Google's Schmidt: Android more secure than iPhone

Google's Schmidt: Android more secure than iPhone

Summary: Executive chairman dances around straight answer while talking up Android security.


ORLANDO — Delivered with a spice of arrogance, Google's executive chairman Eric Schmidt on Monday declared the Android platform more secure than Apple's iPhone.


The comparison, made during a question-and-answer session at the Gartner Symposium/ITxpo, drew laughter from a packed-house audience.

Gartner analyst David Willis, who is chief of research for mobility and communications and who runs Gartner's Senior Research Board, said to Schmidt: "If you polled many people in this audience they would say Google Android is not their principal platform [...] When you say Android, people say, wait a minute, Android is not secure."

Schmidt didn't miss a beat, replying, "Not secure? It's more secure than the iPhone."

The Google chairman danced around a straight answer explaining Android has more than a billion users, is a platform that will be around for a while, and therefore goes through rigorous real-world security testing.

Schmidt then offered up another complaint he often hears — that the platform is fragmented — and then he shot that down. "With Android we have an agreement for vendors that you keep the Android stores compatible and that is a great breakthrough for Android," he said.

Schmidt compared it to his Unix days in the 1980s, saying, "The key thing was that we did not have an app store to keep the Unix people together."

Android is the most widely used operating system, based on worldwide market and usage share statistics. And Google has made efforts to upgrade Android's security, including new security features released in August for Jelly Bean 4.3 and the addition of two new features that work with almost all currently used versions of the OS.

Schmidt said in the distant future there would be an assumption that nothing is secure and that security will be devised on a per app basis for each user.

The iPhone comments and back-and-forth were just a piece of Schmidt's 45-minute question-and-answer session with Willis and his Gartner colleague Drue Reeves, also a Gartner Distinguished Analyst. Schmidt talked about Google as an enterprise application provider, Google Now, Chinese hackers, email, bottoms up management, research on aging, Google management, the computer industry, privacy and trust among other topics.

Summarizing what he had heard during the 45-minute session, Willis said to Schimdt, "What I heard was Android is more secure than the iPhone," to which Schmidt replied, "Android is very secure."

The audience again gave a hearty chuckle. Schmidt paused and said, "You will be happier with Gmail, Chrome and Android more than you can possibly imagine."

The audience chuckled again, and Willis, chuckling himself, responded, "...that makes it a wrap."

Topics: Android, Google, iPhone, Google Apps


John Fontana is a journalist focusing on authentication, identity, privacy and security issues. Currently, he is the Identity Evangelist for strong authentication vendor Yubico, where he also blogs about industry issues and standards work, including the FIDO Alliance.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.


Log in or register to join the discussion
  • Middleman updates are the problem with Android

    Until Google takes the OEMs and Carriers out of update equation, Google will never be as secure as the iphone.
    • they have

      They have decoupled most of their core apps from the OS and they get updated in the Play Store. Also Google Play Services (supports Android 2.2 and up) automatically gets updated in the background to support all of the new API's. From 4.1-4.3 what has really changed? Mostly low level kernel changes and hardware support for new devices. Sure 4.2 brought lock screen widgets but how many people use those very extensively?
      • Admit it: Google screw up

        Oh come on! Stop being an apologist. Android updates are a clusterf**k of epic proportions. You know it so stop making excuses for Google.

        I've owned two Android phones and both of them never received updates so I was forever stuck in limbo. Google needs to start playing hardball and actually start giving a rip what the Android customer experience is like. They're one of the biggest freakin' companies on the planet and you make it sound like they're at the mercy of everyone else or that updates aren't a big deal because of API levels. Give it up. The bottom line is that Google doesn't care enough to do the hard work. Look at Apple. They cut OEMs out of the equation and went to the carriers with a list of demands and refused to back down. Google could have done the same but didn't.
        Andre Richards
        • Re: Google needs to start playing hardball

          This essentially means that Android market share will go down. Google cannot let that happen, because they make money out of the data each of these Android devices send home. Not from the hardware, not from the software. They want the platform as "easy" as possible, because this is the only viable business model at the moment.

