Just before the recent Google I/O developer conference, Google’s chief security engineer for Android, Adrian Ludwig, told journalists that most users shouldn’t bother with anti-virus.
Ludwig said “99%” of Android users wouldn’t benefit from a mobile anti-virus and declared that the risk from Android malware is “overstated.”
Moreover, Ludwig accused security software companies of distorting the facts about the exploding volume of Android malware, according to the Sydney Morning Herald’s tech reporter Ben Grubb.
It’s quite a statement coming from someone so high up the food chain – and a security engineer no less – to dismiss the value of anti-virus for the vast majority of users.
Ludwig reportedly said:
I don't think 99% plus users even get a benefit from [anti-virus]. There’s certainly no reason that they need to install something in addition to [the security we provide].
If I were to be in a line of work where I need that type of protection it would make sense for me to do that. [But] do I think the average user on Android needs to install [anti-virus]? Absolutely not.
It’s understandable that Ludwig would want to downplay security threats to Android at a time when Google is expanding its Android ecosystem to include wearables like smartwatches, televisions, and even cars.
Ludwig seems to take for granted that – despite surging numbers of malicious Android applications – the risk is low for any individual user.
Truthfully, the risk of downloading Android malware is low compared to PCs, but there is still every reason to have an anti-virus.
Android has a pretty poor reputation for security – and not all of it’s because of some bad marketing hype.
Bad apps in Google Play – how many have been bitten?
There are several problems with Ludwig’s assertions that users don’t need or won’t benefit from an anti-virus.
First and foremost, Google’s automated process for vetting apps in its Play Store is not ironclad, even though Ludwig said Google’s review process is the best “possible” for security purposes.
Although Google’s review process is undoubtedly stopping some malware, bad apps have made it into Google Play many times, where they’ve snagged thousands of victims.
The total number of malicious apps isn’t the only thing that matters either – the amount of malware that gets downloaded depends on how popular those bad apps are.