Digital Life

Mobile anti-virus not needed: Google

Mountain View, California: The majority of Android smartphone and tablet users do not need to install anti-virus and other security apps to protect them, despite dire warnings from security companies selling such products, Google’s head of Android security says.

Adrian Ludwig, the lead engineer for Android security at Google, said there was "a bit of a misperception" in how the company reviewed apps for its Google Play store in comparison with other stores.

Google says most users do not need anti-virus on their phone.
Google says most users do not need anti-virus on their phone. Photo: Reuters

He also said those who used security software on their phones would likely get no protection from it.

"I think ... paying for a product that you will probably never actually receive protection from is not a rational reduction of risk – but people buy things for lots of reasons."

Google's Adrian Ludwig
Google's Adrian Ludwig Photo: Ben Grubb

Mr Ludwig said every Android app goes through an automated system that checked for issues, and verified apps before they were made available on the app store.

"By the time a user goes to install an app they’ve had ... the best review of that application that is possible," he said.

The risk of potentially harmful applications ending up on users’ devices was therefore "significantly overstated" and the actual risk of a damaging app being installed was "extraordinarily low", he said.

"Certainly if you compare [the] Android [mobile operating system] to any desktop operating system, it's orders of magnitude different.

"And in practice most people will never see a potentially harmful application from our data ... [in fact] most people won't even know someone who has ever installed a potentially harmful application. So ... I believe it is an overstated risk."

Mr Ludwig was speaking to journalists at the company’s Mountain View headquarters in California a day before Google's I/O developers’ conference last week, where it was made clear that Google wanted to extend Android beyond phones and tablets to cars, watches and televisions.

He rejected reports from numerous security vendors showing Android was a hotbed for malicious software compared to other mobile platforms, saying the firms often presented their statistics in a misleading way. He said the numbers didn't show how many users were actually affected by potentially harmful applications. The reports instead focused on how many potentially malicious apps existed, and not whether they were ever installed by users.

Apple chief Tim Cook recently used industry figures at the company's Worldwide Developers conference to take a swipe at Android, saying it "dominates" the mobile malware market.

"It's a convenient way for [security firms] to [count] it like that because it never goes down. If you just count that number the world always looks worse, which [is what] sells their product," Mr Ludiwig said.

"The way we talk about potentially harmful applications on Android is how many users are affected," he said. "If nobody ever installs that application, does it matter? If [a potentially harmful application] never got into [the] Google Play [store], does it matter? That’s what we focus on."

Users who chose to use anti-virus on their devices would be no better off, he said.

"I don’t think 99 per cent plus users even get a benefit from [anti-virus]," Mr Ludwig said. "There’s certainly no reason that they need to install something in addition to [the security we provide].

"If I were to be in a line of work where I need that type of protection it would make sense for me to do that. [But] do I think the average user on Android needs to install [anti-virus]? Absolutely not."

But he conceded it might be useful for  the particularly security concious.

"Sometimes [anti-virus on phones] will warn you about threats," Mr Ludwig said.

He also recommended users stay on the latest Android version to stay safe.

It is not the first time Google has said people don't need security software on their phones. In 2011, a Google engineer labelled vendors who sold anti-virus software for mobiles as "charlatans and scammers" after some criticised Android for allowing too much malware.

Open source programs manager at Google Chris DiBona said then that anti-virus firms were playing on consumers' fears "to try to sell you [bullshit] protection software" and claimed that the supposed mobile malware problem was a bogus scare campaign created by the security companies.

"If you work for a company selling virus protection for Android, RIM or iOS, you should be ashamed of yourself," DiBona said in a post .

The writer travelled to Google I/O as a guest of Google.

15 comments