          Consider what happened with Windows: as long as Microsoft kept it wide open, and easy to penetrate by malware as a side effect, customers went there in droves, because it was "easy". Now that Microsoft got worried about the malware problem and started tightening the platform, more and more jump ship and Window's market share begins to shrink.

          Again, not that Google can't fix up their game, but this kind of fixing is not (currently) in their agenda.
          • Paradigmed Assumptions

            You are professing a solution based on the iOS model. Why?
            I use both but at the end of the day I have had far less issues with Android than with iOS; this applies to both phones and tablets. We are talking software, not hardware.
          • I think you're the minority

            I think you'll find you're the minority on the issue spectrum.would love to know the issues you have... You must be a exception case.
            Dave van Dugteren
          • Also they were busted controlling devices

            The lawsuit with skyhook showed their CEO actually approves devices to the device, that can offer "official android" phones. Using their compatibility requirements and contracts they actually review device code before any devices are shipped with approved "real android", and partners are not allowed to try to replace their spyware as just a start.
            Since google actually does keep such tight reign over android devices, otherwise they take away the spyware google apps that they make sure are needed for "real android" function without breaking things, I'm just saying they do control carrier updates and commitments. They just don't like telling their customers because it's a nice scam. Everyone gets to spy on you and you get a cheap device subsidized so more people can carry that spyware, and google is not responsible for updates. Win-win for them.
        • I used to agree...

          But Google licences Android. It's not like iOS where Apple controls the OS, hardware, software, everything. It's open source - open for anyone to license and use as they will.

          We need to decry the manufacturers and carriers for not updating to the latest version of Android, not Google. How is Google going to, basically, force those who have a licence to use Android as they will to update their licensed, customized version of an open source OS? Answer 1: they can't. Answer 2: close it down and make it more Apple-ish. Which no one wants.
          • Nicely Said

          • Not partners pushing android phones

            Why do you think anyone who replaces their spyware has to fork a whole new product?
            The skyhook lawsuit produced court documents showing they actually keep an iron fist behind the curtain to make sure carriers and manufacturers don't try to replace their spyware, and the "open source base" specifically is created with holes so people need to install those google apps with closed system level permissions and give them control back.
            A manufacturer cannot produce a "real android" device and call it android and make it compatible with their market if they actually fork it and fall outside google's good graces, or you have a nook or ebook reader and compatibility issues from APIs they hold back into the closed source spyware apps.
            The idea that manufacturers can do what they want is false PR.
          • Spyware?

            The google ecosystem is based on targetted advertising as its basic premise. If you don't care for this, you shouldn't use android or any other "free" google service.

            Good luck finding a service where you are not spied on!
          • I don't

            But it's still spyware. It's designed to spy on you in return for free candy, and build a nice little dossier on you so they can make money off of selling you as a product to advertisers.
            It's a give and take, but pretending it's not designed and given away for free specifically to spy on you and collect info to make their real business of building a profile for advertisements (SPYWARE) doesn't really help the discussion.
            Just acknowledge it's main purpose from their end is spyware, and in return you get a cheaper product that works pretty good. It's as simple as that, but again, putting blinders on that it is essentially just a carrier for spyware doesn't help have a conversation about the pluses and minuses of that arrangement from a security standpoint. Pretending otherwise prevents acknowledging those tradeoffs.
          • So you're empty argument is "they all spy"

            There really are different levels of intrusive invasion of privacy, but if you bought the boat full of holes and want to call it secure, that's up to you.
            Here's some examples of buying something versus free candy though:
            Buy word. You use word on your computer. It's on your device, so you are not being spied on everything you type. Use google docs, it's in the cloud, and you are spied on every key you type. There's a big difference based on the choice you make and the price you pay. Of course even with apple you can CHOSE to use services that "spy" or upload to them like siri or iCloud. When it's a "free" service or OS with the implicit agreement they have the right to spy on everything, it's just a little different, but that's the choice you make and good for you. To put blinders on and call it "more secure" or just as private as actually paying for something with a little more security and privacy is not informed, as each choice you make has levels of tradeoff that matter to others more than you I guess.
          • Open Source?

