Follow Slashdot stories on Twitter

 



Forgot your password?
typodupeerror
×
Android Iphone Google IOS Operating Systems Privacy Security Software Hardware Technology

Google Security Engineer Claims Android Is Now As Secure As the iPhone (vice.com) 173

An anonymous reader quotes a report from Motherboard: It's a common assumption among tech geeks, and even cybersecurity experts, that if you are really paranoid, you should probably use an iPhone, and not Android. But the man responsible for securing the more than one billion Android users on the planet vehemently disagrees -- but of course he would. "For almost all threat models," Adrian Ludwig, the director of security at Android, referring to the level of security needed by most people, "they are nearly identical in terms of their platform-level capabilities." In a short interview after a talk at a security conference in Manhattan on Tuesday the talk, Ludwig said that, "for sure," there's no doubt that a Google Pixel and an iPhone are pretty much equal when it comes to security. Android, he added, will soon be better though. "In the long term, the open ecosystem of Android is going to put it in a much better place," he said, without mentioning that Android has already been around for more than eight years at this point. During his talk at the O'Reilly Security Conference Ludwig said that Android's built-in security product called "Safety Net" scans 400 million devices per day and checks a stunning 6 billions apps per day. The result of these security checks, coupled with the exploit mitigation measures baked into Android, mean that a really small number of Android devices has malware or, as Google calls it, "Potentially Harmful Applications" or PHAs, according to Ludwig. In fact, Ludwig said showing a graph, less than 1% of Android smartphone contain malware.
This discussion has been archived. No new comments can be posted.

Google Security Engineer Claims Android Is Now As Secure As the iPhone

Comments Filter:
  • I just came here to see some heads explode.
    • Re:Exploding heads (Score:5, Insightful)

      by TheGratefulNet ( 143330 ) on Tuesday November 01, 2016 @09:14PM (#53196335)

      its a lie.

      androids are mostly abandoned by vendors. no updates.

      total BS. until they fix that, android as a whole will continue to suck.

      • by night ( 28448 )

        Note they carefully slide from android into pixel vs iphone discussions.

      • Re:Exploding heads (Score:5, Informative)

        by mlts ( 1038732 ) on Wednesday November 02, 2016 @12:02AM (#53196883)

        If vendors either keep their devices updated for at least 4-5 years, or at the minimum, offer a method of unlocking the bootloader so the people at Cyanogenmod or other ROM shops can put a well maintained install on the device, then I'd be inclined to believe this. However, other than Nexus phones, and possibly HTC devices [1], usually the fact that the bootloader is locked makes the device only patchable by the device maker or the cellular carrier, whichever is worse.

        I would say that a Nexus or a Pixel phone is probably as close to ideal as one can get. Here, Android can be argued to be as secure as iOS. Perhaps more secure with xPrivacy because an app that requests every permission under the sun can be granted it... and still be kept well away from sensitive stuff.

        [1]: HTC is OK... at least one can unlock the bootloader then run Sunshine to S-Off the device. Better than other makers which blow e-Fuses for just rooting the device.

        • by jaseuk ( 217780 )

          Android changed this year. SafetyNet does make the android eco-system more secure. However, it does not make an individual phone any more secure for the end-user.

          SafetyNet is a bit like tripwire. It does a verification of running root-level processes and sends a signed device checksum off to Google. If your device is rooted / has malware / etc. then it won't pass this check. There are no indicators to the end-user that something bad has happened to their phone except that any apps that use SafetyNet wi

          • by AmiMoJo ( 196126 )

            Play store works fine on my rooted device. Android Pay doesn't though. The responses to reviews of the app from root users claim they are working on a fix.

            SafetyNet is only there to reassure apps that the device is secure. Before it was available apps had to do their own thing so compatibility for things like banking apps was spotty.

          • by ZiakII ( 829432 )
            What? I have my phone rooted and all the above just works. The only exception is I get this scary message [imgur.com] booting up my phone.
      • My feelings exactly. While it's possible to, in theory, put together a combination of hardware and software that's somewhat secure for Android (nowhere near what Apple's custom engineering have managed), you're usually getting an unsupported, unpatched vendor-specific hack of last year's version on the cheapest hardware they can assemble.

