Google Security Engineer Claims Android Is Now As Secure As the iPhone

An anonymous reader quotes a report from Motherboard: It's a common assumption among tech geeks, and even cybersecurity experts, that if you are really paranoid, you should probably use an iPhone, and not Android. But the man responsible for securing the more than one billion Android users on the planet vehemently disagrees -- but of course he would. "For almost all threat models," Adrian Ludwig, the director of security at Android, referring to the level of security needed by most people, "they are nearly identical in terms of their platform-level capabilities." In a short interview after a talk at a security conference in Manhattan on Tuesday the talk, Ludwig said that, "for sure," there's no doubt that a Google Pixel and an iPhone are pretty much equal when it comes to security. Android, he added, will soon be better though. "In the long term, the open ecosystem of Android is going to put it in a much better place," he said, without mentioning that Android has already been around for more than eight years at this point. During his talk at the O'Reilly Security Conference Ludwig said that Android's built-in security product called "Safety Net" scans 400 million devices per day and checks a stunning 6 billions apps per day. The result of these security checks, coupled with the exploit mitigation measures baked into Android, mean that a really small number of Android devices has malware or, as Google calls it, "Potentially Harmful Applications" or PHAs, according to Ludwig. In fact, Ludwig said showing a graph, less than 1% of Android smartphone contain malware.

I'll believe that...

[SJ]

when Google defends a lawsuit to open up a phone due to -reasons-.

Re:Exploding heads

[TheGratefulNet]

its a lie.

androids are mostly abandoned by vendors. no updates.

total BS. until they fix that, android as a whole will continue to suck.

Less than 1% have malware

[ljw1004]

"Less than 1% of Android phones have malware". Less than 140 million Android phones have malware.

wrong.

[Gravis+Zero]

if you are really paranoid, you should probably use an iPhone, and not Android

wrong! if you are really paranoid, you shouldn't carry around something that could easily be described as the most sophisticated surveillance device that man has ever created.

Maybe true if you actually get updates

[Gumbercules!!]

Speaking as a long time Android fan who recently switched to iOS because work provided me an iPhone 7, this is only true if you actually get updates. And the vast majority of Android users, do not. So when they get a vulnerability found in their Samsung/HTC/Whatever device - chances are it will never get patched.

I had a Google Nexus 6P as my previous device (it's still on my desk in fact) and while I loved the device, updates where not as promised. Despite it being a Nexus, I was still beholden to my Telco for updates and they dragged their feet like mad. In fact, when I last turned off the Nexus 6P, the Nougat update was still not available (unless you manually enrol in the beta program, which I did, but then I had all kinds of issues with the Telco's LTE). So even on a damn Nexus, updates are hardly assured.

I fully realise older iPhones stop getting updates, too - but we're talking about a Nexus 6P here - the thing hasn't even been available for a year in Australia yet and Google and Telstra have already washed their hands of it. I also realise Google may / may not be responsible for the issues with Telstra's LTE on the Nexus 6P - but rest assured, if the iPhone has an issue, Telstra sits up and takes notice. When I first got my Nexus 6P, I spent the first 2 months locked to 3G because LTE wasn't supported at all on. (Source, in case you think I am making this up: https://crowdsupport.telstra.c...).

Secure against who?

[penguinoid]

Doesn't the Google stuff on your Android steal your data anyways?

Re:Secure against who?

Location sniffing, local Wifi SSIDs sniffing, it assigns a unique ID to each phone used to track for adverts (and the id is still sent even if you opt out of user specific ads). And their new Privacy Policy lets them link all the shit up, since they control large DNS servers, and content delivery networks, analytics, advertising etc. every site you visit it tagged by Google, and given the ID means they can tag it to a phone, to any Google account (e.g. Google Play, and Google Play Credit Card details).

So yeh.

Oh and the "do you want to backup" thing, that uploads all your keys to their servers.

"OK Google" on every device cannot be uninstalled.

And that's even before you get to Microsoft's "Office" bundle installed on several phones, that does a shit load of surveillance stuff, and AT&T's compulsary spyware.

Being secure, I don't think that means what they think it means.

Fragmenttion makes this Fiction

[goombah99]

Security is always a moving target. While it's possible your leading edge phone is as secure as the leading iphone, what matters to security is how many people are running an older OS. Androids are always going to be running non-updatable OS just because of the bussiness model. So in terms of numbers of exploitable phones, swaths of the andorid ecosystem will be less secure than Apple ecosystem.

Bullshit...

[XSportSeeker]

There a whole mix of stuff being talked about there, and one is not equal the other.

For instance, Google Pixel cannot be generalized to the overall Android experience, not by far. It's probably not even the 0.0001% of Android devices.
The reality of Android as a whole is that it's extremely fragmented, and the absolute majority of it is not on Nougat, let alone being the same as Google Pixel.

As device encryption remains an optional step for most of these devices, most of them are not using it, so threat models be damned.
Not to mention how the vast majority of Android devices uses all sorts of custom versions coming from all sorts of companies in all possible states of vulnerabilities and expected update dates. Even Windows is better than that. Android pretty much represents one of the worst possible fragmentation scenarios.

