So, what's the solution to this problem? Well, first I think that Google needs to gets its app screening process working effectively. This would become the first line of defense between the bad guys and the end users.
Google's going to have to work hard at keeping ahead of the rapidly evolving landscape, but given how much money the company makes from Android (currently around $2.5 billion a year, a figure that's set to double), the company has a incentive to make Android work and avoid bad press.
Handset makers and carriers can also do their part by paying closer attention to the code they preload onto handsets and by making sure that updates are sent to users in a timely fashion (both updates to their code, and Android updates). One of the best ways for users to stay safe is to be running the latest and greatest version of Android, but statistics show that most users are one or more versions behind.
Can Android handset owners do something to protect themselves? Sure they can. First, they can familiarize themselves with app permission that they are asked to grant after installing a new app.
A game doesn't really need to be able to send SMS messages and access contacts and other data held in storage. Permissions offer the user a reasonable level of protection, but it seems that most are clueless when it comes to understanding them.
Another thing worth considering is an anti-malware program. While most free anti-malware apps for Android are useless, there are some good products out there made by reputable firms such as Symantec, F-Secure and Bitdefender. They’ll offer you all-round protection against emerging threats. These solutions will cost you, but you have to ask yourself the question: can you put a price on peace of mind?