The smartphone and tablet operating system Android is four years old, but its developers seem to have learned little about security in that time. Although loosely based on the Linux kernel, the OS has a number of features that make it intrinsically insecure. There has been a continuous flow of reports of trojanised malware found not just in rogue online app stores but also in Google's official Android Market. Some analysts compare the situation to the bad old days of Windows and believe that installation of security software is now essential. And still more analysts believe that the most crucial step of all is user education, discovers Steve Gold. As an operating system, Android is still relatively young. Originally developed by the Open Handset Alliance, an open source initiative piloted by Google, the company, Android Inc, was acquired by Google back in 2005.1 After a couple of years gestation, the Android 1.0 OS was formally unveiled in November 2007.