AH Virus Malware Piracy Skull Death Samsung logo 1.1

“Android is Insecure” is Insecure and Untrue

June 7, 2014 - Written By Phil Bourget

Many if not all of us have heard the argument against Android saying that Android insecure, and malware-prone, easier to get infected while using, and won’t be a safe experience (for both your data and the integrity of your device’s software).  But where does it come from, why does it continue, and is there a way to iron out the wrinkles in both the argument and the truth?  Maybe.

First, let us begin with the obvious: the origin of the argument against the security of Android.  I’d like to say initially that no operating system (mobile or desktop) is completely invulnerable to viruses and other types of malware/malicious programs.  Android, however has been picked out in comparison to iOS, just as Windows was to Mac OS, for comparing statistics, with both of the two being the largest and majority members of any statistics that would be recorded or collected anyway.  The android ecosystem, as its users know, is very open and, with enough knowledge and system permission, easy to change.  iOS, however is not, because that is the way it was built and intended to be.  Android was started from open-source (anyone could see it and make changes to it on their own) and left mostly open, which is both allowing users to customize and ‘master’ their system(s), but as with all freedom, there are abusers.  The abusers of openness (or vulnerabilities in general) do so because of personal gain, or for the simple disadvantage of those affected (like in remotely ‘killing’ a device for no reason other than to make it inoperable).  The iOS community, since users are unable to install apps (easily) from outside the App Store, is less prone to installing a dangerous app or program/modification.  The ability to fake a real app to disguise a malicious program is useful for Android attacks because some people just trust and install it, without doing much other research or investigation.  And since Android is more open, to hackers and users alike, hackers write more programs for that system because of the likelihood of infection compared to iOS (or Windows Phone OS, which is also very closed down like iOS, but not as major in statistics).

Next, let us review the argument and why (and how) it still exists, and isn’t entirely (or even partly, if you’re confident enough) accurate in its callings-out.  Android has, globally, more devices currently active than iOS, Windows Phone OS, or any of the more minor operating systems today, so the availability of access is greater with Android than iOS or Windows Phone OS.  And people will continue writing programs, good or bad, for devices, some utilizing the vulnerabilities to allow extra functionality, or misusing them to steal data and personal information, and sometimes even control (as with recent hack-ins on iPhones and iPads, for a ‘ransom’).  The argument persists, with basis of sorts, in that people do report online that there are still cases of infected Android devices, and they persist continually through time, whereas hack-ins of Windows, iOS, Mac OS, etc. are more sporadic and clumped together in time, fixed with software updates as quickly as a company is willing/capable to do.  Android still will be infected and targeted for cyber attacks as long as vulnerabilities exist, and it will be prioritized among hackers for as long as there are more Android than iOS or any other mobile OS in active circulation (being used, rather than just in existence).

The reason it still exists as a point of interest (or hatred, depending on your stances) for mobile users is because the same and same type of mistake(s) is/are being made in considering statistics.  Now, if you watched Tim Cook present at WWDC on June 2, then you may have seen him bring up the install /adoption of the latest versions of both iOS and Android (iOS 7 and Kit Kat, Android 4.4, respectively), with iOS 7 holding 89% adoption while Kit Kat has only 9%.  The data comes from the number of devices in usage, and the software version, obviously.  Want some numbers for reference?  As of June 2013, Apple reported having sold 600 million iOS devices since the original iPhone launched in 2007, while Google announced, the month before, that there were 900 million Android devices activated to date.  Math time! 89% of 600 million is 534 million, and 9% of 900 million is 81 million.  Also consider that Apple continues to support hardware for many years after its initial launch, while Google often disregards direct support for Android devices after 18 months.  Physically more of Apple’s devices from the past sales have access to the latest software, while physically fewer Android devices had access to Kit Kat.  Also, consider how Apple regulates the hardware, software, and software updates.  Google makes the original ‘vanilla’ Android that comes on Nexus devices, and gives the code to the manufacturers that send software to devices (or carriers, then to devices, depending on device and region), leaving it up to not Google, but literally everyone except Google to update your device to Kit Kat.  What does this mean?  Apple is directly to thank for keeping so many devices updated, while Google is not solely to blame in having outdated and therefore less secure software.  It also means that Android has a larger face showing to attack online (for hackers, specifically) while Apple shuts the doors in the faces of most cyber attacks.  And why does Android have the most malware available for it/to attack it? Because there are more devices running it globally.

Hopefully, none of this was particularly offensive to anyone who is a die-hard Android, iOS/Apple, Windows, or whichever, fanboy/fangirl/fanatic because this was meant only to help straighten out some kinks in the hose from statistic collection and the ears and eyes of those shown and hearing the statistics.  Hopefully, this leaves you more informed, and more aware of the security and closed nature of Apple’s software, and the openness of Google’s, and that that is the reason for the ‘insecurity’.  Remember, ‘open’ doesn’t mean ‘at risk’, and ‘closed’ doesn’t mean ‘protected’.