Symantec has "adjusted" its statement to Computer World that as many as 5 million Android users may be affected by the latest bit of malware, coming to the conclusion that the applications in question are simply using an aggressive ad network SDK.  This mirrors the statement issued by Lookout, as well as our own.  (And as well as Computer World's Android Power faction.)

After initially telling users that the "malicious code" found in 13 Android Market applications was malware and capable of data theft and other nefarious activity, Symantec now says the apps in question are more akin to Windows adware and not inherently malicious.  

In other words, it's crapware.  This we can all agree with.  The apps in question use an advertisement SDK that allows things none of us likes -- it can add bookmarks, change your homepage, add shortcuts to the home screen and the like.  We've all installed some free Windows program from the web, and had it install (or try to install) browser toolbars, add shortcuts to the home screen for more spammy programs.  We all hated it then, and we hate it now.  What we hate even more is when a company that claims to be acting in the interest of our security jumps the gun and labels these types of programs the same way it would label a bot or trojan.  

We're mostly informed users here, and quickly realize the difference.  But how many of those who stumbled across websites parroting Symantec's cries of five million infected are as Android savvy as we are?  There's a good chance that it's not that many.  Instead those readers were left confused and concerned that they had been "hacked."

We hope that the rest of the web that followed along will update their stories with today's news. And more important -- we hope that app developers stay far away from this sort of thing. Lord knows we're going to stay away from them if they don't.

Source: Symantec


Reader comments

Symantec updates its scary (but wrong) Counterclank 'malware' claims


If an app has the potential to add bookmarks, change my home screen, and show popup adds on my cell phone, the it is malware. It has an undesired effect on my device, it is malware.
It may not be as bad as the viruses, worms and trojans they grouped with,but it is still malware.
It makes android look bad. It is malware.
The use of which is unacceptable. And should not be stood for.
I have 3 antivirus programs installed and running,none are symantic. They used to have different functions, but are starting to have the same features now. None of them have a problem with my apps.
Protect yourself, stay safe.

Any app that did those things on my computer would qualify as malware, just as it would if it did them on my phone. No thanks. It sounds like you simply have a lower standard for acceptable behavior for applications, Mr. Hildenbrand.

Does either Symantec or Lookout tell me before I load software infected with this thing so I can stop, or tell me immediately after so I can delete it? Or is Symantec just hyperventilating and Lookout just yawning?

Call it what you want; most of us don't want cr*p like this on our Androids. If one of these programs will keep it off, that's the one I want.

Symantec lost my respect on the desktop years ago. I think many people feel the same. Alarmist claims like this recent one only hasten the trend. I'm not saying I approve of the behavior of the apps identified - I don't - but false claims by Symantec aren't any better.

If it walks like a duck and talks like a duck, chances are...I don't want the damn thing on my phone.

I think it's ridiculous that Jerry finds it acceptable for apps to behave this way. If the apps containing this would disclose what they do up front, that's one thing, ads pay the bills after all. But they don't, which makes it shady and unaccaptable behavior. Period.

My thoughts exactly, right down to the duck. This is the second time this author has employed the "Oh, well" philosophy to this situation. Where Symantec has overplayed it, in my view, Jerry tends to go the opposite way.

I don't use any kind of virus scanner on my phone. I use Cerberus to help track the phone if it's lost (Love that app. A virtual pair of mean dogs out to wreak havoc on the loathsome thief who stole it)but that won't help if I get a nasty bit of malware. On the PC, I know how to dispose of every shred of junk like this. On an Android phone, I don't. To me, that elevates it significantly from the 'crapware' designation Jerry so insistently wants to apply. Quaaaaaaaack!