or Connect
AppleInsider › Forums › Mobile › iPhone › Apple touts secure design of iOS as Google chief admits Android is best target for malicious hackers
New Posts  All Forums:Forum Nav:

Apple touts secure design of iOS as Google chief admits Android is best target for malicious hackers

post #1 of 85
Thread Starter 
Speaking at Mobile World Conference, Google's new Android chief Sundar Pichai admitted that security plays second fiddle to "freedom" in the design and implementation of Google's mobile operation system, exposing Android users to an overwhelming, disproportionate share of malware vulnerabilities.



Android's malware monopoly



Last month, a report by Cisco detailed that 99 percent of mobile malware targets Android, echoing the "staggering rate" of malware growth observed last summer by Juniper Networks in a report that noted that "77 percent of Android's threats could be largely eliminated today if all Android devices had the latest OS. Currently only 4 percent do."

When asked about Android's malware problems, Pichai (the Chrome OS executive who replaced Andy Rubin as the head of Google's Android development early last year) answered by saying that Android is not really "designed to be safe" but rather to provide "freedom."

His comments, reported by French site Frandroid.com translated: "We do not guarantee that Android is designed to be safe; its format was designed to give more freedom. When they talk about 90% of malicious programs for Android, they must of course take into account the fact that it is the most used operating system in the world. If I had a company dedicated to malware, I would also send my attacks to Android."

Android's problems due to a lack of security updates, not due to popularity



While creating an apparent comparison with the role of Microsoft's Windows on PCs over the previous decade, Pichai did not actually address the root cause of malware issues as highlighted by Juniper: the failure of Google and its partners to make security updates broadly available to the platform's users.

Last July, a U.S. Government report titled "Threats to Mobile Devices Using the Android OS" warned that Android "continues to be a primary target for malware attacks due to its market share and open source architecture," and stated that this "makes it more important than ever to keep mobile OS patched and up-to-date."

Yet months later, Google still reports that more than 20 percent of active Android users accessing Google Play are still using a "Gingerbread" or older edition of Android dating back to 2011 that, as the government's report noted, still "have a number of security vulnerabilities that were fixed in later versions."



While the Gingerbread figure has ostensibly improved over the past several months (Google also changed how it counts "active" users), the number of new exploits discovered in subsequent editions of Android has put the platform's security at even greater at risk. One recently reported flaw is serious enough to have prompted security researchers to publicly issue an exploit tool with the intention of forcing Google to fix the bug for its users.

So far, only 27 percent of Google's active Android users are running an Android version that addresses that particular flaw, leaving 73 percent of Android users vulnerable to the critical security flaw in Google's WebView that gives malicious users the freedom to remotely control users' devices.

Apple focuses on security as more important than "freedom"



For Apple's users, encountering an actual security flaw is rare enough to be deemed newsworthy. While only 1.8 percent of Google's users are on the latest KitKat version of Android, an overwhelming 82 percent of iOS users now have iOS 7 installed, even though both OS versions were released around the same time last fall.

Additionally, Apple continues to release easy to install, free updates addressing problems found not only in its latest iOS 7, but also for customers still using iOS 6. That, includes those who bought the original iPad back in 2010, a product released nearly a year before Google's still vulnerable, unpatched Android 2.3 Gingerbread was even announced.

Yesterday, Apple outlined its focus on security in iOS in a white paper providing more detail on Touch ID and the Secure Enclave processor core built into its A7 Application Processor. In addition to talking about hardware, Apple noted that it "designed the iOS platform with security at its core."

The document stated, "when we set out to create the best possible mobile OS, we drew from decades of experience to build an entirely new architecture. We thought about the security hazards of the desktop environment, and established a new approach to security in the design of iOS. We developed and incorporated innovative features that tighten mobile security and protect the entire system by default. As a result, iOS is a major leap forward in OS security."