        With Apple you're getting supported, updated software on hardware where they've made a good effort to make it secure. And I'm saying that as a long-term Android user (sig

      • by gweihir ( 88907 )

        And that is exactly the problem. The human race is at this time not able to produce secure complex software in one step. It is a long, incremental process, and at each new discovery it becomes a race between the attackers and the defenders and in the typical case, that process is not finished when the hardware is decommissioned. Without timely updates (and that means next day for a published vulnerability, and not too much longer for others), the outcome of that race is already determined in advance. These

      • Funny, got an update just last week via my carrier. Don't know how long it took them to decide to push the update out, but to simply flat claim they are abandoned with no updates is patently false.
      • I got a security update for my 3 year old 2 generation behind phone yesterday. I think I'll be okay.

      • Let's pick on Android's media player. Previous commentary [slashdot.org] from Jean-Baptiste Kempf, VideoLAN President and Lead VLC Developer:

        Don't start me on Stagefright and Mediaserver, I could rant for 2 or 3 hours non-stop! Seriously, the code over there is crap, and has insane concepts, like aborting the whole mediaserver (and all related media decoding of all other applications running at the same time), when it parses a file with attributes it does not know, instead of skipping the file. We discovered some issues i

    • by Anonymous Coward

      Don't hold the Note 7 so close to your head.

      • by Yvan256 ( 722131 )

        Really, bro? (mind blown)

      • by Ol Olsoc ( 1175323 ) on Tuesday November 01, 2016 @11:16PM (#53196745)

        Don't hold the Note 7 so close to your head.

        With apologies to Johnny Cash, I present Phone of Fire:

        My phone is a burnin' thing

        And its tone is a fiery ring

        Lured by the size and power

        I bought a phone of fire

        My phone turned into a burnin' ring of fire

        burned my car up

        As the flames went higher

        And it burns, burns, burns

        The phone of fire, the phone of fire

        A smartphone is really sweet

        With no data cap, for it to meet

        I fell for it like a child

        Oh, but the fire it went wild

        My phone turned into a burnin' ring of fire

        burned my car up

        As the flames went higher

        And it burns, burns, burns

        The phone of fire, the phone of fire

    • by goombah99 ( 560566 ) on Tuesday November 01, 2016 @10:14PM (#53196575)

      Security is always a moving target. While it's possible your leading edge phone is as secure as the leading iphone, what matters to security is how many people are running an older OS. Androids are always going to be running non-updatable OS just because of the bussiness model. So in terms of numbers of exploitable phones, swaths of the andorid ecosystem will be less secure than Apple ecosystem.

      • Security is always a moving target. While it's possible your leading edge phone is as secure as the leading iphone, what matters to security is how many people are running an older OS. Androids are always going to be running non-updatable OS just because of the bussiness model. So in terms of numbers of exploitable phones, swaths of the andorid ecosystem will be less secure than Apple ecosystem.

        The thing is that the overwhelming majority of iOS users is usually at the latest OS version after a while and most of the rest are at the second oldest, after that the usage percentage drops off a cliff:
        https://david-smith.org/iosver... [david-smith.org]
        For Android users the picture is different, only about a third of users is at the latest version with the rest being at older versions:
        http://www.droid-life.com/tag/... [droid-life.com]
        This is to be expected since Android is open source, it gets used by a whole slew of manufacturers an

    • Either way, you're only as secure as the weakest link, and with both iOS and Android, the hardware continues to be a weak link. The Pixel may be as secure as the iPhone (and I have no reason to doubt that claim), but it's a drop in the bucket. What about the rest of the Andeoid market?

      Even iPhones from a few years ago (e.g. iPhone 5c) that support the latest version of iOS are less secure than more recent models simply because they lack key hardware features (e.g. Secure Enclave). How much more true is that

    • Android *is* a secure OS if you are a lucky Nexus 5X owner like, because the Nexus 5X gets monthly security updates as soon as they are released. For all the other folks out there running unpatched phones with well-documented vulnerabilities, not so much. For the billionth time: Google doesn't care about non-Nexus Androids and consider devices to have a usable life span of 3 years.
  • by SJ ( 13711 ) on Tuesday November 01, 2016 @09:10PM (#53196325)

    when Google defends a lawsuit to open up a phone due to -reasons-.

