The Android ecosystem is in a sad state of array. Who can trust it? Google itself cannot keep up with malware detection and the rates of trojan infection is increasing exponentially. Not a day goes by without a report of a malicious app. Do you think it will stop? No. Unfortunately, it is like the game of mack-a-mole.
@AppDefects wrote:The Android ecosystem is in a sad state of array. Who can trust it?
The problem may not be the Android ecosystem as much as the segment of Android users who are more suited to payphones than smartphones. So there is a lot of malware for Android. There is a lot of malware for every platform. Yes, it is an issue that there is no central authority policing the app stores (or doing a good job of it), but the real issue is the segment of idiots downloading crap and installing it willy nilly. Trust me, some of them are my family members. Really, for those us in the industry, the threat of Android malware is an indictment against us; we've done a terrible job educating people, or at least convincing various powers that be - from grade schools all the way up to our employers - of the importance of security awareness.
@JoePete wrote:
...the real issue is the segment of idiots downloading crap and installing it willy nilly. ....
The CamScanner case is a bit different. This is more a case of ongoing monitoring than it is of up-front screening.
The app was released in 2010, has 100M+ installs, with 1.8M reviews, averaging 4.6. They also have an iPhone version that rates 4.8 with 310K reviews. With these stats, I would have been likely to install it if I needed its functionality, as I suspect would most of us.
Years later, the manufacturer released a malicious update. They blame a 3rd party SDK and claim to have fixed the issue. Meanwhile, the malware was independently detected and the app recalled by Google.