Apple further noted that its design for iOS "protects not only the device and its data at rest, but the entire ecosystem, including everything users do locally, on networks, and with key Internet services." Nowhere in the document does Apple even use the word "freedom."

Among the topics that the document does detail is Secure Boot, which limits "freedom" by preventing the installation of older versions of iOS that contain known security vulnerabilities. But the feature also helps prevent thieves from being able to downgrade the software on a stolen device in order to expose and exploit any known, patched flaws and therefore bypass Apple's latest protections that secure users' data, messages and passwords.

That's a real problem on Android, where a design focused on permissive freedom has also made securing the devices effectively impossible. Samsung has attempted to address this problem for corporate users with Knox, a layer designed to limit Android's freedom and therefore give it a layer of security closer to iOS. However, most of Samsung's smartphones don't even support Knox, rendering the majority of Android device shipments impossible to secure.

Samsung Knox


Apple benefitting from a differentiated focus on security



Apple's design of iOS "with security at its core" has resulted in an overwhelming advantage in the market. While IDC, Gartner and Strategy Analytics focus on global unit shipments, Apple's iOS share among enterprise, government and education users is dwarfing the adoption of Android.

Enterprise vendor Good Technology has consistently reported landslide iOS adoption rates, giving Apple 73 percent share among mobile devices and reporting that its iPad now makes up 91.4 percent of enterprise tablets. The scale of those numbers are resulting in iOS getting the vast majority of serious custom development among corporate users.

It's not just big firms, vast government agencies and entire school districts that are adopting iOS for security reasons. The results of a Clio study of mostly smaller law offices shows a definite trend toward iOS adoption over the last four years. Since 2010, Apple's share in mobile devices among these users has expanded 24 percentage points from 50 percent to 74 percent last year, while Android has only seen adoption climb 8 percentage points from 10 percent to 18 percent.

Among the same population of users, adoption of Macs as a "primary operating system" has also grown from 55 percent in 2010 to 66 percent last year, while the use of Windows has shrunk from 45 percent to just 34 percent over the same period.

Apple Get A Mac


While Google's Pichai drew a parallel between the ubiquitous availability of Android and Windows and the security issues each platform has faced as a result, he failed to address that it was Windows' permissive security problems, from invasive spyware to annoying ad popups, that helped fuel popular interest in Apple's original "Get A Mac" campaign, which helped to ignite the rapid growth in Mac sales over the past decade as users actively rejected a broadly open platform in favor of a secure one that "just worked."

In contrast, no amount of ideological evangelism about "freedom" has generated any real interest among corporations or individuals in Linux as a desktop or mobile platform. Linux primarily made inroads on servers because it was free. In failing to focus on security and leaving its users on their own, Google's Android's faces the prospect of suffering the same platform erosion that Windows suffered for the same reasons, while at the same time earning the same revenues as Linux.
post #2 of 85
I just can't waste time reading these puff pieces anymore. Next.

Proud AAPL stock owner.

 

GOA

Reply

Proud AAPL stock owner.

 

GOA

Reply
post #3 of 85
What no comments yet? Where are all those Android fanboys screaming about hack/cracks/shims & boot loaders?
Oh yeah...the 99% malware option kicked in and now they need to restore their phones if they are even able to.

It appears the Android/Google have given their customers the royal middle finger (again). Instead of patching every phone properly, they rely on a multi-level patch process that takes months to deploy effectively, so many handsets never get the updates they require, never mind complete Android system upgrades.

Google is screaming "we're #1, we're #1" in malware infections.
They should be screaming "we hate our customers". That would be more truthful.
post #4 of 85
Quote:
Originally Posted by SpamSandwich View Post

I just can't waste time reading these puff pieces anymore. Next.

 

Why?

 

It's good to have some balance after all the crap about Apple patching the "glaring" goto flaw, which was never actively exploited by anyone conducting man in the middle attacks.

