Eric Schmidt declares Android more secure than iOS
Byron Acohido of USA Today reports
Google’s executive chairman Eric Schmidt on Monday drew a bit of derisive laughter from a tech-savvy audience when he pronounced the Android platform more secure than Apple iOS at the Gartner Symposium/ITxpo in Orlando, Fla.
Schmidt sought to disabuse the notion — widely espoused by some in the tech security community — that Google Android is not secure at a time when it has come under heavy attack by the cyberunderground.
Last week, Trend Micro issued a report proffering that one million “malware threats” had been “unleashed” against the Android platform in the first nine months of 2013.
Trend Micro’s tally includes malicious programs that can take control of a mobile device, as well as “high risk” apps that harvest personal information indiscriminately, says J.D. Sherry, Trend’s vice president of technology and solutions.
“App developers ask for the moon and over provision because it’s so easy to do,” Sherry says.
Even so, Schmidt certainly can construct a viable technical argument for Android besting iOS in security robustness.
At the Black Hat cybersecurity conference in Las Vegas this summer, Georgia Tech researchers demonstrated how anyone can pose as an app developer and finagle Apple’s app-approval process to install a malicious application on non jail-broken iOS devices.
And a research group, led by Manuel Egele from Vienna University of Technology in Austria, has published the results of a research project that found more than half of 1,400 iOS applications surreptitiously leaked the unique ID of the device in a way that allows third-parties to create detailed profiles of iPhone and iPad owners.
Meanwhile, a Google researcher named Adrian Ludwig last week submitted a last minute white paper at the Virus Bulletin conference in Berlin purportedly showing how only a very tiny percentage of malicious apps can penetrate the latest, most security-hardened version of Android.
That may be all well and good. But Troy Vennon, director of Juniper Networks’ Mobile Threat Center, points out that only a small percentage of Android devices have the latest, greatest security updates.
In a survey earlier this year, Juniper found that most Android users are using older versions of the operating system that lack the most current security protections.”Almost 70% of Android malware could be made obsolete by upgrading to latest version of Android,” Vennon says.
Yet, according to Google, as of late last week, only 12.1 percent of Android phones have the latest version of the OS. “It’s taking entirely too long for updates to get down to the user base,” Vennon opines.
There’s no question the Android platform certainly is more heavily attacked than iOS, by simple virtue of Google’s open system capturing the largest share of the global smartphone market.
On the other hand, Android also benefits from police work and security technologies contributed by big U.S. carriers, such as AT&T and Verizon, and by giant handset makers, especially Samsung, maker of the popular Galaxy smartphone model.
U.S. Android users, in particular, are significantly less exposed to threats than their counterparts in Russia, Eastern Europe and China where premium SMS text messaging scams run rampant.
Premium texting scams involve tricking victims into downloading a corrupted mobile app that causes an Android handset to begin placing premium text messages that can cost victims as much as $20 per text. U.S. carriers give Americans 60 days to complain about fraudulent phone charges, and put a lot of resources into detecting and blocking suspicious text messages.
“In Russia, there is nothing much you can do when you are a fraud victim, and therefore it is much more profitable to commit fraud,” says Andrew Conway, a researcher at messaging security firm Cloudmark.
Also, most Americans get their Android apps from Google Play, the search giant’s official application store, which Google aggressively polices. In parts of Europe and Asia, Android users are more likely to get their apps from third-party sources, which the open Android platform permits.
Samsung has also given Android a security boost, as well it should. The Korean manufacturing giant offers SAFE, which stands for Samsung for Enterprise – a suite of security solutions for business use of Galaxy smartphones.
Article found here.