Riding off of an article that appeared in FrAndroid, we reported on Thursday morning that Android head Sundar Pichai explained during a talk at the Mobile World Congress that Android was designed to be more open than it was designed to be safe.
In the wake of that article, Google PR was able to reach out to me and provide a full and accurate transcript of what Pichai actually said.
As it turns out, Pichai did not relay that Android was not geared towards security. On the contrary, Pichai in his answer argued that the openess of Android actually works to make Android more secure.
Pichai's response, as provided to me by Google, reads as follows:
Sorry, the premise of the question is because Android is open, it has more security issues? Respectfully, I'm not sure that's a correct premise of the question. Open platforms historically undergo a lot of scrutiny, but there are a lot of advantages to having an open source platform from a security standpoint. I would argue that it's the best way for a platform to be secure, because every researcher in the world can inspect it, every developer in the world can inspect it, and I think that contributes a lot to Android security.Android was built to be very, very secure. The thing that you're seeing is because Android is an open platform, many people can ship Android in many different ways and so there are some partners when they ship devices, they have an older version of Android. And sure you can have a security vulnerability there, but that doesn't mean Android isn't secure. We go to great lengths--the depth of work in Android to make it secure; the depth of work done by Google Play...Google Play automatically scans and verifies thousands of applications for malware. We track data on this. It's state of the art in terms of what we do. What you see across the ecosystem...people will ship good phones and keep them updated...you will have some phones that will not be updated. That's where we see issues. Not Android at a fundamental level.
Subsequently, Pichai was asked about Google's success in keeping security issues on Android at bay. His response reads:
As long as you're on a phone and able to update, Android is very, very secure. It's designed to be very, very secure. I would go as far to say -- open systems are far more secure. We do this on the browser side. Chrome is very secure. The fact that some things are open, by any stretch of the imagination, does not make it any less secure.
It's a clever take on things, to be sure. But what about the slew of previously cited research reports which peg Android as being the top target for mobile malware? To this point, Pichai doesn't deny the numbers, but rather points out that malware authors will of course target the mobile OS with the largest marketshare. Indeed, it's a valid point and works to explain why the Mac has traditionally not been as attractive a target for malware as Windows.
Malware targets where users are. When you say numbers like 90% of malware is targeting Android, you know, I hate to point out that if you're a smart business person running this malware company, that's what you should do. It's the wrong way to look at the lens. Obviously, you will always see more malware targeting Android because Android is used more than any smartphone platform by a pretty substantial difference. I think that drives a lot of it so I understand that part of it. What matters much more is - as a user, if you use Android, are you fundamentally more compromised. We don't think so.