Better than my Bose, better than my Skullcandy's, listening to Mozart through my LeBron James limited edition PowerBeats by Dre is almost as good as my Sennheisers.
Reply
Better than my Bose, better than my Skullcandy's, listening to Mozart through my LeBron James limited edition PowerBeats by Dre is almost as good as my Sennheisers.
Reply
post #5 of 85
Samsung is not going to be happy about this article.
post #6 of 85
Quote:
Originally Posted by cfugle View Post

What no comments yet? Where are all those Android fanboys screaming about hack/cracks/shims & boot loaders?
Oh yeah...the 99% malware option kicked in and now they need to restore their phones if they are even able to.

It appears the Android/Google have given their customers the royal middle finger (again). Instead of patching every phone properly, they rely on a multi-level patch process that takes months to deploy effectively, so many handsets never get the updates they require, never mind complete Android system upgrades.

Google is screaming "we're #1, we're #1" in malware infections.
They should be screaming "we hate our customers". That would be more truthful.

 

Google love their customers, they make lots of money selling them information on their product users...

 

...oh, you confused Android users with Google's "customers", a common enough mistake.

Better than my Bose, better than my Skullcandy's, listening to Mozart through my LeBron James limited edition PowerBeats by Dre is almost as good as my Sennheisers.
Reply
Better than my Bose, better than my Skullcandy's, listening to Mozart through my LeBron James limited edition PowerBeats by Dre is almost as good as my Sennheisers.
Reply
post #7 of 85
Planning for security is great and having data that shows your system has more known malware is nice but the keyword is known. Let's not forget this is coming awfully fast on the heels of an 18 month-long bug that would all all dumped data from iOS and Mac backups, syncing and Safari usage otherwise thought secure to be read by even a novice hacker. You wouldn't even need to target any Apple device because the data was being sent across the globe from device to server for a year-and-half. We will likely never know if any government was aware and expelling this data, or if anyone after the fact will start trawling though network packet dumps looking for personal information. I haven't even yet heard if Mac and iOS App Store apps also use Apple's SSL implementation.

Quote:
Originally Posted by SpamSandwich View Post

I just can't waste time reading these puff pieces anymore. Next.

I barely read most of the articles here. I come for the commenters.

Quote:
Originally Posted by RickFaced View Post

Samsung is not going to be happy about this article.

They can at least be comforted by having the only Android-based devices on the safe list.
Edited by SolipsismX - 2/27/14 at 4:09pm

"The real haunted empire?  It's the New York Times." ~SockRolid

"There is no rule that says the best phones must have the largest screen." ~RoundaboutNow

Reply

"The real haunted empire?  It's the New York Times." ~SockRolid

"There is no rule that says the best phones must have the largest screen." ~RoundaboutNow

Reply
post #8 of 85

No confusion here at all. The Google "experience" of Android is based on a strict software code that hardware manufacturers must implement or risk losing access to Android. Google is selling the experience whether the device is Samsung or Sony. The software is what touch the "customers" hands, the shell is the hardware fluff.  Hardware does not get infected with malware, software does. What don't you understand in this symbiotic relationship that isolates Google  from being a better service provider? Their locked in code should protect the clients better. Simple solution. It should have been designed from day one to cater to the customer and not the telecom provider or hardware manufacturer. Is Apple IOS perfect...by gosh no..but it does ever me down with functionality issues or viral/malware attacks. Developers may have hated the sandboxing but us consumers love it. My day keeps moving forward without the hassles of a buggered up handset.

post #9 of 85
Outee
post #10 of 85
Quote:
Originally Posted by AppleInsider View Post
 
One recently reported flaw is serious enough to have prompted security researchers to publicly issue an exploit tool with the intention of forcing Google to fix the bug for its users.

So far, only 27 percent of Google's active Android users are running an Android version that addresses that particular flaw, leaving 73 percent of Android users vulnerable to the critical security flaw in Google's WebView that gives malicious users the freedom to remotely control users' devices.
 

