Does 'open' mean 'lack of security'?
According to Google, no. Instead, an open platform is the best path to take in order to make a platform as impermeable to threats as possible.
On Thursday, FrAndroid reported that Google's head of the Android division, Sundar Pichai, responded in a very candid way when asked about the operating system's security at Mobile World Congress in Barcelona, Spain.
The publication said that Pichai's comments were as below:
"We cannot guarantee that Android is designed to be safe, the format was designed to give more freedom. When people talk about 90 percent of malware for Android, they must of course take into account the fact that it is the most popular operating system in the world. If I had a company dedicated to malware, I would also be addressing my attacks on Android."
Naturally, responding in such a self-critical fashion would have raised a few eyebrows. However, Google has provided a full transcript of the executive's commentary -- one which sheds a very different light on the issue.
Instead of Android not being geared towards security, Pichai actually said that the open nature of the platform gives the OS better scope in threat protection -- as many minds, developers and security experts can pitch in and both fix problems and shore up defenses.
The transcript provided is below:
"Sorry, the premise of the question is because Android is open, it has more security issues? Respectfully, I'm not sure that's a correct premise of the question. Open platforms historically undergo a lot of scrutiny, but there are a lot of advantages to having an open source platform from a security standpoint. I would argue that it's the best way for a platform to be secure, because every researcher in the world can inspect it, every developer in the world can inspect it, and I think that contributes a lot to Android security."
However, like any piece of software, security flaws and problems exist. The Google executive went on to say that older versions of the operating system shipped with devices can have security vulnerabilities present that are patched in updated variations, and this can mean devices are not secure.
"We go to great lengths--the depth of work in Android to make it secure; the depth of work done by Google Play...Google Play automatically scans and verifies thousands of applications for malware," Pichai's response reads. "We track data on this. It's state of the art in terms of what we do. What you see across the ecosystem...people will ship good phones and keep them updated...you will have some phones that will not be updated. That's where we see issues. Not Android at a fundamental level."
Contrary to saying that Android was not designed to be secure, the Android chief's final comment says it all:
"As long as you're on a phone and able to update, Android is very very secure. It's designed to be very very secure. I would go as far to say -- open systems are far more secure. We do this on the browser side. Chrome is very secure. The fact that some things are open, by any stretch of the imagination, does not make it any less secure."
Although Pichai admitted that Android is a top target for cyberattackers, he also made the point that the operating system with the largest marketshare is likely to be. However, this doesn't mean that because a user is on the Android platform they are then fundamentally more compromised.