This change in stand came after Google did its own investigation and found that was not the case. In a statement Google said, "Our analysis suggests that spammers are using infected computers and a fake mobile signature to bypass anti-spam mechanisms in the email platform they're using."
Google's response turned Terry's 'claims' into a wild guess. But Terry did not miss the opportunity to take a dig at Google's Android when reporting the botnet, "I’ve written in the past that Android has the most malware compared to other smartphone platforms, but your odds of downloading and installing a malicious Android app is pretty low if you get it from the Android Marketplace."
Terry said in the post."We’ve all heard the rumors, but this is the first time I have seen it – a spammer has control of a botnet that lives on Android devices."
Well, as it turned out it was not the 'first' time yet. It was just a bad guess.
Sophos, a security firm which also 'supported' Microsoft's report (and used the opportunity to endorse their product for Android), has also changed its stand after Google's denial. Sophos' Chester Wisniewski wrote, "We either have a new PC botnet that is exploiting Yahoo!'s Android APIs or we have mobile phones with some sort of malware that uses the Yahoo! APIs for sending spam messages."
It will be really embarrassing for Microsoft if it turns out that the spam botnet was actually running on Windows machines and not on Android devices.
However, that said as even Terry recommends, install apps only from Google Play Store, don't download apps from random websites unless you know the author of the software and trust him.
Android is as secure as a tank, but no one can protect you if you stand outside the tank.