Symantec has "adjusted" its statement to Computer World that as many as 5 million Android users may be affected by the latest bit of malware, coming to the conclusion that the applications in question are simply using an aggressive ad network SDK. This mirrors the statement issued by Lookout, as well as our own. (And as well as Computer World's Android Power faction.)
After initially telling users that the "malicious code" found in 13 Android Market applications was malware and capable of data theft and other nefarious activity, Symantec now says the apps in question are more akin to Windows adware and not inherently malicious.
In other words, it's crapware. This we can all agree with. The apps in question use an advertisement SDK that allows things none of us likes -- it can add bookmarks, change your homepage, add shortcuts to the home screen and the like. We've all installed some free Windows program from the web, and had it install (or try to install) browser toolbars, add shortcuts to the home screen for more spammy programs. We all hated it then, and we hate it now. What we hate even more is when a company that claims to be acting in the interest of our security jumps the gun and labels these types of programs the same way it would label a bot or trojan.
We're mostly informed users here, and quickly realize the difference. But how many of those who stumbled across websites parroting Symantec's cries of five million infected are as Android savvy as we are? There's a good chance that it's not that many. Instead those readers were left confused and concerned that they had been "hacked."
We hope that the rest of the web that followed along will update their stories with today's news. And more important -- we hope that app developers stay far away from this sort of thing. Lord knows we're going to stay away from them if they don't.