Here's an Ars article on this particular flaw (http://arstechnica.com/security/2014/02/e-z-2-use-attack-code-exploits-critical-bug-in-majority-of-android-phones/). One bit of information relevant to this article is that although there are lots of android devices stuck with the webview bug, the openness of the platform also enables more third-party mitigation strategies than would be possible if a similar bug were discovered in the iOS UIWebview. Android browsers such as Chrome and Firefox typically pack their own rendering engines and are not affected by this bug. In contrast, if the iOS webview were found to contain a security flaw, the only recourse for third-party browsers would be to wait for an OS update since they are required to use the system UIWebview. Although Apple issues OS updates more promptly compared to Android OEMs, the iOS security model also relies more heavily on OS updates since Apple is often the only party that can fix things.

post #11 of 85
Quote:
Originally Posted by hill60 View Post
 

 

Why?

 

It's good to have some balance after all the crap about Apple patching the "glaring" goto flaw

This very article explains why Apple took a beating for that. Apple are held to a higher standard because they hold themselves to a higher standard. Nobody writes articles about Samsung producing low build-quality devices / security flaws in Android because it's not newsworthy: Samsung / Google don't tout the build quality / security of their devices as a best-in-class selling point. 

 

Apple does, and that's why everyone expects more from them.

 

Quote:
 which was never actively exploited by anyone conducting man in the middle attacks

Is there anything resembling a source for that, or did you just make it up?

 

edit: Why do lots of the links in this article go to tangentially related opinion pieces that we have to hunt through to find a link to the actual source?

post #12 of 85
Quote:
Originally Posted by SolipsismX View Post

Planning for security is great and having data that shows your system has more known malware is nice but the keyword is known. Let's not forget this is coming awfully fast on the heels of an 18 month-long bug that would all all dumped data from iOS and Mac backups, syncing and Safari usage otherwise thought secure to be read by even a novice hacker. You wouldn't even need to target any Apple device because the data was being sent across the globe from device to server for a year-and-half. We will likely never know if any government was aware and expelling this data, or if anyone after the fact will start trawling though network packet dumps looking for personal information. I haven't even yet heard if Mac and iOS App Store apps also use Apple's SSL implementation.
Sol, I would say the biggest beneficiary of this will be the NSA and GCHQ class threats. The point DED was trying to make it is that any script kiddy with spare time on their hands can exploit Android holes, the older the better.

As you mentioned in other threads, we should change our passwords, but it won't help the data stored in Bluffdale or the UK equivalent.

I'm pretty mad about it but there is literally nothing we can do about it except move on.
..... the greatest fame comes from adding to human knowledge, not winning battles.
Paraphrased from Napolean Bonaparte, 1798
Reply
..... the greatest fame comes from adding to human knowledge, not winning battles.
Paraphrased from Napolean Bonaparte, 1798
Reply
post #13 of 85

Security through obscurity.

With Android having 275% and Apple losing more of what little market share it does have every day, of course hackers want to target Android.

Why waste time doing anything on an OS that only one company with -23% market share uses?

post #14 of 85
post #15 of 85
Quote:
Originally Posted by DarkLite View Post
 

Is there anything resembling a source for that, or did you just make it up?

 

 

If you want to provide a source for the flaw being used by anyone.

 

ACTIVELY

Better than my Bose, better than my Skullcandy's, listening to Mozart through my LeBron James limited edition PowerBeats by Dre is almost as good as my Sennheisers.
Reply
Better than my Bose, better than my Skullcandy's, listening to Mozart through my LeBron James limited edition PowerBeats by Dre is almost as good as my Sennheisers.
Reply
post #16 of 85
Quote:
Originally Posted by AppleInsider View Post

Speaking at Mobile World Conference, Google's new Android chief Sundar Pichai admitted that security plays second fiddle to "freedom" in the design and implementation of Google's mobile operation system...

 

His comments, reported by French site Frandroid.com translated: "We do not guarantee that Android is designed to be safe; its format was designed to give more freedom. When they talk about 90% of malicious programs for Android, they must of course take into account the fact that it is the most used operating system in the world. If I had a company dedicated to malware, I would also send my attacks to Android."

