Apple could have the best of both using the equivalent of a virtual machine. Think of a VMWare-like sandbox that you would be allowed to install apps from anywhere and run on your phone but that had no access at all to the hardware-level OS and filesystem. This can be used by developers to run self-signed apps. It could take up more space if it copied the entire OS files but it's no more than 4GB and the people needing this functionality would be happy to compromise this much space. This space would have no access to contacts or root level apps and data - possibly limited/throttled access to mobile data. This would allow 3rd party stores and it wouldn't matter if there was a security issue as it would be contained in the VM. Apple would simple say, if something messes up, reset the VM and that's where their support ends.
Most people won't install the VM and it takes away the desire to jailbreak the OS via security flaws, Apple doesn't need to open source the OS and doesn't need to support 3rd party security vulnerabilities.
You're essentially describing an Android app with no manifest permissions. It's sandboxed, run under its own UID, given no access to anything but its own storage.
The problem is that kernel exploits are harder to prevent, and the update issue bites again. Apple surely could fix this but what motivation do they have to do it? No matter what hypervisor you use, there's lots of potential exploits that would permit elevation. I'm not au fait with iOS' sandboxing but I believe it is pretty similar in extent to Android's and both are still broken on a fairly regular basis (rooting, jailbreaking etc)
Second class apps are never a good idea, Apple has (AFAIK) abandoned using private APIs everywhere too because it is generally a poor design choice so I feel that really it's all or nothing. Apple could certainly limit 'third party' apps from having access to say iCloud APIs, but not even having access to location or accelerometer would limit apps excessively.
You're essentially describing an Android app with no manifest permissions. It's sandboxed, run under its own UID, given no access to anything but its own storage.
Not really as it still directly accesses the root OS APIs, an app in a virtual machine accesses a virtual copy of those so it's one layer removed from the root OS so anything like a keylogger would only work inside the VM.
Not really as it still directly accesses the root OS APIs, an app in a virtual machine accesses a virtual copy of those so it's one layer removed from the root OS so anything like a keylogger would only work inside the VM.
In the Android case I believe the APIs it has access to are pretty much wrapped versions of the underlying Linux ones. I'm not much of an Android developer though.
Quote:
Is there Windows malware that allows VMWare to exploit OS X? Maybe that's down to the volume of users but it seems like it would be pretty safe.
I doubt there is, but you're 'pretty safe' regardless on Android unless you install apps that want ridiculous permissions. That's the vast majority of 'malware' anyway, people ignoring that the wallpaper app can send SMSs and read their contacts. That and dodgy ad networks trying to harvest information. I'm just pointing out there are no real safeguards that can be ultimately relied upon, Apple's review process has let malicious software through before as well.
Uh, Android has a signed boot chain, signed packages, external packages off by default and a manifest based permission framework.
Perhaps before saying what lessons have been learned, you should actually go take those lessons yourself and learn the differences. Windows XP etc were nightmares for security because users would trivially elevate programs to Administrator as it had to be run so often even for things like deleting desktop icons.
Android by default does not permit Administrator level access. Honestly you're completely wrong.
...and if you want to use one of the 500 other program repositories for Android?
This is when "users trivially elevate programs", mainly because they want free (pirated) stuff, like their friends.
I've lost track of the number of people who equate "openness" with the ability to run torrent software on their phone.
Google don't give a shit as long as they can serve their ads.
...and if you want to use one of the 500 other program repositories for Android?
They for the most part, still have to present permissions lists to the user, which the user has to ignore.
Once you have a user ignoring what the screen says, you're left with no other choice but to go with Apple's plan or accept that people can get themselves into trouble. I don't have a problem with the latter as the former is never perfect.
They for the most part, still have to present permissions lists to the user, which the user has to ignore.
Once you have a user ignoring what the screen says, you're left with no other choice but to go with Apple's plan or accept that people can get themselves into trouble. I don't have a problem with the latter as the former is never perfect.
So you choose the fingers in the ears, this is not really happening approach.
Meanwhile Apple released this a pdf which gets pretty heavily into the cryptography behind things like iMessage, iCloud and Keychain.
So you choose the fingers in the ears, this is not really happening approach.
Where did I say that? People do get infected with malware, but the majority of these are trying to install pirated apps or games. This isn't the experience of the 'average' user. It's pointless dumbing things down until there's 0 possibility of attack because that also means there's 0 functionality. As we've recently seen, a single errant line of code can completely destroy a whole series of important security mechanisms for tens if not hundreds of millions of users.