You have all sorts of cheap generic tablets that I'm almost certain comes from factory with included malware, vulnerabilities, rootkits and backdoors installed. This is serious. I tested a cheap generic tablet just a few months ago (Multilaser was the brand on top of it if I'm not mistaken, but you can find the exact same tablet with several other brand names) that had very suspicious stuff pre-installed. It was impossible to uninstall it, so I rooted the damn thing to do it. And then the device factory reseted itself when I managed to remove the offending apps, everytime.

In general, there's still far more chances of you finding an Android phone/tablet that is either completely open or easy to crack because it has an outdated system or has not been properly locked by it's owner, in comparison with iPhone in general.

And sure, Android has the advantage of being an open os versus the extremely closed iOS - the standard defense for open source software which I do understand. But hoping that this will somehow count as a huge security advantage for the future of Android is quite frankly naive and kinda stupid in itself, specially for cases like Android vs iOS.

The open nature of Android might allow for better scrutiny of it in some stances, but much more, it allows for all sorts of shady companies to make their own Android versions however they feel like doing it... and as more shady businesses adopt that strategy to spy and take advantage of less knowledgeable costumers, the more difficult it gets for a conscious community to take note of it.

As long as Apple keeps getting as much money as they do from regular users to the loyal fanbase, they can just spend that much more money to close security holes and whatnot. One company developing both software and hardware while keeping a stance on security and privacy also makes it much more reliable. Things would have to change quite drastically for Android to ever be as secure and private as iOS. It's just the reality of it.

You only have to think about it a bit more. Apple will always be able to push updates faster, they will always be able to implement security functions for most of their userbase in a timely manner (excluding those with devices that are too old), they are always better able to convince more users to buy their latest devices. Community wise, you will always have more reach... if one knowledgeable costumers finds a security hole, it'll affect almost the entire userbase, so it just makes far more sense for Apple to fix it.
In grand scheme of security and privacy stuff, again for this particular case, the open source argument is minor in comparison to the whole.

And I'm talking all this while being an Android user, not wanting to touch an iPhone with a 10 foot pole. It is what it is.
See, this doesn't mean that I'm switching to iOS anytime soon. But to say Android as a whole is anywhere near as secure as iPhones is just delusional.

Re:Exploding heads

[Ol+Olsoc]

Don't hold the Note 7 so close to your head.

With apologies to Johnny Cash, I present Phone of Fire:

My phone is a burnin' thing

And its tone is a fiery ring

Lured by the size and power

I bought a phone of fire

My phone turned into a burnin' ring of fire

burned my car up

As the flames went higher

And it burns, burns, burns

The phone of fire, the phone of fire

A smartphone is really sweet

With no data cap, for it to meet

I fell for it like a child

Oh, but the fire it went wild

My phone turned into a burnin' ring of fire

burned my car up

As the flames went higher

And it burns, burns, burns

The phone of fire, the phone of fire

Re:Exploding heads

[mlts]

If vendors either keep their devices updated for at least 4-5 years, or at the minimum, offer a method of unlocking the bootloader so the people at Cyanogenmod or other ROM shops can put a well maintained install on the device, then I'd be inclined to believe this. However, other than Nexus phones, and possibly HTC devices [1], usually the fact that the bootloader is locked makes the device only patchable by the device maker or the cellular carrier, whichever is worse.

I would say that a Nexus or a Pixel phone is probably as close to ideal as one can get. Here, Android can be argued to be as secure as iOS. Perhaps more secure with xPrivacy because an app that requests every permission under the sun can be granted it... and still be kept well away from sensitive stuff.

[1]: HTC is OK... at least one can unlock the bootloader then run Sunshine to S-Off the device. Better than other makers which blow e-Fuses for just rooting the device.

Re:Has nobody told him of Dirty COW?

[TheRaven64]

We had the head of Google's Android security team come and give a talk about a year ago. He was very proud of the fact that they'd enabled FORTIFY_SOURCE on their code. I was a bit surprised, because I'd yet to have FORTIFY_SOURCE find a single bug that the clang static analyser didn't find - it was great technology 15 years ago, but these days it only lets you catch at run time things that you can find at compile time with free off-the-shelf tools. I asked him if his team had any counterexamples, which might make us reevaluate using it. His answer? Static analysis is not part of their development flow at all. In contrast, when I've asked Apple folks about it, they've told me that it's part of their CI process and changes that introduce new bugs that static analysis catches are reverted.

If your development process doesn't even try to catch the low-hanging fruit, then I find it really hard to take any claims that you make about security seriously. The DRAMMER attack, for example, was only possible because Google implemented a really stupid API in Android (allowing untrusted code to explicitly map uncached memory, which is a bad idea for so many reasons, rather than providing cache flushing APIs for DMA). The API review process for Android is a joke and there's no evidence that they'll ever fix that. Part of it is the internal culture at Google: they have very good refactoring tools that they regularly run on large codebases, so have little incentive to get APIs right the first time.