July 06, 2012, 4:20 PM — This has not been an especially fun week for Android.
First, a security analyst from Microsoft fingered Android as a platform from which a new type of mobile botnet was being controlled. That was bad enough.
Today there are rumors afloat that Amazon may be preparing to enter the smartphone market on its own. Which might be worse.
To begin with, it seems the botnet accusation may be a frame-up. When Microsoft's Terry Zink discovered a lot of analyzed spam from Yahoo Mail all had Android headers and signatures as part of the spam messages, he naturally concluded that cracked Android phones were being tapped to deliver the spam. His other evidence was that the IP origins of the spam were coming from nations that nations where sideloading of apps might be practiced more.
"I am betting that the users of those phones downloaded some malicious Android app in order to avoid paying for a legitimate version and they got more than they bargained for. Either that or they acquired a rogue Yahoo Mail app," Zink wrote.
Google, as one would expect, had another take.
"Our analysis suggests that spammers are using infected computers and a fake mobile signature to try to bypass anti-spam mechanisms in the email platform they're using," said Google in a statement to the BBC.
Zink himself would later amend his contention, saying that it was entirely possible that headers were being spoofed.
"Yes, it's entirely possible that bot on a compromised PC connected to Yahoo Mail, inserted the the message-ID thus overriding Yahoo’s own Message-IDs and added the 'Yahoo Mail for Android' tagline at the bottom of the message all in an elaborate deception to make it look like the spam was coming from Android devices," Zink said. "On the other hand, the other possibility is that Android malware has become much more prevalent and because of its ubiquity, there is sufficient motivation for spammers to abuse the platform. The reason these messages appear to come from Android devices is because they did come from Android devices."
For now, the botnet accusation stands, and considering the sources of each side of the argument, it's going to take some third-party examination to step in and see what's what. Analyst firm Lookout has stepped up with a read of its own, and they suspect an insecure Yahoo Mail app for Android might be part of the problem.
Meanwhile, rumors are swirling around that Amazon may be about to venture into the smartphone market on its own, with an Android-based device.
Bloomberg is reporting that "Amazon.com Inc. is developing a smartphone that would vie with Apple Inc.'s iPhone and handheld devices that run Google Inc.'s Android operating system, two people with knowledge of the matter said."
That news, if true, might be ultimately more harmful to Google than a real botnet threat.
That's because an Amazon, even though it would undoubtedly use an Android device, would very much be competing with Google (and Apple) in terms of content delivery. And in the mobile market that's pretty much the only revenue stream that counts.
Amazon has already distanced itself from Google in this context; it has it own app store and media delivery system for the Android-based Kindle series of devices. An Amazon smartphone would probably have the same infrastructure. This is an area in which Google is only recently starting to get more sure of itself, with the improvements to the Google Play app store, so another strong entrant in the smartphone/content arena is sure to take business away from Google.
Of course, it's not just Google and Apple who should be nervous about an Amazon smartphone. Given the strong resistance booksellers and other shopkeepers had to Amazon's 2011 holiday promotion to scan items in stores and have the items' prices matched, one can only imagine how freaked out brick-and-mortar store owners will be when an Amazon device that could feature seamless scan-and-buy functionality for consumers walks in their doors.
The Amazon smartphone may just be vaporware, but the disruptive potential it would have is enormous.
Read more of Brian Proffitt's Open for Discussion blog and follow the latest IT news at ITworld. Drop Brian a line or follow Brian on Twitter at @TheTechScribe. For the latest IT news, analysis and how-tos, follow ITworld on Twitter and Facebook.