Android’s head of security has claimed that Google’s mobile operating system is now as secure as iOS – if not more so …
In the introduction to the 2017 Year in Review of Android Security, Google claimed to be leading the way.
Android security made a significant leap forward in 2017 and many of our protections now lead the industry.
Android security lead David Kleidermacher effectively told CNET that Android now rivals iOS security.
Kleidermacher said, without naming any names, Android is now as safe as the competition.
He acknowledges the big problem with Android security, which CNET’s Laura Hautala summarizes.
When someone finds a major Android flaw, the company has to send updated software to the companies that sell Android phones, and those companies have to deliver the updates. It can take a really long time, or not happen at all. On top of that, Android users can easily “self-own” — that is, they can download malicious software without meaning to — because they aren’t restricted to choosing apps from Google’s Play Store.
But Kleidermacher claims that ‘retrofitted’ security can be just as effective. As 9to5Google notes, this is the approach Google is taking with Play Protect, seeking to identify and remove harmful apps after the event.
Apple […] can deliver security updates directly to iPhones, and it prevents users from getting apps from outside of its App Store. But Android isn’t moving toward Apple’s model. Instead, Kleidermacher said, it’s possible to address these issues by “retrofitting” security into Android phones. In other words, even if Android wasn’t originally designed with security as a top priority, it can be built in now.
Google’s report suggests that Android’s open-source approach can be safer than Apple’s closed-source code.
As a global, open-source project, Android has a community of defenders collaboratively locating the deeper vulnerabilities and developing mitigations. This community may be orders of magnitude larger and more effective than a closed-source project of a similar scale.
Android’s biggest security challenge, however, is that security updates often fail to make it to consumer devices. A recent comparison showed that only two Android brands push security updates directly, and even those only do so for a maximum of two years, compared to five years for Apple.
Graphic: Chris Goodney/Bloomberg