Android security issues are market led

Android security issues are market led

Summary: Google's open app marketplace is hurting the work it has put into making Android secure, but that still doesn't mean that it should close it off like Apple, according to Trend Micro chief technology officer Raimund Genes.

SHARE:

Google's open app marketplace is hurting the work it has put into making Android secure, but that still doesn't mean that it should close it off like Apple, according to Trend Micro chief technology officer Raimund Genes.

(Unity image by rjp, CC BY 2.0)

In an interview with ZDNet Australia, Genes said that he is concerned at the rate at which malware for Android is beginning to appear in the wild, and what his company has had to do to prepare.

"Last year, we saw the first trojan for Android. Now we are tracking several hundred, and we are scaling up our back end to [handle] 120,000 next year. My team told me that this is a conservative estimate."

But Genes didn't point to Google's operating system as the reason for why these figures are on the increase.

"[It's] not that Google has done a bad job; it's [because] they don't have a closed ecosystem like Apple. Apple gets 30 per cent on everything that is purchased through the App Store, so they have a real interest to keep the App Store clean. Google, with its openness, is not winning."

That doesn't necessarily mean that Google should follow Apple's example, according to Genes.

"I wouldn't say that [Google] should close up the marketplace, but I would say that every independent app-store provider should do a review [of the apps it publishes]."

Another feature that Genes wants to see are certificates proving who wrote the applications, and from which country they are based. These could also be tied in to a user-moderated "trust" scheme, so that others could identify whether they should avoid certain apps.

Genes' reluctance to encourage closed ecosystems comes from his concerns that being closed allows Apple to hide security issues.

"Apple never talks about security. It's not a safe operating system, but it's perceived as a safe operating system, because they're control freaks.

"Apple doesn't have a closed ecosystem, because they want to harm the users, Apple wants a perfect user experience."

When security issues do arise, Genes said that users often don't realise, because it is patched quietly. He pointed to a flaw that allowed smart covers to bypass the iPad 2's lock screen to a limited extent as an example.

"They fixed it. Did you know that they fixed it? They are normally very fast, but they don't want to confront the user with it."

While Apple releases patch notes with security updates, its official policy on security issues is to not disclose, discuss or confirm them until a full investigation has occurred, and any necessary patches or releases are available.

Apple's control extends to how applications can be built on iOS. Former AVG evangelist Lloyd Borrett also touched on this issue, stating that he suspects that the way Apple has locked its devices down has made it difficult for security firms like AVG and Trend Micro to do their jobs.

At the moment, security vendors have been creating Android-only security products, with any iOS-compatible products being cut-down versions, or limited in many ways.

Genes confirmed that it is entirely possible for Trend Micro to create a fully featured version of a security product for iOS, but that doing so would require jailbreaking the device.

"Our development team in China tried to convince me [to make] one for the iOS, as well. They showed me they could do it all."

But Genes eventually declined out of fear that Apple would cut the company off.

"If we do this, Apple will not talk with us anymore. Other A/V companies did it, and Apple didn't talk with them for a while."

Topics: Android, Apple, Google, Mobility, Open Source, Security

Michael Lee

About Michael Lee

A Sydney, Australia-based journalist, Michael Lee covers a gamut of news in the technology space including information security, state Government initiatives, and local startups.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

3 comments
Log in or register to join the discussion
  • Of course the CTO of an anti-virus company doesn't want Google to tighten up security. His whole industry was created from the lackadaisical attitude of Microsoft, and is threatened by Apple having a real human review all code before it's published.

    If Google becomes as successful at this as Apple, then an entire industry would fall apart! Think of the jobs lost!
    Mordaxus
  • Of course the CTO of an anti-virus company will claim their will be 120,000 viruses floating around next year for android. They love peddling fear, that's their revenue stream. Its also absolute rubbish, my team told me.
    lexxander@...
  • And do you guys get fluvax when your doctor recommends it? Same principle. Its a revenue stream. Most everyone runs an AV program, as a precaution. Even on non-Windows systems.
    meski.oz@...