"Damage to the OS" is the keyword when we speak about malware. To understand why they are irrelevant on Android, we have to focus on the way Google built its platform, using a model called sandboxing. In a nutshell, the sandboxing idea is that apps only get a limited “sandbox” where they operate.
Malware and scaremongering
McAfee also jumped in on the scare train saying some phones were infected with two new Android viruses in 2011, the NickiSpy and GoldenEagle viruses. Interestingly, later on it was confirmed that the NickiSpy virus was found on between 0 and 49 Android devices. That’s practically zero given the fact that Android grows by 1.3 million devices per day. Most recently, McAfee tried to scare Android users again reporting on malware supposedly increasing by 700% on Android. Truth is, the report never mentions the Google Play store, but rather looks at all kinds of third-party stores and websites. Again, simple common sense would tell you not to download anything from there.
Do anti-virus apps work on Android?
Sandboxing however also means that anti-virus apps are largely useless against malware. Why? For the very same reason - they don’t have access to the low level system files, so they cannot protect them. Remember Google engineer Chris DiBona’s eye-opening Google Plus post. Here is the essence of it:
"Virus companies are playing on your fears to try to sell you bs protection software for Android, RIM and IOS. They are charlatans and scammers."
But anti-virus apps do exist on Android, and question remains what is their function? At best, they will check your existing applications against a list of corrupt third-party apps, but nothing more.
Fake apps and premium texting apps exist
Again, if you stick with common sense and don’t install unknown apps from all kinds of suspicious sources, you’d be fine. A universal solution would be not to allow apps from unknown sources on your device. For this, you simply head into settings and disable the ‘Unknown Sources’ option (which should be disabled by default).
The most common problem now seems to be fake apps that would blow up with pop-ups for the few days they are allowed on Google Play. But that’s not really the malware you should be terribly worried about.
To quickly recap, malware on Android is not the issue some want you to believe it is. The sandboxing model keeps your phone safe, and common sense and the Google Play market make it bullet-proof against spyware and other corrupt apps. Everything else boils down to scaremongering and third-partyapp catalogs, and you already know you shouldn't download anything from there, don't you?