If you get into a conversation with an IT manager about BYOD policies, they’re often all for it – as long as the devices aren’t Android.

The Google-made operating system has a reputation for being open to malware, in part because Google wasn’t vigilant enough in the early going of its app store, and in part because as the number of Android phones began to swell malware makers began devoting more attention to the platform.

While Google has toughened up on apps being put into the Play Store, the focus of malware developers hasn’t.

In a column this month is, Troy Wolverton quotes security analysts saying that isn’t enough. Android users can download apps from anywhere, while Apple limits iPad and iPhone downloads to its App Store, and Microsoft forbids Windows Phone users from getting apps anywhere but the Windows Phone store.

Of course, if you have an Android device and you only use the Play Store you dramatically increase security.

One thing the article doesn’t mention is the risk Android (or any mobile device) users will fall for social engineering scams like the one I outlined earlier last week.

Take that into consideration when you’re deciding if an Android device needs antivirus.

Read Wolverton’s column here