Quote:
Meanwhile Apple released this a pdf which gets pretty heavily into the cryptography behind things like iMessage, iCloud and Keychain.
Apple's crypto work is generally above par, and it's a real shame that this bug was introduced. Clearly there's some better coding standards that need to be maintained and perhaps a stronger testing process, but these sorts of bugs unfortunately happen everywhere. That's my point in general, that no system is ultimately secure, malware has gotten into all app stores including the pre app-store package repositories used by Linux distributions. It's just a fact of life and permitting free installation is a perfectly viable strategy as long as it's restricted like Google do.
...and if you want to use one of the 500 other program repositories for Android?
This is when "users trivially elevate programs", mainly because they want free (pirated) stuff, like their friends.
I've lost track of the number of people who equate "openness" with the ability to run torrent software on their phone.
Google don't give a shit as long as they can serve their ads.
Between Verify Apps which checks even side-loaded applications and the official Google Play scans (still called Bouncer AFAIK) there's really a miniscule chance that the average Android user will ever encounter an app that causes them harm even straying once in awhile from Google Play. I doubt you personally know of even a single Android user who suffered actual harm from malware despite your apparent wish that it was widespread
People do get infected with malware, but the majority of these are trying to install pirated apps or games. This isn't the experience of the 'average' user.
Do you have any stats to back that up or are you assuming this? Some of the malware came from the Google Play Store. What percentage of the 7 million infections last quarter are from Google Play and what percentage are people who experienced malware via email or SMS and what percentage got it from piracy?
no system is ultimately secure, malware has gotten into all app stores
You are conveniently putting aside the differences in the level of security. It's much the same as 'everybody copies product features'. They aren't all to the same degree. Apple's setup is more secure and the results of that are clear from the infection rates. This idea that everybody who got infected on Android deserved what they got doesn't hold up, not least because you can't claim that allowing 3rd party installs is a benefit of Android's openness and then when someone becomes a victim of malware, suggest it's because they were too dumb that they actually used the feature and should have restricted their buying to Google's own walled garden.
Are you guys relying on an Alcatel-Lucent product promo piece for the claims of millions of mobile device malicious app installs? That's the only one I found that sounds remotely similar. Would you expect them to do anything but over-dramatize the threat of mobile malware when trying to sell a network security product they've created? In fact they've been saying essentially the same thing for several years. The 2011 report is here: http://www.kindsight.net/en/blog/2011/12/21/was-mobile-malware-problem-in-2011
"Not only is Android the largest smartphone market, unlike iPhone and Blackberry, it allows apps to be loaded from third party sites. This provides cybercriminals with an un-policed mechanism to distribute their [B]malware which can easily evade detection by device-based anti-virus. Thus, in 2013 we saw an increased trend towards operators offering network based anti-virus security to subscribers as a service."[/B]
And gosh gee-whiz they just happen to be demoing a [B]cloud-based network security product as a service.[/B] Whoda thunk? "Alcatel-Lucent with be exhibiting its cloud-based Kindsight Security Solution at Mobile World Congress in Barcelona, Spain, February 24-27, 2014, Hall #3, Booth #3K10 at at the Fira Gran Via."
No doubt harmful apps exist and almost certainly more so on Android than iOS. No doubt either IMHO that their prevalence is severely overstated. Evidence for millions upon millions of actual harmful app installs is suspiciously lacking and not everything they call malware is malicious in the first place.
Are you guys relying on an Alcatel-Lucent product promo piece for the claims of millions of mobile device malicious app installs? That's the only one I found that sounds remotely similar. Would you expect them to do anything but dramatize the threat of mobile malware when trying to sell a new network security product they've created?
I could ask 'Are you guys relying on Google's promo piece for the claims that Android is secure? That's the only one I found that sounds remotely similar. Would you expect them to do anything but downplay the threat of mobile malware when trying to sell a product they've created?'
Do you have any stats to back that up or are you assuming this? Some of the malware came from the Google Play Store. What percentage of the 7 million infections last quarter are from Google Play and what percentage are people who experienced malware via email or SMS and what percentage got it from piracy?
I believe Gatorguy posted the details either on this thread or another about how something like 0.001% of apps are potentially harmful and that users will still click through the warnings. As he also said, I'm not sure I trust those statistics, I can find no solid stats at all on infection vectors. However I have confirmed some of this personally by inspecting the contents of APKs that generally come with a webpage urging you to disable your device's security.
