October 9, 2013
If You Believe Android Is Secure, I’ve Got A Bridge To Sell You
I don’t want to say Android is insecure, but whenever it walks by a group of giggling junior high girls, it impulsively checks its nose for spare boogers.
I don’t want to say Android is insecure, but when it was rejected by a pretty girl, it stopped by her apartment that night to see if she really was just “washing her hair.”
I’ll literally be here all week.
Google’s point man, Eric Schmidt, has been known to make outlandish statements in his life. Remember that whole “By the summer of 2012, the majority of the televisions you see in stores will have Google TV embedded,” racket he tried to start in 2011?
Sometimes his outlandishness isn’t so much a sign of arrogance as it is a sign of willing ignorance, a sort of stubbed-nose towing of the party line, all the while watching it crack and fray.
Case in point: At the Gartner Symposium/ITxpo in Orlando on Monday, Eric Schmidt said the Android operating system was more secure than iPhone.
I’ll give you a second to catch up.
In case you’d like to know just how very insecure of an operating system Android is, I found five, count them, FIVE stories written in 2013 alone covered by redOrbit writers about the insecurity of Android. That’s a new report or new malware instance every other month, and that is by no means a conclusive sampling of data. News can only be covered so often before the repetition becomes a sort of noose.
Take this report from security provider NQ Mobile that claims they were aware of 33 million infected Android devices in 2012. Not only is this a 200 percent increase over 2011, but it only accounts for the malware infections that NQ is aware of.
Then there’s this report from F-Secure, which found Android accounted for 79 percent of all mobile malware attacks in 2012, up from 11.25 percent in 2010. In the fourth quarter of 2012 alone, a whopping 94 percent of all malware attacks were lobbed against Android devices.
Oh, and you just can’t forget one of the most recent Android security flaws; a little bug which allows developers to include malicious packages in an app without affecting the original digital signature. This signature normally tells the Play app store or other devices that the app is clean and free of malware, making the latest bug particularly troubling. What made the bug downright frightening is that it extended to the specific versions of Android carriers naively install on the devices when they ship from the factory, making it even trickier to find. Did I mention this bug had been alive for about four years and affects 99 percent of all Android devices?
Back to Schmidt.
According to ZDNet, who has the story, during a Q&A portion of the conference one Gartner analyst asked Schmidt about the platform’s security, saying:
“If you polled many people in this audience they would say Google Android is not their principal platform […] When you say Android, people say, wait a minute, Android is not secure.”
The way ZDNet tells it, Schmidt didn’t miss a beat and blindly responded “Not secure? It’s more secure than the iPhone.”
The iPhone, by the way, has seen a security flaw or two in the past few years. Most notably, when iOS 7 was released, some hackers found a way to bypass the passcode at the lock screen and access the device.
Forbes’ Andy Greenberg describes the flaw thusly:
“As the video shows, anyone can exploit the bug by swiping up on the lock screen to access the phone’s “control center,” and then opening the alarm clock. Holding the phone’s sleep button brings up the option to power it off with a swipe. Instead, the intruder can tap “cancel” and double click the home button to enter the phone’s multitasking screen. That offers access to its camera and stored photos, along with the ability to share those photos from the user’s accounts, essentially allowing anyone who grabs the phone to hijack the user’s email, Twitter, Facebook or Flickr account.”
In other words, executing a quick four-step process allows an intruder to Tweet a photo already stored on the device. Unless that device contains a photo of the user’s credit card information, driver’s license and social security card, this flaw is significantly less harmful than any malware found on Android devices.
Oh, and they have to have physical access to the thing, as well.
Thing is, Android is kinda known for being a dangerous device. True, many of these security flaws can be avoided if you only download certified apps (assuming they haven’t been tampered with) and try not to click on any suspicious links. But the number of email and Twitter hacks we see every day tells me perhaps people aren’t always the best about avoiding spammy links or malicious photos of young female starlets.
So, when Schmidt made this truly asinine comment, the crowd apparently “gave a hearty chuckle.”
To argue his point, Schmidt talked about how the platform now has over a billion users, essentially saying that with so many users they have to be somewhat secure. What’s ironic is it’s precisely Android’s size that is bringing in all this malware. It’s Microsoft Windows all over again; Apple was never “immune” to viruses, they just owned such a small portion of the market that few cared to target them. iPhone is certainly more secure than Android, but Android’s “openness” is also rather appealing to malware developers who can find several loopholes around Android’s gates.
Schmidt was even asked to refine his statements later on, but he didn’t budge.
“What I heard was Android is more secure than the iPhone,” said the analyst who first posed the question.
Schmidt was unmoved.
“Android is very secure.”
Quick, someone give me Eric Schmidt’s personal cell umber. I’ve got a bridge I need to get rid of.
Image Credit: Thinkstock