Android malware definitely exists, but for the most part it’s not going to spread. As an operating system, Android is very safe. Unless you’re a fan of visiting shady sites. On the rare occasion that users encounter Android malware, it’s usually an issue of user error.
But now, a new security hole was discovered in all Android versions ranging from 1.6 to 4.2. This security hole is interesting, because it doesn’t directly infect your device. It does, however, allow apps to be modified without changing their cryptographic signature. This means that a legitimate app install could be updated with malware.
Sounds dangerous, right? Well, I can guarantee your safety if you follow a few simple rules. First of all, the malware cannot be spread through the Google Play Store, so you have nothing to worry about there. Google had recently updated Google Play security to avoid malicious updates taking advantage of this security hole. They have also made it against policy for Play Store apps to update outside of the Play Store. The vulnerability can still be exploited by apps outside of the Play Store though, so be extremely careful with third-party app stores and sideloading apps in general.
Generally, sideloading apps from untrusted sources is a really bad idea. You don’t know what code someone put into a pirated version of an app, so why install it? Stick with the Play Store and other highly trusted sources, and you’ll be just fine.
Most of these security threats aren’t automatic; they require user approval. This means a user has to install an app for the malware to infect the device. As long as people are careful about where they install apps from, they’ll be safe. If you get a surprise install prompt, never press yes! It’s not that hard to stay safe.
Interestingly, it seems that Google isn’t doing much about the situation in terms of Android code. They don’t seem to be fixing this security hole but are instead leaving it to manufacturers to fix. This means that the Nexus 4 is vulnerable. However, Samsung has patched the security hole in their Galaxy S4, according to some. Either way, be careful and don’t install fishy (or phishy) apps! It won’t end well.