    • by fluffernutter ( 1411889 ) on Tuesday November 01, 2016 @09:13PM (#53196331)
      Android users are too busy getting stuff done to be out committing crimes.
    • Re: (Score:1, Insightful)

      by Anonymous Coward

      You do know that prior to the lawsuit, Apple was doing everything they could to help the FBI open that phone, including giving them a complete copy of all the information they had on their cloud servers?

      It was only when it became clear that they might have to write (gasp) new software that actually worked that they decided not to continue, and that's what caused the lawsuit.

      And then it became moot when the FBI was able to break into the phone without Apple's help anyway.

      So, uh, yeah. Good luck keeping your

      • You do know that Apple was doing everything REQUIRED BY LAW to help, but in the end were unable to because Apple also designed the systems so even they could not get at data that the user did not want them to?

        So, um, yeah. Believe what you like but in real life data you choose to keep on your phone stays private - if you have an iPhone.

        Androids of course are rooted all the time so police can get anything they like from them easily.

        • by Anonymous Coward

          but in the end were unable to because Apple also designed the systems so even they could not get at data that the user did not want them to?

          Pretty much every security expert agrees that Apple COULD have gotten into that iPhone, had they wanted to. They refused because it would have involved them writing software, and as I'm sure anyone who's used any Apple software recently knows, they kind of suck at it.

          There was no technical reason they couldn't and they already demonstrated that as far as they were concerned they had no ethical concerns about handing private data to the government: the only reason they refused was due to typical Apple arroga

          • Pretty much every security expert agrees that Apple COULD have gotten into that iPhone, had they wanted to.

            In fact pretty much no security expert says that, including myself. Stop being an idiot... but then you are AC, so I guess THAT'S hopeless.

        • by AmiMoJo ( 196126 )

          Androids of course are rooted all the time so police can get anything they like from them easily.

          No, it doesn't work like that.

          Android supports full device encryption, and it is the default on newer devices. Similarly to the iPhone, if the device is encrypted you can't root it or access the user's data without the password. Android supports long alphanumeric passwords. It supports secure storage for the encryption key, just like the iPhone.

          If you do have the password, because you are the legitimate owner, you can root the device and improve your security even further. Custom hosts file, AdBlock on mobi

    • Even if they did, it'd be all but meaningless. It really doesn't how good the security is on vanilla Android, running on Google-designed hardware, and unmolested by custom carrier garbage; when those are a tiny fraction of Android phones. Maybe Google will defend the integrity of the Pixel the same way Apple defended the iPhone. But last I heard, the largest seller by far of Android handsets was still Samsung: Crap hardware, with their own crap modifications to the Android software, plus even more crap

      • the largest seller by far of Android handsets was still Samsung: Crap hardware, with their own crap modifications to the Android software, plus even more crap added by the carriers.

        Oh come on, they're great value if you're stuck in Liberty City for a few days armed with nothing more than a satchel full of Note 7s.

  • by billrp ( 1530055 ) on Tuesday November 01, 2016 @09:20PM (#53196361)
    "We're as good as the other guy"
  • is a mighty low bar.
  • by ljw1004 ( 764174 ) on Tuesday November 01, 2016 @09:21PM (#53196365)

    "Less than 1% of Android phones have malware". Less than 140 million Android phones have malware.

    • by Anonymous Coward

      You think there's 14 billion Android phones out there?

      • Technically, all he's saying is that's not more than 14 billion Android devices....

    • I don't get it. There's 10 billion Android phones?
  • wrong. (Score:5, Insightful)

    by Gravis Zero ( 934156 ) on Tuesday November 01, 2016 @09:24PM (#53196381)

    if you are really paranoid, you should probably use an iPhone, and not Android

    wrong! if you are really paranoid, you shouldn't carry around something that could easily be described as the most sophisticated surveillance device that man has ever created.

    • by gweihir ( 88907 )

      Or have one with a removable battery and remove it on certain occasion and random other times. Anybody trusting their phone has a problem with perceiving reality.