 

The old 'security by obscurity' argument creeping in... 'freedom' under a state of anarchy is not quite what it is cracked up to be, hilarious.


Edited by IQatEdo - 2/27/14 at 6:32pm
Where are we on the curve? We'll know once it goes asymptotic!
Reply
Where are we on the curve? We'll know once it goes asymptotic!
Reply
post #17 of 85
Quote:
Originally Posted by sflocal View Post
 

But...but...  Does this mean Schmidt was LYING??

 

Schmidt embodies the true soul of Google: lie, cheat, and steal - aka "open."

 

the poor top Google engineer that spilled the beans in France - his career is over.

post #18 of 85
Quote:
Originally Posted by Chris_CA View Post
 

Security through obscurity.

With Android having 275% and Apple losing more of what little market share it does have every day, of course hackers want to target Android.

Why waste time doing anything on an OS that only one company with -23% market share uses?

 

two comments come to mind, and I'll try not to feed the trolls too much

 

"If you are one of two people being chased by a bear... you don't have to outrun the bear, you just have to outrun the other guy"

 

"Willie, why do you rob banks?"  Willie Sutton: "Because that's where the money is"

 

The mashup of those basically shows your misunderstanding...  and gets to the crux of the Pichia's comment: It's good to have good security... relative to your competitors in the general malware space.  If the space is large and easy to attack, the malware bear will just catch it and sit and munch on the carcass.  Why work harder than you need?

 

BUT... to your second point: while I grant you  that Apple has a smaller (closer to 40% of smartphones) share of the phone market, it's where the money is, in terms of who is spending it mobilely.    That's where your theory breaks down. and you fail to see another reason why Apple doesn't care about selling to everyone.  

 

If you value security, you're spending iPhone class money on your phone.    Those that don't.... well, now your running as fast as all the slow people... and your only hope is the bear doesn't single you out.

post #19 of 85
Let's put things into perspective shall we. What DED forgets to do here is to detail how many of this malware actually is from the Play Store. By far the largest part of this malware is from non-official app stores and/or come from side loading apps downloaded from torrent sites and such.
By my estimations (based on the total Android malware and that present on the Play Store) less than 5% comes from Play Store (and if installed still can be stopped by the app verifier). If you then take into account that the threats are reduced by 77% if you are on the most recent version I think this issue is less of an issue as purported if you only install Play Store apps (like most people do).

Don't get me wrong the fact that so many Android phones are running older versions is a problem but it is not as big a problem when it comes down to malware (when using Play Store) as is argued here.
Edited by Chipsy - 2/27/14 at 6:21pm
post #20 of 85
Quote:
Originally Posted by Chris_CA View Post
 

Security through obscurity.

With Android having 275% and Apple losing more of what little market share it does have every day, of course hackers want to target Android.

Why waste time doing anything on an OS that only one company with -23% market share uses?

For the same reason that robbers hold up banks instead of mugging homeless people on the street. It might be easy to mug a homeless person but they don't have any money. iOS users are much more affluent so they have more to protect than average Android users.

Life is too short to drink bad coffee.

Reply

Life is too short to drink bad coffee.

Reply
post #21 of 85
Throwing the word "freedom" around tech circles is like ringing the dinner bell for salivating ideologues.

"Apple should pull the plug on the iPhone."

John C. Dvorak, 2007
Reply

"Apple should pull the plug on the iPhone."

John C. Dvorak, 2007
Reply
post #22 of 85
Quote:
Originally Posted by Chipsy View Post

Let's put things into perspective shall we. What DED forgets to do here is to detail how many of this malware actually is from the Play Store. By far the largest part of this malware is from non-official app stores and/or come from side loading apps downloaded from torrent sites and such.
By my estimations (based on the total Android malware and that present on the Play Store) less than 5% comes from Play Store (and if installed still can be stopped by the app verifier). If you then take into account that the threats are reduced by 77% if you are on the most recent version I think this issue is less of an issue as purported if you only install Play Store apps (like most people do).