Quote:
You are conveniently putting aside the differences in the level of security. It's much the same as 'everybody copies product features'. They aren't all to the same degree. Apple's setup is more secure and the results of that are clear from the infection rates. This idea that everybody who got infected on Android deserved what they got doesn't hold up, not least because you can't claim that allowing 3rd party installs is a benefit of Android's openness and then when someone becomes a victim of malware, suggest it's because they were too dumb that they actually used the feature and should have restricted their buying to Google's own walled garden.
I have no idea what copying has to do with anything. I also didn't say that people deserved what they got, just that the average user is not installing random extra app stores for pirated media and ignoring the warnings on their screen.
The irony of your statement is that Apple chooses almost exactly the same model for OSX as Google does for Android. Third party installs blocked by default but possible manually. This is a perfectly valid system and so I cannot see where your criticism is coming from. Of course more people will be infected if they have the option to ignore safeguards.
I could ask 'Are you guys relying on Google's promo piece for the claims that Android is secure? That's the only one I found that sounds remotely similar. Would you expect them to do anything but downplay the threat of mobile malware when trying to sell a product they've created?'
What's the real infection rate?
Well there ya go, tho if I recall you cited that same report as support for an argument you were making not all that long ago.
Mel did much the same thing yesterday, publicly stating an opinion that was sure to be unpopular with some of the most vocal AI members. It's not an easy thing to do and he deserves respect for having the courage to post it just as you do. But courage is wasted if conviction is lacking when that unpopular opinion is challenged.
I can't imagine you've now changed your outlook so quickly since your opinions generally appear to be well-considered and supportable.
Are you guys relying on an Alcatel-Lucent product promo piece for the claims of millions of mobile device malicious app installs? That's the only one I found that sounds remotely similar. Would you expect them to do anything but over-dramatize the threat of mobile malware when trying to sell a network security product they've created? In fact they've been saying essentially the same thing for several years. The 2011 report is here: http://www.kindsight.net/en/blog/2011/12/21/was-mobile-malware-problem-in-2011
"Not only is Android the largest smartphone market, unlike iPhone and Blackberry, it allows apps to be loaded from third party sites. This provides cybercriminals with an un-policed mechanism to distribute their malware which can easily evade detection by device-based anti-virus. Thus, in 2013 we saw an increased trend towards operators offering network based anti-virus security to subscribers as a service."
And gosh gee-whiz they just happen to be demoing a cloud-based network security product as a service. Whoda thunk?
"Alcatel-Lucent with be exhibiting its cloud-based Kindsight Security Solution at Mobile World Congress in Barcelona, Spain, February 24-27, 2014, Hall #3, Booth #3K10 at at the Fira Gran Via."
No doubt harmful apps exist and almost certainly more so on Android than iOS. No doubt either IMHO that their prevalence is severely overstated. Evidence for millions upon millions of actual harmful app installs is suspiciously lacking and not everything they call malware is malicious in the first place.
Well gosh, gee it sounds like the crap Google touts in denial come up with when denying there is an issue.
I've said it once, I'll say it again, Google don't give a shit as long as they can sell ads, theirs is a bums on seats game.
I could ask 'Are you guys relying on Google's promo piece for the claims that Android is secure? That's the only one I found that sounds remotely similar. Would you expect them to do anything but downplay the threat of mobile malware when trying to sell a product they've created?'
What's the real infection rate?
The ONLY apps Google are interested in removing from their repository are ad blockers which interfere with their only source of revenue.
I also didn't say that people deserved what they got, just that the average user is not installing random extra app stores for pirated media and ignoring the warnings on their screen.
But you have no stats to back that up, that's just what you assume to be the case. It's a lot like the assumptions people make about jailbreakers not doing it for the piracy. There's no stats to back it up so they just make a decision about it and then repeat it as fact.
The irony of your statement is that Apple chooses almost exactly the same model for OSX as Google does for Android. Third party installs blocked by default but possible manually. This is a perfectly valid system and so I cannot see where your criticism is coming from. Of course more people will be infected if they have the option to ignore safeguards.
There's no irony there, OS X is less secure than iOS too. The point is that iOS is more secure than Android from a user's point of view and my criticism is that Android promoters use statements like 'there's been malware in the App Store too' to try and put everything on equal ground. The agenda being to highlight Apple's 'closed' approach as having no tangible benefit.