            Stop saying Android is open source. It's not anymore. Starting with version 4.0, they closed the source of all but the most frivolous parts of Android.

            Christoper Tracy
          • bull

            Android is open source. None of the source code is hidden.
            The article is referring to the openness of the OS with respect to FOSS standards for updates and change. That's a difference matter to open source.
            Android is fully open source. Add device drivers and you have a complete OS.
          • It has an open source component

            IOS also has an open source kernel that can reviewed. Granted, google has more of an open source layer, but in the end, they control the core development team and leave key parts out so that you need to install the closed source google apps that get to run with system privileges, designed to fit like a glove.
            Essentially, even if you root it, you will give them back system level spyware control by reinstalling their google services apps, or be left with a crippled device. Once you reinstall their closed source apps, the spyware layer they designed it to need, and they are smooth so you will reinstall it right back on, it is no longer open source anymore.
          • Nobody forced anybody to use Google apps.

            And you can easily replace the functionality of Google apps with other apps and services.
            Google sells advertising. That's all they need to do to make money. Google will build a profile on you to target advertising at you (so will Microsoft and Yahoo). If they sold their customers a dossier identifying you, then their customers - people who want them to target your demographic - wouldn't need them anymore.
        • What is your point?

          You've owned?

          What phones?

          Galaxy S II went from GB to ICS to JB, JB came with a complete Software Refresh TW 4 to TW Nature UX. Same with the Note.

          Galaxy S III will likely go from ICS to JB to Kit Kat. Can probably expect the same with the Note II.

          Galaxy S IV will likely go from JB to Kit Kat to whatever is after Kit Kat. Note 3 will almost assuredly go from JB to KK to whatever is after KK.

          My Galaxy S II Skyrocket go the JB update like 17 months after it was released. At that point, I don't even care if it gets another update because before I care I'll be on another phone (and I have upgraded since then).

          Samsung does keep their devices updated. At least the high end and high-mid-range models (low end models you get what you paid for, don't expect them to waste that much updating your $150-200 phone).

          HTC is decent with Updates. Motorola is decent with Updates. Sony is pretty decent with Updates now. Even LG is a bit better with Updates. I mean, Updates haven't really been an issue since quite early in 2012 so unless you had a bottom barrel or rather old model I don't understand what your point is on the eve of 2014...
          • People want a $100 smartphone to have the same level of support

            ... a $700 smartphone have. That is not going to happen.
          • They are ALL awful

            I'm as big an Android fanboy as anyone out there. But as far as OS updates are concerned, Android is simply in an awful state. JB has just now reached 50%. And that's because there have been 3 JB releases so far. So anything from 4.1-4.3 is JB. My S3 is still on 4.1.2.

            Google can most definitely fix the problem. But simply don't have the will to do so. First of all, create a hardware abstraction layer (which is not that big a deal, given its Linux underpinings). Deny every manufacturer future access to Google Apps unless drivers for existing phones (at least 2 years old) are not provided to Google PRIOR to the release of a new OS. Make an OS update for ALL phones using the binaries and radios of the existing phone and not just the latest Nexus device and have it ready on their web sites for download ON THE DAY a new OS is released, just like Apple. If you make it as easy to update the OS as Apple does, then you won't have this discussion about fragmentation and security.

            Google is going in absolutely the wrong direction by making what should have been OS level changes in the Play Services. Which means that their own apps benefit, but instead of being APIs in the OS, they are in the Play Services. If I'm developing an Android app, I used to be able to code to an API level. Now, I may or may not have the base functionality. I certainly wont have it on the Kindle Fires. Or maybe on Cyanogenmod or any of the Chinese phones which don't have Gapps. I'm not liking this decidedly ungoogly and closed approach.

            I do agree with Schmidt. Android is definitely more secure than iOS - if I'm savvy enough. I'll make sure that I have the latest OS, either by buying a Nexus or by installing a custom ROM and making sure that I never install apps with questionable permissions or from a non reputable source. And I personally can (and do) do that. But my wife doesn't. My sister doesn't and my brother doesn't. And they shouldn't have to.