      • You don't need a removable battery. All you need is a mylar bag. That works with any kind of phone, especially since they come in pretty much any size you can imagine up to big enough for a car. (Well, that's more than a mylar bag. But you can get a foil bag for a whole car, that you drive into. It's for long-term storage and includes dessication.)

        • by gweihir ( 88907 )

          That is at best very risky and at worst a total fail. These bags do not offer good EM-shielding, as shielding linearly depends on the thickness of the metal and type of metal. Aluminum is not very good.

          Even if that seems to shield your phone, it could still pump out more RF from time to time to get a ping though and receive a (bad, but good enough) signal for cell-tower triangulation and can detect the strength of other RF signals, and, one thing you completely forget, it can still record sound, acceleratio

  • by Anonymous Coward on Tuesday November 01, 2016 @09:27PM (#53196389)

    Eh, it's not so much that Android is great, but that security is very, very hard. The iPhone has had some very serious exploits in the last 18 months, same as Android. But Android's update model leaves many in the dust and unpatched.

    My work has de-authed iPhones from their work network until updates were applied multiple times this year. It's a serious concern. I can only imagine how long we would be de-authed for a 3-year old Android phone waiting for a security patch.

    I have an Android (Nexus) personal phone and a work iPhone, and based upon critical advisories of active exploits I would say that they are roughly the same. But my 3+ year old iPhone is still getting security updates pretty regularly. I went to Nexus for that feature, but still only get them for 2-3 years max.

  • by Gumbercules!! ( 1158841 ) on Tuesday November 01, 2016 @09:27PM (#53196391)
    Speaking as a long time Android fan who recently switched to iOS because work provided me an iPhone 7, this is only true if you actually get updates. And the vast majority of Android users, do not. So when they get a vulnerability found in their Samsung/HTC/Whatever device - chances are it will never get patched.

    I had a Google Nexus 6P as my previous device (it's still on my desk in fact) and while I loved the device, updates where not as promised. Despite it being a Nexus, I was still beholden to my Telco for updates and they dragged their feet like mad. In fact, when I last turned off the Nexus 6P, the Nougat update was still not available (unless you manually enrol in the beta program, which I did, but then I had all kinds of issues with the Telco's LTE). So even on a damn Nexus, updates are hardly assured.

    I fully realise older iPhones stop getting updates, too - but we're talking about a Nexus 6P here - the thing hasn't even been available for a year in Australia yet and Google and Telstra have already washed their hands of it. I also realise Google may / may not be responsible for the issues with Telstra's LTE on the Nexus 6P - but rest assured, if the iPhone has an issue, Telstra sits up and takes notice. When I first got my Nexus 6P, I spent the first 2 months locked to 3G because LTE wasn't supported at all on. (Source, in case you think I am making this up: https://crowdsupport.telstra.c... [telstra.com.au]).
    • Re: (Score:2, Troll)

      I wouldn't work for a place that screwed me out of a headphone jack.
    • by AmiMoJo ( 196126 )

      All Android devices can get updates via the Play store.

      • What?? They can get updated apps via the playstore - they certainly cannot get OS updates. Google has moved to try to make many of the key components of the Android experience app driven, to help get those updates out there - but if you have a 2015 Samsung and Samsung stopped releasing OS updates, you're out of luck, my friend (unless you can find a community created ROM to manually install and then eternally manually repeat this process).
        • by AmiMoJo ( 196126 )

          Yes, you can get OS updates. Most of the US can be updated that way, it's really just the kernel and drivers that can't be. Due to the way Android works with SELinux that's enough to mitigate any problems we have seen so far. That's why we are not seeing vast Android botnets.

          • Due to the way Android works with SELinux that's enough to mitigate any problems we have seen so far. That's why we are not seeing vast Android botnets.

            False.

            There are already Android botnets, specially in China where US Google Play is not available and local Android stores don't properly check applications for malware.

            Also, in the three past years alone the Linux kernel itself has already seen at least three high profile local vulnerabilities which allow to get root even on fully restricted SeLinux ena

            • by AmiMoJo ( 196126 )

              Google Play is available in China. If a phone doesn't have Play, it's not an Android phone. The rule is that to use the Android branding, it must have Play.

