InformationWeek published a column yesterday headlined “Android Security Becomes FUD Fest” which states:

Of course, as one reader commented on Zeman’s story, mobile security also depends largely on user behavior: “If you don’t want apps to have access to your personal data, then don’t install apps that say they are going to access your personal data. It really is that simple. No app will ever have access to your personal data unless you have explicitly given it permission to access that data,” writes DLYNCH294.

Really? Consider these facts:

  1. On many devices, the Android mail client by default saves email attachments to the SD Card. An example of this is the Droid X running Android 2.3.
  2. Apps require no special permission to read the SD Card and are not limited to their own data.
  3. Therefore, email attachments are commonly and widely exposed to being read by apps – even apparently safe apps that do not request explicit permission to access personal data

Do email attachments ever contain personal data, or sensitive corporate data? Come to think of it, they often do.

While I agree there has been some piling on regarding Android security lately, what is really needed is clear and correct information instead of vendor promises and journalist oversimplification.

Our Mobile Security Risk Report provides 80+ pages of real technical security risk intelligence focused on Android and iPhone, including key issues, policy recommendations, mobile risk assessment, guidance on MDM software, and more.

The antidote to FUD is quality information.