Mel did much the same thing yesterday, publicly stating an opinion that was sure to be unpopular with some of the most vocal AI members. It's not an easy thing to do and he deserves respect for having the courage to post it just as you do. But courage is wasted if conviction is lacking when that unpopular opinion is challenged.
I can't imagine you've now changed your outlook so quickly since your opinions generally appear to be well-considered and supportable.
The report mentioned above is a different report for late 2013. I couldn't have used it in the post you linked to as the data wasn't published until later:
Data changes, opinions change, unless you're the kind to stick to opinions and assume the facts fit. All I said before was that there was no data at the time with evidence of infection rates. There is at least some now. You haven't shown anything to counter it besides suggesting their data isn't credible.
The report mentioned above is a different report for late 2013. I couldn't have used it in the post you linked to as the data wasn't published until later:
Data changes, opinions change, unless you're the kind to stick to opinions and assume the facts fit. All I said before was that there was no data at the time with evidence of infection rates. There is at least some now. You haven't shown anything to counter it besides suggesting their data isn't credible.
Nope. The .001% harmful infection rate I quoted and that you suggested could be turned around like Alcatel's stats came from the exact same security report you were using to bolster your argument. Just look at the SecurityLedger link you offered.
Your quote:
"It's expected that Google will choose the most flattering stats but there doesn't appear to be stats that say otherwise:
"data collected by the Verify Apps service, which logs events involving a hazardous applications, found that only 1,200 of 1.5 billion application install attempts were incidents in which “potentially harmful applications” ended up being installed on an Android device.
...Although most people here naturally want Android to fail in some regard, I'd say it's better if Google proves they can run a less restricted distribution service safely. That's what we have on OS X already."
So in January you certainly seemed to believe those stats looked to be correct with truly malicious Android malware no longer a major concern as in years past and Google is doing the right thing by trying to be less restrictive.
What thing of significance changed your mind in the past 30 days or so, or did you change your mind?
Comments
Apple could have the best of both using the equivalent of a virtual machine. Think of a VMWare-like sandbox that you would be allowed to install apps from anywhere and run on your phone but that had no access at all to the hardware-level OS and filesystem. This can be used by developers to run self-signed apps. It could take up more space if it copied the entire OS files but it's no more than 4GB and the people needing this functionality would be happy to compromise this much space. This space would have no access to contacts or root level apps and data - possibly limited/throttled access to mobile data. This would allow 3rd party stores and it wouldn't matter if there was a security issue as it would be contained in the VM. Apple would simple say, if something messes up, reset the VM and that's where their support ends.
Most people won't install the VM and it takes away the desire to jailbreak the OS via security flaws, Apple doesn't need to open source the OS and doesn't need to support 3rd party security vulnerabilities.
You're essentially describing an Android app with no manifest permissions. It's sandboxed, run under its own UID, given no access to anything but its own storage.
The problem is that kernel exploits are harder to prevent, and the update issue bites again. Apple surely could fix this but what motivation do they have to do it? No matter what hypervisor you use, there's lots of potential exploits that would permit elevation. I'm not au fait with iOS' sandboxing but I believe it is pretty similar in extent to Android's and both are still broken on a fairly regular basis (rooting, jailbreaking etc)
Second class apps are never a good idea, Apple has (AFAIK) abandoned using private APIs everywhere too because it is generally a poor design choice so I feel that really it's all or nothing. Apple could certainly limit 'third party' apps from having access to say iCloud APIs, but not even having access to location or accelerometer would limit apps excessively.
Not really as it still directly accesses the root OS APIs, an app in a virtual machine accesses a virtual copy of those so it's one layer removed from the root OS so anything like a keylogger would only work inside the VM.
Is there Windows malware that allows VMWare to exploit OS X? Maybe that's down to the volume of users but it seems like it would be pretty safe.
Not really as it still directly accesses the root OS APIs, an app in a virtual machine accesses a virtual copy of those so it's one layer removed from the root OS so anything like a keylogger would only work inside the VM.
In the Android case I believe the APIs it has access to are pretty much wrapped versions of the underlying Linux ones. I'm not much of an Android developer though.
I doubt there is, but you're 'pretty safe' regardless on Android unless you install apps that want ridiculous permissions. That's the vast majority of 'malware' anyway, people ignoring that the wallpaper app can send SMSs and read their contacts. That and dodgy ad networks trying to harvest information. I'm just pointing out there are no real safeguards that can be ultimately relied upon, Apple's review process has let malicious software through before as well.