Don't get me wrong the fact that so many Android phones are running older versions is a problem but it is not as big a problem when it comes down to malware (when using Play Store) as is argued here.

http://www.pcworld.com/article/2099421/report-malwareinfected-android-apps-spike-in-the-google-play-store.html (not an Apple-friendly website)

"In 2011, there were approximately 11,000 apps in Google’s mobile marketplace that contained malicious software capable of stealing people’s data and committing fraud, according to the results of a study published Wednesday by RiskIQ, an online security services company. By 2013, more than 42,000 apps in Google’s store contained spyware and information-stealing Trojan programs, researchers said."

 

If 42K is 5% that would mean 840K apps. http://www.appbrain.com/stats/number-of-android-apps says there are 1.1M so your figure looks reasonable. The problem is 42K malicious apps in the designated Android app store is still way too many, no matter how your spin statistics. This doesn't include all the malicious apps found in the "open" Android stores. When you compare Android's number to the number found in the (real) App Store, there's no comparison because if there are any in the Apple App Store the number is probably below 10. Google is simply following Microsoft's process of not really caring about malware, spawning a huge third-party malware prevention industry.

post #23 of 85
Quote:
Originally Posted by SpamSandwich View Post

I just can't waste time reading these puff pieces anymore. Next.

Your comment shows the sad side of website posters. You have tons of posts yet refuse to read articles that actually contain documented information in them. You might as well read the news and financial websites since their stories are much more informative. /s

post #24 of 85
post #25 of 85
Quote:
Originally Posted by rob53 View Post
Google is simply following Microsoft's process of not really caring about malware, spawning a huge third-party malware prevention industry.

 

There is already a significant third-party malware prevention industry (but is that necessarily a bad thing, never hurts to have a backup plan right?). There is no doubt that at this moment in time iOS is better off when it comes to malware but I wouldn't say Google doesn't care about malware. If that was the case they wouldn't have introduced Bouncer, App Verification and Security Enhanced Linux. App verification is btw being expanded in the next Google Services update. It will now also investigate apps after installation (more continuous) making double sure no malicious code is added or malicious content is downloaded by the app after installation.


Edited by Chipsy - 2/27/14 at 7:38pm
post #26 of 85
Quote:
Originally Posted by Zaim2 View Post
 

The quote the article is based on has been debunked: http://techcrunch.com/2014/02/27/no-googles-sundar-pichai-didnt-say-androids-openness-makes-it-less-insecure/

 

That link has interesting wording:-

 

no-googles-sundar-pichai-didnt-say-androids-openness-makes-it-less-insecure

 

So he meant more insecure?

Better than my Bose, better than my Skullcandy's, listening to Mozart through my LeBron James limited edition PowerBeats by Dre is almost as good as my Sennheisers.
Reply
Better than my Bose, better than my Skullcandy's, listening to Mozart through my LeBron James limited edition PowerBeats by Dre is almost as good as my Sennheisers.
Reply
post #27 of 85
Quote:
Originally Posted by hill60 View Post

Why?

It's good to have some balance after all the crap about Apple patching the "glaring" goto flaw, which was never actively exploited by anyone conducting man in the middle attacks.

Because, speaking for myself, I don't need to come here to be exposed to propaganda... no matter if it's pro- or anti-Apple.

Proud AAPL stock owner.

 

GOA

Reply

Proud AAPL stock owner.

 

GOA

Reply
post #28 of 85
Well I'm not exactly surprised, that's one of the negatives of having an "open" operating system. The fact that it isn't easy to upgrade Android to the latest version is the main problem.
My blender/recipe blog: http://blenderinsider.com
Reply
My blender/recipe blog: http://blenderinsider.com
Reply
post #29 of 85
Quote:
Originally Posted by SpamSandwich View Post

Because, speaking for myself, I don't need to come here to be exposed to propaganda... no matter if it's pro- or anti-Apple.
Quote:
Originally Posted by SpamSandwich View Post

Because, speaking for myself, I don't need to come here to be exposed to propaganda... no matter if it's pro- or anti-Apple.