  • by penguinoid ( 724646 ) on Tuesday November 01, 2016 @09:31PM (#53196421) Homepage Journal

    Doesn't the Google stuff on your Android steal your data anyways?

    • by Anonymous Coward on Tuesday November 01, 2016 @09:48PM (#53196489)

      Location sniffing, local Wifi SSIDs sniffing, it assigns a unique ID to each phone used to track for adverts (and the id is still sent even if you opt out of user specific ads). And their new Privacy Policy lets them link all the shit up, since they control large DNS servers, and content delivery networks, analytics, advertising etc. every site you visit it tagged by Google, and given the ID means they can tag it to a phone, to any Google account (e.g. Google Play, and Google Play Credit Card details).

      So yeh.

      Oh and the "do you want to backup" thing, that uploads all your keys to their servers.

      "OK Google" on every device cannot be uninstalled.

      And that's even before you get to Microsoft's "Office" bundle installed on several phones, that does a shit load of surveillance stuff, and AT&T's compulsary spyware.

      Being secure, I don't think that means what they think it means.

      • by AmiMoJo ( 196126 )

        Location sniffing, local Wifi SSIDs sniffing

        Location services -> off

        every site you visit it tagged by Google

        Gonna need to see some evidence of that.

        "OK Google" on every device cannot be uninstalled.

        It's part of the Google Launcher (or Pixel Launcher on Pixel phones). It can be uninstalled or disabled easily, just install a different launcher and go into Settings -> Apps -> Google Launcher -> Disable. You can disable other Google services there too, or just install a ROM that doesn't even have them by default.

        • Location sniffing, local Wifi SSIDs sniffing

          Location services -> off

          I was under the impression that Google changed the way that location tracking worked so that all location data comes through the Play APIs and you have to enable location services to use Play. I could be very wrong about this, though. I have an old Nexus 4 that I use for my OBD-II reader but I haven't used an Android device in years.

          • by AmiMoJo ( 196126 )

            There are three settings:

            Off
            On, GPS only
            On, also uses wifi and cell networks by querying Google's database

            The third one obviously sends some data to Google.

            • There are three settings:

              Off On, GPS only On, also uses wifi and cell networks by querying Google's database

              The third one obviously sends some data to Google.

              Yeah but look at the API docs [android.com]. I am pretty sure they moved the location services inside of the Google Play APIs making it impossible to get location services without Play. In fact, I just looked it up and verified that. You literally cannot use location services now without it submitting the data to Google.

    • No. It steals information. Ignoring the difference doesn't help the argument.

  • Google Security Engineer Claims Android Is Now As Secure As the iPhone

    And, by implication if it is now as secure as the iPhone, then until recently it wasn't?

  • by Mal-2 ( 675116 ) on Tuesday November 01, 2016 @09:47PM (#53196479) Homepage Journal

    Until all the Android phones still in the wild (regardless of age) get patched for the Dirty COW vulnerability, how can anyone reasonably say they're "as secure as" anything other than Goatse guy's rectum?

  • by Anonymous Coward

    Sounds like the best way to start improving Android security will be to pick a new director of security.

  • Two of its biggest and most patriotic brands can now collect it all.
    NSA Can Access More Phone Data Than Ever (Oct 20, 2016)
    http://abcnews.go.com/US/nsa-p... [go.com]
    "...the percentage of available records has shot up from 30 percent to virtually 100. Rather than one internal, incomplete database, the NSA can now query any of several complete ones."
  • by sethstorm ( 512897 ) on Tuesday November 01, 2016 @10:10PM (#53196569) Homepage

    Android's built-in obsolescence enforcement product called "Safety Net"

    Safety Net is simply a part of the Obsolescence Enforcement Suite, which automatically makes devices incompatible, even if a certain platform would work with third-party ROMs or lets the user have their way. Your device can literally be told to "stop working" with it.

    In the long term, the open ecosystem of Android is going to put it in a much better place

    With SafetyNet, it's not open.

  • by Anonymous Coward

    Security engineer at Google love to ignore the full life cycle of a phone.

    My mom got an iPhone 5 in December of 2012 and it still can be updated to the latest iOS 10. If she had gotten a Nexus 4 offered by Google at the same time, the latest version of Android that Google would officially offer her is Android v5 (Lollipop). Is Adrian Ludwig willing to make a claim that an up to date Nexus 4 is more secure than an up to date iPhone 5?

