Google Android chief Sundar Pichai says Android not designed to be safe

Update: A Google representative subsequently reached out to me and provided a full transcript of Pichai’s answer that frames things in a much different light. Rather than conceding that Android was less secure on account of it being a more open platform, Pichai articulated that the open nature of Android actually works to make the OS more secure.

What Pichai actually said reads in part:

Open platforms historically undergo a lot of scrutiny, but there are a lot of advantages to having an open source platform from a security standpoint. I would argue that it’s the best way for a platform to be secure, because every researcher in the world can inspect it, every developer in the world can inspect it, and I think that contributes a lot to Android security. 

Android was built to be very, very secure. The thing that you’re seeing is because Android is an open platform, many people can ship Android in many different ways and so there are some partners when they ship devices, they have an older version of Android. And sure you can have a security vulnerability there, but that doesn’t mean Android isn’t secure. We go to great lengths–the depth of work in Android to make it secure; the depth of work done by Google Play…Google Play automatically scans and verifies thousands of applications for malware. We track data on this. It’s state of the art in terms of what we do. What you see across the ecosystem…people will ship good phones and keep them updated…you will have some phones that will not be updated. That’s where we see issues. Not Android at a fundamental level.

==

Earlier this week, Google Android chief Sundar Pichai spoke at the Mobile World Congress where he explained, rather bluntly, that Android is designed to be open more than it’s designed to be safe. He also added that if he were a hacker today, he too would focus most of his efforts on Android on account of its market share position.

In response to a question about security on Android, FrAndroid reports that Pichai answered as follows:

We can not guarantee that Android is designed to be safe, the format was designed to give more freedom. When they talk about 90% of malware for Android, they must of course take into account the fact that it is the most used operating system in the world. If I had a company dedicated to malware, I sould also be addressing my attacks on Android.

Pichai, of course, first took over Google’s Android efforts last March, succeeding Android founder Andy Rubin.

While Pichai’s statements are likely to elicit impassioned resopnses from Apple and Android enthusiasts, there are a few things to consider.

First, as the most used operating system in the world, it stands to reason that most malware would target Android. At the same time, what’s really worth delving into is whether or not a disproportionate amount of mobile malware targets Android. To this point, the answer appears to be yes. Android may be the top dog when it comes to marketshare, but iOS is no small fish, itself accounting for nearly 20% of mobile devices.

That said, attributing Android’s malware problem strictly to market share is a cop-out. Truthfully, it’d be nice to see Google take the same security-minded approach with Android that Microsoft took with Windows. In other words, it’d be nice to see Google work tirelessly to get ahead of malware rather than seemingly stating, “Well of course we have malware, we’re popular!”

About one month ago, Cisco released its 2014 Annual Security Report, which found that 99% of mobile malware targets Android devices.

Not all mobile malware is designed to target specific devices, however. Many encounters involve phishing, likejacking, or other social engineering ruses, or forcible redirects to websites other than expected. An analysis of user agents by Cisco TRAC/SIO reveals that Android users, at 71 percent, have the highest encounter rates with all forms of web-delivered malware, followed by Apple iPhone users with 14 percent of all web malware encounters.

Also recall this 2013 report from F-Secure, which singled out Google’s Android platform for being particularly prone to malware. That report also found that malware specifically targeting iOS only accounted for 0.7% of reported malware threats.

Another point worth noting is that Pichai put to bed rumors that Google also put in an offer for WhatsApp. “This information was completely false,” Pichai said. He did, however, say that the two companies did have discussions.

via 9to5Mac