Early last week it was reported that a number of applications had been discovered in the Android Marketplace that contained malware. As things developed, we learned that the apps were sending certain ids and preferences to another server, but not really doing anything damaging. The applications were exploiting a known vulnerability in the Android OS to get this data. It has been revealed since then that these applications have the capability to download new code and then do additional things.
Google has removed the applications from their marketplace and users phones using their remote kill capability. This should have removed the known offending apps from the vast majority of users phones. They will also patch the OS and somehow fix the malware installed on over 200,000 users’ phones.
One of the problems with the Android model is that Google can’t release a fix to all users of the OS at once. They have to release it to the manufacturers who then in turn need to implement it, test it, then deploy it to the devices. In contrast, Apple maintains full control of their OS; if there is an issue, Apple can release an iOS update to all devices.
But you may wonder, “Can these same malicious applications make it to the Apple App Store?” Of course they can, but the chances are greatly reduced by Apple’s approval process. Furthermore, capabilities of any malicious applications that might appear on iOS have much less access to the device and your data than they do on Android OS. That is unless your device is jailbroken – then it’s effectively wide open.