One of the stigmas Android has long had to live with is its alleged lack of security. Despite patches deployed directly by Google every month, the slowness of intermediaries such as carriers and OEMs has put the whole platform in a position of uncertainty, especially when compared with the more vertically integrated iOS.
Of course, however, Android’s director of security Adrian Ludwig disagrees…
Speaking to Vice’s Motherboard following a security conference in Manhattan yesterday, Ludwig remarked Google’s advancements in securing its mobile platform, and putting it in direct comparison with its rival. “For almost all threat models, they are nearly identical in terms of their platform-level capabilities,” he said.
Among the other questions raised was a more direct face-off of the iPhone with Google’s new Pixel, and when asked whether the two are equal when it comes to security, Ludwig replied saying “for sure”, not mincing his words. And actually, according to the report, he also added that Android will soon “be better”.
Apparently, “In the long term, the open ecosystem of Android is going to put it in a much better place,” as per Ludwig, without however giving any further explanation. He did touch on Android’s built-in security product called “Safety Net”, though, stating that the service scans about 400 million devices and over 6 billion apps every single day.
The results of these checks matched with the security measures already built into the OS make sure that a very small number of devices is left out and thus potentially subject of malware — or, in Google’s terms, PHAs, Potentially Harmful Applications. In a graph Ludwig showed at the conference, in fact, less than 1% of Android devices resulted affected.
To expand on the point, he brought last year’s much-discussed Stagefright security breach into the conversation, stating that despite the discovery of several critical bugs, a real-life hack on an Android device is yet to be seen. “At this point we still don’t have any confirmed instances of exploitation in the wild,” he said.
This obviously doesn’t mean that there isn’t much left to do, from both Google’s side as well as the carriers’ and the manufacturers’. “We got quite a bit of work left to do to get to a point where that actually happens on a regular basis across the whole the ecosystem,” Ludwig said.
But as far as big, platform-wise harmful exploitations, we should be tranquil, as targeting a large number of people simultaneously is “almost impossible”. Said Ludwig: “Mass exploitation is something that I’m not expecting that we’re going to see at any point in the Android ecosystem.”