I mean seriously people, why is this surprising? Everytime I mention that Android is the most hacked platform out there right now, Android users get this confused look and then start going off about Apple. Android has a serious inferiority complex over Apple. But, this is kind of like a slap fight between two drunks. Hilarious to watch, but also kind of sad at the same time.
Android has underwent massive market growth. That fact alone explains their problem. Any product that undergoes such a rapid market adoption is going to push security off to later. That’s just plain old economics there. Android wanted to beat Apple in a bad way. And the only way they could do that is make consumption of their products as painless as possible. So they rushed to build App Stores with anybody who had any kind of distribution channel. And if people put apps up with malware – eh…so what.
Greed makes speed. If Gordon Gekko didn’t say that, then I am sure somebody equally as morally unencumbered did. When the sharks smell blood, they aren’t going to stop and take a moment to sit around and think about the most secure way to get to the blood. When Android smelled market share, like hell it was going to let security or privacy get in the way.
So, now the blow back is happening and Android is in the crosshairs. But, with 18 zillion different Android variants out there now, security is not going to be easy. See, Apple can push a button at the global Apple control room and bad stuff goes away. They have supreme control over their channel. Say what you will about the tenants of Apple Computing and their Orwellian market control, at least its an ethos. Android on the other hand outsourced their apps distribution and has next to no control over anything. Oh sure, they can tell Amazon and others to get rid of apps. But that doesn’t stop people from getting nasty stuff elsewhere.
Of course, now we have the frothy “I can take over your Android at any moment” hack that just was announced. Read about it here. I’ll give this one a wee more credit, since it came from a more respectable outfit. It also exploits a pretty well know vulnerability, which has under gone peer review. Moreover the source took the time to detail their work. That adds up to some good research. Which is more than I can say from some companies, who use suspect “research” as merely a marketing and sales tool.
Okay, so does this mean you should get rid of your Android and get an iPhone? Meh. But don’t fool yourself. If your executives demand the latest shiny slab of touchscreen so they can watch football on the bus, then you have a security problem. Take the time to evaluate your risks and situation. I wrote a great framework for this. Go download it: http://www.anitian.com/papers.html and download Angry Birds Management (sorry Rovio).
As for Apple, seriously, why can’t you encrypt the device? I mean come on. Its 2012 for Pete’s sake. Encryption should be on everything.
I, of course, still carry a Blackberry. Which makes me about as cool as one of those creepy guys who collects Brady Bunch memorbilia.
But, its encrypted, and secure. And…hey, where is my phone anyway?
Anitian – Intelligent Information Security. For more information please visit www.anitian.com