Ignore the editorials then.

Just another quirk of this rather enjoyable forum, like the strange edits and crashes that occur.
Better than my Bose, better than my Skullcandy's, listening to Mozart through my LeBron James limited edition PowerBeats by Dre is almost as good as my Sennheisers.
Reply
Better than my Bose, better than my Skullcandy's, listening to Mozart through my LeBron James limited edition PowerBeats by Dre is almost as good as my Sennheisers.
Reply
post #30 of 85
Quote:
Originally Posted by AppleInsider View Post

Apple's design of iOS "with security at its core" ...

If all Apple code has the same "security at its core" of the gotofail snippet, then Apple has a huge problem in software security quality assurance.

Think about why it is impossible to find such bad code in AOSP.
post #31 of 85
Quote:
Originally Posted by hill60 View Post
 

 

Why?

 

It's good to have some balance after all the crap about Apple patching the "glaring" goto flaw, which was never actively exploited by anyone conducting man in the middle attacks.

 

How could you possibly know this? The point of the flaw is that it was undetectable when exploited.

 

This whole article is FUD, based on a translated statement that turned out to be completely incorrect. The only valid point it has is to remark (once again, and probably the fourth time I've seen it be a headline article) that manufacturers should ship OS updates quickly. I don't think anyone disagrees with that but how many times can you repeat that as an Apple pro point?

 

I'm also impressed with "security more important than freedom" given a famous quote bandied around in the USA. A little bit of irony in the headline too.

post #32 of 85
Quote:
Originally Posted by Zaim2 View Post

The quote the article is based on has been debunked: http://techcrunch.com/2014/02/27/no-googles-sundar-pichai-didnt-say-androids-openness-makes-it-less-insecure/

Thanks for the article link. I didn't realize that his comments had been translated. He was misquoted in a non-English article and then translated back into English?? Anyway since he never said what he was incorrectly reported to have said everyone as you were, nothing to see here. 1biggrin.gif
melior diabolus quem scies
Reply
melior diabolus quem scies
Reply
post #33 of 85
Quote:
Originally Posted by hill60 View Post

That link has interesting wording:-

no-googles-sundar-pichai-didnt-say-androids-openness-makes-it-less-insecure

So he meant more insecure?

You didn't read the article huh. 1rolleyes.gif

EDIT: Props to 9to5 for updating their original report with the corrected quotes.
Edited by Gatorguy - 2/28/14 at 3:56am
melior diabolus quem scies
Reply
melior diabolus quem scies
Reply
post #34 of 85
Very good article that touches all the important parts, especially the security by obscurity 'motivation'.
post #35 of 85
Quote:
Originally Posted by SpamSandwich View Post

I just can't waste time reading these puff pieces anymore. Next.

But you can waste time commenting on them.
"If the young are not initiated into the village, they will burn it down just to feel its warmth."
- African proverb
Reply
"If the young are not initiated into the village, they will burn it down just to feel its warmth."
- African proverb
Reply
post #36 of 85
Quote:
Originally Posted by SpamSandwich View Post

Because, speaking for myself, I don't need to come here to be exposed to propaganda... no matter if it's pro- or anti-Apple.

And you can waste time commenting on how you don't need to come here-scintillating.
"If the young are not initiated into the village, they will burn it down just to feel its warmth."
- African proverb
Reply
"If the young are not initiated into the village, they will burn it down just to feel its warmth."
- African proverb
Reply
post #37 of 85
Quote:
Originally Posted by rob53 View Post

http://www.pcworld.com/article/2099421/report-malwareinfected-android-apps-spike-in-the-google-play-store.html (not an Apple-friendly website)
"In 2011, there were approximately 11,000 apps in Google’s mobile marketplace that contained malicious software capable of stealing people’s data and committing fraud, according to the results of a study published Wednesday by RiskIQ, an online security services company. By 2013, more than 42,000 apps in Google’s store contained spyware and information-stealing Trojan programs, researchers said."