Uh, Android has a signed boot chain, signed packages, external packages off by default and a manifest based permission framework.
Perhaps before saying what lessons have been learned, you should actually go take those lessons yourself and learn the differences. Windows XP etc were nightmares for security because users would trivially elevate programs to Administrator as it had to be run so often even for things like deleting desktop icons.
Android by default does not permit Administrator level access. Honestly you're completely wrong.
...and if you want to use one of the 500 other program repositories for Android?
This is when "users trivially elevate programs", mainly because they want free (pirated) stuff, like their friends.
I've lost track of the number of people who equate "openness" with the ability to run torrent software on their phone.
Google don't give a shit as long as they can serve their ads.
...and if you want to use one of the 500 other program repositories for Android?
They for the most part, still have to present permissions lists to the user, which the user has to ignore.
Once you have a user ignoring what the screen says, you're left with no other choice but to go with Apple's plan or accept that people can get themselves into trouble. I don't have a problem with the latter as the former is never perfect.
They for the most part, still have to present permissions lists to the user, which the user has to ignore.
Once you have a user ignoring what the screen says, you're left with no other choice but to go with Apple's plan or accept that people can get themselves into trouble. I don't have a problem with the latter as the former is never perfect.
So you choose the fingers in the ears, this is not really happening approach.
Meanwhile Apple released this a pdf which gets pretty heavily into the cryptography behind things like iMessage, iCloud and Keychain.
So you choose the fingers in the ears, this is not really happening approach.
Where did I say that? People do get infected with malware, but the majority of these are trying to install pirated apps or games. This isn't the experience of the 'average' user. It's pointless dumbing things down until there's 0 possibility of attack because that also means there's 0 functionality. As we've recently seen, a single errant line of code can completely destroy a whole series of important security mechanisms for tens if not hundreds of millions of users.
Apple's crypto work is generally above par, and it's a real shame that this bug was introduced. Clearly there's some better coding standards that need to be maintained and perhaps a stronger testing process, but these sorts of bugs unfortunately happen everywhere. That's my point in general, that no system is ultimately secure, malware has gotten into all app stores including the pre app-store package repositories used by Linux distributions. It's just a fact of life and permitting free installation is a perfectly viable strategy as long as it's restricted like Google do.
Between Verify Apps which checks even side-loaded applications and the official Google Play scans (still called Bouncer AFAIK) there's really a miniscule chance that the average Android user will ever encounter an app that causes them harm even straying once in awhile from Google Play. I doubt you personally know of even a single Android user who suffered actual harm from malware despite your apparent wish that it was widespread
EDIT: Google responds to new malware even quicker than I realized according to this article.
http://blogs.computerworld.com/android/23590/google-android-security
and Verify Apps just got another update, now continuously monitoring.
Do you have any stats to back that up or are you assuming this? Some of the malware came from the Google Play Store. What percentage of the 7 million infections last quarter are from Google Play and what percentage are people who experienced malware via email or SMS and what percentage got it from piracy?
You are conveniently putting aside the differences in the level of security. It's much the same as 'everybody copies product features'. They aren't all to the same degree. Apple's setup is more secure and the results of that are clear from the infection rates. This idea that everybody who got infected on Android deserved what they got doesn't hold up, not least because you can't claim that allowing 3rd party installs is a benefit of Android's openness and then when someone becomes a victim of malware, suggest it's because they were too dumb that they actually used the feature and should have restricted their buying to Google's own walled garden.
http://www.kindsight.net/en/blog/2011/12/21/was-mobile-malware-problem-in-2011
"Not only is Android the largest smartphone market, unlike iPhone and Blackberry, it allows apps to be loaded from third party sites. This provides cybercriminals with an un-policed mechanism to distribute their [B]malware which can easily evade detection by device-based anti-virus. Thus, in 2013 we saw an increased trend towards operators offering network based anti-virus security to subscribers as a service."[/B]
And gosh gee-whiz they just happen to be demoing a [B]cloud-based network security product as a service.[/B] Whoda thunk?
"Alcatel-Lucent with be exhibiting its cloud-based Kindsight Security Solution at Mobile World Congress in Barcelona, Spain, February 24-27, 2014, Hall #3, Booth #3K10 at at the Fira Gran Via."
No doubt harmful apps exist and almost certainly more so on Android than iOS. No doubt either IMHO that their prevalence is severely overstated. Evidence for millions upon millions of actual harmful app installs is suspiciously lacking and not everything they call malware is malicious in the first place.