    When claiming a Pixel will be just as secure as an iPhone, the engineer s

    • My mom got an iPhone 5 in December of 2012 and it still can be updated to the latest iOS 10. If she had gotten a Nexus 4 offered by Google at the same time, the latest version of Android that Google would officially offer her is Android v5 (Lollipop).

      That's not necessarily bad for Android. A more mature codebase receiving security updates isn't necessarily worse than a newer codebase. The problem is not that it's only running Android 5, it's that it's running Android 5 and not getting updates for known vulnerabilities. Remember the thing a year ago when Google said that they couldn't do security back ports, because they don't track which things fix security holes in their revision control system? Not exactly a company I'd place trust in.

  • Jerry Sandusky says your ten year old son is perfectly safe around him.

    Seriously, Thanks Google, but we've been told that Android phones don't have asecurity problem in the first place, so how can they be as safe as iPhones now if they never had a problem?

  • As long as it's off it's as secure as an iPhone. Once you turn it on, though, all bets are off.

    • by arth1 ( 260657 )

      Unless you have a phone with a detachable battery, how do you even know it's really off?

      It gets worse. Ever had your Android phone self-reset? They allow that, unfortunately. Well, how is the user with an encrypted phone to know whether it's a real self-reset or a simulated reset to capture your password?

  • Bullshit... (Score:5, Insightful)

    by XSportSeeker ( 4641865 ) on Tuesday November 01, 2016 @11:05PM (#53196725)

    There a whole mix of stuff being talked about there, and one is not equal the other.

    For instance, Google Pixel cannot be generalized to the overall Android experience, not by far. It's probably not even the 0.0001% of Android devices.
    The reality of Android as a whole is that it's extremely fragmented, and the absolute majority of it is not on Nougat, let alone being the same as Google Pixel.

    As device encryption remains an optional step for most of these devices, most of them are not using it, so threat models be damned.
    Not to mention how the vast majority of Android devices uses all sorts of custom versions coming from all sorts of companies in all possible states of vulnerabilities and expected update dates. Even Windows is better than that. Android pretty much represents one of the worst possible fragmentation scenarios.

    You have all sorts of cheap generic tablets that I'm almost certain comes from factory with included malware, vulnerabilities, rootkits and backdoors installed. This is serious. I tested a cheap generic tablet just a few months ago (Multilaser was the brand on top of it if I'm not mistaken, but you can find the exact same tablet with several other brand names) that had very suspicious stuff pre-installed. It was impossible to uninstall it, so I rooted the damn thing to do it. And then the device factory reseted itself when I managed to remove the offending apps, everytime.

    In general, there's still far more chances of you finding an Android phone/tablet that is either completely open or easy to crack because it has an outdated system or has not been properly locked by it's owner, in comparison with iPhone in general.

    And sure, Android has the advantage of being an open os versus the extremely closed iOS - the standard defense for open source software which I do understand. But hoping that this will somehow count as a huge security advantage for the future of Android is quite frankly naive and kinda stupid in itself, specially for cases like Android vs iOS.

    The open nature of Android might allow for better scrutiny of it in some stances, but much more, it allows for all sorts of shady companies to make their own Android versions however they feel like doing it... and as more shady businesses adopt that strategy to spy and take advantage of less knowledgeable costumers, the more difficult it gets for a conscious community to take note of it.

    As long as Apple keeps getting as much money as they do from regular users to the loyal fanbase, they can just spend that much more money to close security holes and whatnot. One company developing both software and hardware while keeping a stance on security and privacy also makes it much more reliable. Things would have to change quite drastically for Android to ever be as secure and private as iOS. It's just the reality of it.

    You only have to think about it a bit more. Apple will always be able to push updates faster, they will always be able to implement security functions for most of their userbase in a timely manner (excluding those with devices that are too old), they are always better able to convince more users to buy their latest devices. Community wise, you will always have more reach... if one knowledgeable costumers finds a security hole, it'll affect almost the entire userbase, so it just makes far more sense for Apple to fix it.
    In grand scheme of security and privacy stuff, again for this particular case, the open source argument is minor in comparison to the whole.

