Google's open-source software leader has lashed out at companies selling antivirus software for mobile devices including Google's Android operating system, calling them "charlatans and scammers."
Chris DiBona, Google's open-source programs manager, unleashed his tirade after seeing a press report about "inherent" insecurity of open-source software, which is used not just in Android but also Apple's iOS. He argued that Android, iOS, and Research in Motion's BlackBerry OS don't need antivirus software.
"Virus companies are playing on your fears to try to sell you BS protection software for Android, RIM, and, iOS," DiBona said on Google+. "They are charlatans and scammers. If you work for a company selling virus protection for Android, RIM or iOS, you should be ashamed of yourself."
He didn't mention any companies by name, but there are plenty of examples. Symantec, Intel's McAfee subsidiary, F-Secure, and Kaspersky all sell mobile antimalware software. Also getting in on the action are two carriers, Sprint and AT&T.
DiBona argued that mobile devices, while not flawless, are inherently more secure than personal computers.
"No major cell phone has a 'virus' problem in the traditional sense that Windows and some Mac machines have seen," he said. "There have been some little things, but they haven't gotten very far due to the user sandboxing models and the nature of the underlying kernels."
Sandboxing confines computing processes to memory compartments and restricts their privileges, making it harder for a compromised program to be used as a launching point for more extensive attacks on a computing device.
But Kaspersky Lab begged to differ with DiBona's view:
Unlike on iOS and RIM, Android malware continues to grow at a rapid rate. Given Android's huge success, this does not come as a surprise as it's only natural for cyber-criminals to gravitate toward it. This exponential growth curve of malware for Android is extremely similar to that which we've seen for Windows malware, and while Android anti-malware products are still not a necessity like they are on PCs, users should strongly consider using them if they're concerned about the information they store on their devices and the security transactions they perform with it.
It's also worth noting that "viruses" don't exist on the Android to date--but Trojans certainly do. The DroidDream attack alone infected more than 100,000 users. The openness of the Android market place and platform has significantly helped Google in achieving such quick and tremendous growth, which in today's world also means it's become the preferred platform of choice by cyber-criminals.
Others defended their honor, too. "McAfee stands by its research, which shows an increasing number of attacks on mobile devices. The fact is that smartphones and tablets are computers, and they store valuable information, just as computers do. Criminals recognize this, and have found new ways to extract information from those devices," McAfee said.
And Mikko Hypponen, F-Secure's chief research officer, tweeted, "What @cdibona is missing is that these tools do much more than just antivirus: Antitheft. Remote lock. Backup. Parental control. Web filter."
There have been some bad tidings for security on Android.
Juniper networks said earlier this week that Android malware is increasing fast, hastened by the Android Market's lack of reviews. Symantec warned of phony Android apps masquerading as real ones, and McAfee said Android malware is increasingly stealthy and sophisticated.
Update, 8:51 a.m. PT adds comment from Kaspersky Lab.
Update, November 19, 6:34 a.m. PT adds comment from F-Secure and McAfee.