I could ask 'Are you guys relying on Google's promo piece for the claims that Android is secure? That's the only one I found that sounds remotely similar. Would you expect them to do anything but downplay the threat of mobile malware when trying to sell a product they've created?'
What's the real infection rate?
Do you have any stats to back that up or are you assuming this? Some of the malware came from the Google Play Store. What percentage of the 7 million infections last quarter are from Google Play and what percentage are people who experienced malware via email or SMS and what percentage got it from piracy?
I believe Gatorguy posted the details either on this thread or another about how something like 0.001% of apps are potentially harmful and that users will still click through the warnings. As he also said, I'm not sure I trust those statistics, I can find no solid stats at all on infection vectors. However I have confirmed some of this personally by inspecting the contents of APKs that generally come with a webpage urging you to disable your device's security.
I have no idea what copying has to do with anything. I also didn't say that people deserved what they got, just that the average user is not installing random extra app stores for pirated media and ignoring the warnings on their screen.
The irony of your statement is that Apple chooses almost exactly the same model for OSX as Google does for Android. Third party installs blocked by default but possible manually. This is a perfectly valid system and so I cannot see where your criticism is coming from. Of course more people will be infected if they have the option to ignore safeguards.
Consider
vs
Well there ya go, tho if I recall you cited that same report as support for an argument you were making not all that long ago.
Edit: I did recall correctly
http://forums.appleinsider.com/t/161673/apples-phil-schiller-plugs-security-report-showing-99-of-mobile-malware-targets-android/40#post_2460927
You didn't say it shouldn't be trusted then. In fact you said you couldn't find stats that indicated Google's stats shouldn't be considered t valid. I saw it as one of your more straightforward and unbiased appraisals. Commendable but potentially inviting attack as it went against the popular notions pushed by some forum members.
Mel did much the same thing yesterday, publicly stating an opinion that was sure to be unpopular with some of the most vocal AI members. It's not an easy thing to do and he deserves respect for having the courage to post it just as you do. But courage is wasted if conviction is lacking when that unpopular opinion is challenged.
I can't imagine you've now changed your outlook so quickly since your opinions generally appear to be well-considered and supportable.
Define what you mean by Android's "average user"?
Chances are they are using an older version of Android on a cheap, low powered device where things like hardware encryption are left out to cut costs.
Well gosh, gee it sounds like the crap Google touts in denial come up with when denying there is an issue.
I've said it once, I'll say it again, Google don't give a shit as long as they can sell ads, theirs is a bums on seats game.
The ONLY apps Google are interested in removing from their repository are ad blockers which interfere with their only source of revenue.
...
I thought the /S, which I did not post, would have been evident.
Sorry.
But you have no stats to back that up, that's just what you assume to be the case. It's a lot like the assumptions people make about jailbreakers not doing it for the piracy. There's no stats to back it up so they just make a decision about it and then repeat it as fact.
There's no irony there, OS X is less secure than iOS too. The point is that iOS is more secure than Android from a user's point of view and my criticism is that Android promoters use statements like 'there's been malware in the App Store too' to try and put everything on equal ground. The agenda being to highlight Apple's 'closed' approach as having no tangible benefit.
The report mentioned above is a different report for late 2013. I couldn't have used it in the post you linked to as the data wasn't published until later:
http://online.wsj.com/article/PR-CO-20140129-904928.html
Data changes, opinions change, unless you're the kind to stick to opinions and assume the facts fit. All I said before was that there was no data at the time with evidence of infection rates. There is at least some now. You haven't shown anything to counter it besides suggesting their data isn't credible.
Your quote:
"It's expected that Google will choose the most flattering stats but there doesn't appear to be stats that say otherwise:
https://securityledger.com/2013/10/googles-data-say-android-is-safe-but-is-that-the-whole-story/
"data collected by the Verify Apps service, which logs events involving a hazardous applications, found that only 1,200 of 1.5 billion application install attempts were incidents in which “potentially harmful applications” ended up being installed on an Android device.
...Although most people here naturally want Android to fail in some regard, I'd say it's better if Google proves they can run a less restricted distribution service safely. That's what we have on OS X already."
So in January you certainly seemed to believe those stats looked to be correct with truly malicious Android malware no longer a major concern as in years past and Google is doing the right thing by trying to be less restrictive.
What thing of significance changed your mind in the past 30 days or so, or did you change your mind?