If 42K is 5% that would mean 840K apps. http://www.appbrain.com/stats/number-of-android-apps says there are 1.1M so your figure looks reasonable. The problem is 42K malicious apps in the designated Android app store is still way too many, no matter how your spin statistics. This doesn't include all the malicious apps found in the "open" Android stores. When you compare Android's number to the number found in the (real) App Store, there's no comparison because if there are any in the Apple App Store the number is probably below 10. Google is simply following Microsoft's process of not really caring about malware, spawning a huge third-party malware prevention industry.

In reality only .001% of Android app installations are able to evade built-in defenses and cause harm to the user. That's reported according to real usage data gathered from real owner devices. Just because malware may target an OS doesn't mean it's hitting what it's aiming for.
http://qz.com/131436/contrary-to-what-youve-heard-android-is-almost-impenetrable-to-malware/
Edited by Gatorguy - 2/28/14 at 5:15am
melior diabolus quem scies
Reply
melior diabolus quem scies
Reply
post #38 of 85

The issue here, is the fact that google has no clue who all is using android and what version that maybe using, or how they may have modified android to their own liking. Since they give it away, collect no licensing feed they lack any control all control of what is out in the wild. Also they do not control the distribution of the software so there is no way for them to get update out. 

 

Yeah, everyone hates a closed system like apple, but it is obvious to me that no one learned a thing from M$ and all the attacks they had to deal with over all the years and all the money it cost companies to deal with M$, same attitude of ship the most over anything else. There is the an old saying if you do not study and understand history you are destine to repeat the same mistakes of the past. The world is going to repeat the fails of Windows in Android. 

 

But hey IT department will love it since they will all get to keep their jobs since they will be spending time restoring android phones or fighting to keep the hackers out of the corporate network using android phones to hack in.

post #39 of 85
Quote:
Originally Posted by Maestro64 View Post
 

Yeah, everyone hates a closed system like apple, but it is obvious to me that no one learned a thing from M$ and all the attacks they had to deal with over all the years and all the money it cost companies to deal with M$, same attitude of ship the most over anything else. There is the an old saying if you do not study and understand history you are destine to repeat the same mistakes of the past. The world is going to repeat the fails of Windows in Android. .

 

Uh, Android has a signed boot chain, signed packages, external packages off by default and a manifest based permission framework.

 

Perhaps before saying what lessons have been learned, you should actually go take those lessons yourself and learn the differences. Windows XP etc were nightmares for security because users would trivially elevate programs to Administrator as it had to be run so often even for things like deleting desktop icons.

 

Android by default does not permit Administrator level access. Honestly you're completely wrong.

post #40 of 85
Quote:
Originally Posted by Maestro64 View Post
 

 

Yeah, everyone hates a closed system like apple, but it is obvious to me that no one learned a thing from M$ and all the attacks they had to deal with over all the years and all the money it cost companies to deal with M$, same attitude of ship the most over anything else. There is the an old saying if you do not study and understand history you are destine to repeat the same mistakes of the past. The world is going to repeat the fails of Windows in Android. 

 

By most accounts Windows security improved significantly with Vista, but MS didn't become any more closed or open. Vista is simply a much better-designed OS than XP was. It was the first OS by MS to have a modern security architecture with fine-grained access controls, privilege separation, and ASLR.

New Posts  All Forums:Forum Nav:
  Return Home
  Back to Forum: iPhone
  • Apple touts secure design of iOS as Google chief admits Android is best target for malicious hackers
AppleInsider › Forums › Mobile › iPhone › Apple touts secure design of iOS as Google chief admits Android is best target for malicious hackers