    And I'm talking all this while being an Android user, not wanting to touch an iPhone with a 10 foot pole. It is what it is.
    See, this doesn't mean that I'm switching to iOS anytime soon. But to say Android as a whole is anywhere near as secure as iPhones is just delusional.

  • In order to use just about any Android app, you have to give it permission to root around in all your personal information, the personal information of all your friends and relatives, your tax records, your religion, whether your teenage kids are virgins and what brand of cat food the old lady down the street has to have for breakfast because the drug company just doubled the price of her meds.

    Google just doesn't want anybody else getting hold of all that lovely data.

  • I declare my self as wealthy as Google (but it ain't true). I found it telling that when I went to a panel of security researchers (including Bruce Schneier among others), every single one of them used an iPhone. Someone in the audience asked why, and as a group they answered that 1) iPhones get updates, and 2) Apple at least attempts to make customer-friendly security designs. Android might be hypothetically more secure in restricted situations, but since only a tiny handful of Android phones will ever hav
    • There might be a super-duper secure, non-spyware version of Windows floating around in a Microsoft lab, but if no one gets to use it, it doesn't count.

      I think there is a supersecure version of Windows, but reserved for government use. Although I think it's the same actual version of Windows with optional processes deactivated.

  • I use an iPhone, because 1) having used both OSes I prefer iOS to Android; and 2) I prefer to opt out of being part of Google's business model as much as is practical. But I'm aware others can legitimately hold opposite opinions.

    In any case, the bottom line is - it seems pretty obvious that the race to ever-more-secure phones benefits all of us, no matter what platform we choose.

  • ... that their new movie is as good as "Manos Hands of Fate", or speaking English as good as "Günther Ã-ttinger".

    Seriously, _all_ mobile operating systems are shit when it comes to security. Android has the theoretical advantage that you can root it and hypothetically install iptables. That's not a lot, but it can help you to make sure your device only tries to talk to your server and not other servers.

  • Safety net DOWNLOADS AND RUNS CODE.

    https://koz.io/inside-safetyne... [koz.io]

    Yea, it can catch those viruses. You know what's better than downloading and executing remote code to catch your malware? NOT HAVING A FUCKING VIRUS IN THE FIRST PLACE!

    It's already been used to shut down many applications on rooted phones. Effectively, rooting your phone is a lot like jailbreaking now, and will become moreso soon- technically allowed, but you are in a little ghetto for doing it.

    This is only security by certain definition

  • In a short interview after a talk at a security conference in Manhattan on Tuesday the talk, Ludwig said that, "for sure," there's no doubt that a Google Pixel and an iPhone are pretty much equal when it comes to security.

    Maybe right now, but give it two years and then let's check back in on that claim...

  • by Artem S. Tashkinov ( 764309 ) on Wednesday November 02, 2016 @03:05AM (#53197189) Homepage

    Aside from the fact that millions of Android apps contain native code which is very hard to find malware in and now we have a wonderful Dirty Cow vulnerability [arstechnica.com] which affects almost 100% of Android devices, which means a new update or install from Google Play will automatically p0wn your device for good and will probably install an undetectable/unerasable rootkit.

    I'd love to think that Android is secure but Google chose to use the Linux kernel which doesn't fare that well vs. microkernels like QNX. Call me crazy but I believe the QNX kernel would have been a much better choice for Android.

    • by gweihir ( 88907 )

      The only reason Dirty Cow is a problem for Android is that Android update sucks badly. Until update is fixed, the platform must be regarded as highly problematic.

  • 9.5-ish or so, but makes for a more dramatic headline.

    Google is doing it's best to piss off it's android partners lately, which can't be good for the long-term viability. Yeah, they all deserve to be slapped for the half-assed job they do supporting their phones, but Google knew that full well going in.

  • What's the sense or use of making such an assertion when most of the Android phone OEMs do not appear to update their phones to incorporate the improvements.
  • Android will never be as secure as iPhone for one simple reason, namely that Android does not have a bureau certifying and censoring all apps. And that's exactly the reason why Android is and always will be infinitely better than iPhone.

  • In my calendar it is still November...

To stay youthful, stay useful.

Working...