Slashdot Mirror

← Back to Stories (view on slashdot.org)

Google Security Engineer Claims Android Is Now As Secure As the iPhone (vice.com)

Posted by BeauHD on from the this-or-that dept.

An anonymous reader quotes a report from Motherboard: It's a common assumption among tech geeks, and even cybersecurity experts, that if you are really paranoid, you should probably use an iPhone, and not Android. But the man responsible for securing the more than one billion Android users on the planet vehemently disagrees -- but of course he would. "For almost all threat models," Adrian Ludwig, the director of security at Android, referring to the level of security needed by most people, "they are nearly identical in terms of their platform-level capabilities." In a short interview after a talk at a security conference in Manhattan on Tuesday the talk, Ludwig said that, "for sure," there's no doubt that a Google Pixel and an iPhone are pretty much equal when it comes to security. Android, he added, will soon be better though. "In the long term, the open ecosystem of Android is going to put it in a much better place," he said, without mentioning that Android has already been around for more than eight years at this point. During his talk at the O'Reilly Security Conference Ludwig said that Android's built-in security product called "Safety Net" scans 400 million devices per day and checks a stunning 6 billions apps per day. The result of these security checks, coupled with the exploit mitigation measures baked into Android, mean that a really small number of Android devices has malware or, as Google calls it, "Potentially Harmful Applications" or PHAs, according to Ludwig. In fact, Ludwig said showing a graph, less than 1% of Android smartphone contain malware.

8 of 173 comments (clear)

  1. I'll believe that... by SJ · · Score: 4, Insightful

    when Google defends a lawsuit to open up a phone due to -reasons-.

    1. Re:I'll believe that... by Anonymous Coward · · Score: 1, Insightful

      You do know that prior to the lawsuit, Apple was doing everything they could to help the FBI open that phone, including giving them a complete copy of all the information they had on their cloud servers?

      It was only when it became clear that they might have to write (gasp) new software that actually worked that they decided not to continue, and that's what caused the lawsuit.

      And then it became moot when the FBI was able to break into the phone without Apple's help anyway.

      So, uh, yeah. Good luck keeping your iPhone secure.

  2. Re:Exploding heads by TheGratefulNet · · Score: 5, Insightful

    its a lie.

    androids are mostly abandoned by vendors. no updates.

    total BS. until they fix that, android as a whole will continue to suck.

    --

    --
    "It is now safe to switch off your computer."
  3. Less than 1% have malware by ljw1004 · · Score: 5, Insightful

    "Less than 1% of Android phones have malware". Less than 140 million Android phones have malware.

  4. wrong. by Gravis+Zero · · Score: 4, Insightful

    if you are really paranoid, you should probably use an iPhone, and not Android

    wrong! if you are really paranoid, you shouldn't carry around something that could easily be described as the most sophisticated surveillance device that man has ever created.

    --
    Anons need not reply. Questions end with a question mark.
  5. Secure against who? by penguinoid · · Score: 4, Insightful

    Doesn't the Google stuff on your Android steal your data anyways?

    --
    Don't waste your vote! Vote for whoever you want, unless you live in a swing state it won't matter anyways
  6. Has nobody told him of Dirty COW? by Mal-2 · · Score: 3, Insightful

    Until all the Android phones still in the wild (regardless of age) get patched for the Dirty COW vulnerability, how can anyone reasonably say they're "as secure as" anything other than Goatse guy's rectum?

    --
    How is the Riemann zeta function like Trump rallies? Both have an endless number of trivial zeros.
  7. Bullshit... by XSportSeeker · · Score: 5, Insightful

    There a whole mix of stuff being talked about there, and one is not equal the other.

    For instance, Google Pixel cannot be generalized to the overall Android experience, not by far. It's probably not even the 0.0001% of Android devices.
    The reality of Android as a whole is that it's extremely fragmented, and the absolute majority of it is not on Nougat, let alone being the same as Google Pixel.

    As device encryption remains an optional step for most of these devices, most of them are not using it, so threat models be damned.
    Not to mention how the vast majority of Android devices uses all sorts of custom versions coming from all sorts of companies in all possible states of vulnerabilities and expected update dates. Even Windows is better than that. Android pretty much represents one of the worst possible fragmentation scenarios.

    You have all sorts of cheap generic tablets that I'm almost certain comes from factory with included malware, vulnerabilities, rootkits and backdoors installed. This is serious. I tested a cheap generic tablet just a few months ago (Multilaser was the brand on top of it if I'm not mistaken, but you can find the exact same tablet with several other brand names) that had very suspicious stuff pre-installed. It was impossible to uninstall it, so I rooted the damn thing to do it. And then the device factory reseted itself when I managed to remove the offending apps, everytime.

    In general, there's still far more chances of you finding an Android phone/tablet that is either completely open or easy to crack because it has an outdated system or has not been properly locked by it's owner, in comparison with iPhone in general.

    And sure, Android has the advantage of being an open os versus the extremely closed iOS - the standard defense for open source software which I do understand. But hoping that this will somehow count as a huge security advantage for the future of Android is quite frankly naive and kinda stupid in itself, specially for cases like Android vs iOS.

    The open nature of Android might allow for better scrutiny of it in some stances, but much more, it allows for all sorts of shady companies to make their own Android versions however they feel like doing it... and as more shady businesses adopt that strategy to spy and take advantage of less knowledgeable costumers, the more difficult it gets for a conscious community to take note of it.

    As long as Apple keeps getting as much money as they do from regular users to the loyal fanbase, they can just spend that much more money to close security holes and whatnot. One company developing both software and hardware while keeping a stance on security and privacy also makes it much more reliable. Things would have to change quite drastically for Android to ever be as secure and private as iOS. It's just the reality of it.

    You only have to think about it a bit more. Apple will always be able to push updates faster, they will always be able to implement security functions for most of their userbase in a timely manner (excluding those with devices that are too old), they are always better able to convince more users to buy their latest devices. Community wise, you will always have more reach... if one knowledgeable costumers finds a security hole, it'll affect almost the entire userbase, so it just makes far more sense for Apple to fix it.
    In grand scheme of security and privacy stuff, again for this particular case, the open source argument is minor in comparison to the whole.

    And I'm talking all this while being an Android user, not wanting to touch an iPhone with a 10 foot pole. It is what it is.
    See, this doesn't mean that I'm switching to iOS anytime soon. But to say Android as a whole is anywhere near as secure as iPhones is just delusional.