On the Linux-based Android platform, each application runs in a separate "silo," unable by default to read or write data or code to other applications. Associated with each isolated application is a unique identifier and a corresponding set of permissions explicitly governing what that particular application is allowed to access and to do.

As a result, much the way Linux users typically don't have "root" privileges with the associated power to do systemwide harm, so Android apps by default are limited in a similar way. Just as that could be done on the desktop by a virus affecting an individual user, in other words, so Android restricts the potential damage that could be done by a rogue application.

In order for any data to be shared across Android applications, it must be done explicitly and in a way that informs the user. Specifically, before installation can even happen, the app must declare which of the phone's capabilities or data it will want to use--the GPS, for example--and the user must explicitly grant permission to do so. Those wallpaper apps, it should be noted, were no exception. So, if a user sees upon installation that a simple wallpaper app is requesting access to her list of contacts, say, there's probably reason to think twice before proceeding.

On the iPhone, on the other hand, it's a different story. All apps are considered equal and can access many resources by default, and without having to tell the user. So, while on Android you'll be able to see that a malicious app is suspicious the moment you try to install it, on the iPhone iOS, you'll have no idea--potentially until the harm is done.

2. App Markets