Google’s Android head, Sundar Pichai, on security (original in French):
We cannot guarantee that Android is designed to be safe, the format was designed to give more freedom. When people talk about 90% of malware for Android, they must of course take into account the fact that it is the most popular operating system in the world. If I had a company dedicated to malware, I would also be addressing my attacks on Android.
Malware authors may be writing a lot of malware for Android, but they’re not very good at it – less than 0.001% of all application installations on Android (in and outside of Google Play) penetrate Android’s security.
In other words, this is a complete non-issue – no matter how often antivirus companies and certain bloggers drum it up.
Operating systems won’t be ever 100% secure, as long human interaction is required for sensitive security issues.
Well, once the machines take over, everything will be secure, right?
I find the fact that here you have an Indian working for an American company and speaking in French more interesting than malware for Android.
It’s just a french website reporting on the conference, but I doubt he really did speak French there.
It’s taking place in Barcelona (Spain) BTW.
Edited 2014-02-28 01:59 UTC
It sounds racist.
Only if you are white. I’m not.
There is also self-deprecating racism, if you’re Indian.
If you’re not, then it’s just racism.
It’s perfectly possible for non-whites to be racist. Not saying your post was but not being white doesn’t mean you couldn’t be racist.
It says that there have been about 1.5 billion installs, and that 0.001% were successful in breaching Android’s defences.
That means about 15,000 android malware installs were successful.
I accept that this means your chance of being infected is, on the face of it, about 1 in 1.5 million. But, you would imagine that malware writers do everything in their power to make their craplets as enticing as they can, which probably increases the chance that you’ll install it.
Compare this with iOS, which has had 2 successful malware app uploads ever (both to great fanfare).
And a gaping security hole exploited by the NSA (and maybe others) within a month of its appearance (or introduction).
http://daringfireball.net/2014/02/apple_prism
Also, there are always trade-offs. Apps in iOS are completely siloed; apps in Android can share data. You can’t fully secure that functionality. Anybody can design a system even safer than iOS: silo the apps, virtualize one OS instance per app, use non-rewritable ROM, reboot every five minutes. It would just be a pain in the *** to work with.
This is not something I just invented: some ideas are already implemented in Qubes.
http://www.osnews.com/story/23403/Qubes_To_Implement_Disposable_Vir…
Us Windows users have been making this argument for about a decade and a half, after hacking Windows became a professional sport. And we were constantly being told that this is bullshit, because there are more Linux servers out in the wild that don’t get hacked as much. As if you’re average tech tard opening any file that promised him naked pics of Angelina Jolie was equivalent to a typical Linux admin
In Android’s case, I have to wonder how many security issues result from people side loading, vs stuff they get in the app store. I’ve only heard of one real-world case of someone getting infected from an app store install, and in that case (someone on this site), he’d given the phone to his kid, who actually did the installing.
WorknMan,
“In Android’s case, I have to wonder how many security issues result from people side loading, vs stuff they get in the app store.”
Yeah I’d expect it to make a difference.
Another factor is whether the malware is actually exploiting vulnerabilities to defeat OS security, or if it’s a merely a case of a malicious application taking advantage of access some users _explicitly_ granted it. It’s technically human error rather than an OS vulnerability if the app is doing what the user allowed.
I will say Google had bad (nah, terrible) judgement in not allowing android users to pick and choose which permissions to grant to an application. The all-or-nothing approach is bad for security since it coerces users to permit more than they otherwise would want to just to run a program. My guess is that google decided to do it this way to prevent users from blocking permissions on google’s apps.
Either that, or else apps may not work the way users expected them to. Like they might deny a game network access, not realizing that this would prevent the game from displaying/updating leaderboards. Even some permissions I had questions about and would have probably blocked actually made sense once I read an explanation from the developers.
WorknMan,
Well, IMHO it was a poor decision right from the get-go when there was no precedent for apps to assume functionality without checking for it. The fact that today’s applications can break when access is revoked is invariably a result of google’s policy rather than an inherent problem with a fine grained security model. Maybe the damage is done for old apps, but many of us would still like it to be fixed moving forward and the fact that cyanogenmod offers their own solutions seems to point the finger at bureaucratic rather than technical barriers.
In this particular case blocking network access shouldn’t be much different from being on a device that has no network access (ie airplane mode). So if an application intended to run locally doesn’t handle that case then it really is a bug with the application.
I suspect the bigger threat in terms of “malware” is when applications are granted access to the user’s private data. Giving users the ability to turn on or off data access to an application is just common sense.
Edited 2014-02-28 14:30 UTC
We’re not necessarily talking about apps ‘breaking’, so much as not working the way the user expected them to. The network access thing I brought up was just an example. As a developer, the last thing I’d want is a user leaving a 1 star review because the dumbass disabled a permission that the app needed to run properly.
I sort of agree with you, but feel like this sort of thing should be hidden from tech tards, but still available for more tech literate users to find who know what they’re doing. Kind of like tapping on the build number seven times to get to the developer options …
WorknMan,
Most just leave things at their defaults without overriding them, which is fine by me as long as we can override them easily.
Please don’t hide it! Haha. I think it should be there for anyone who’s looking for it, maybe under a security submenu.
To address your concern where the naive user breaks the app, maybe android could notify and/or prompt when an operation is blocked. This would have benefits for both sides of the argument:
A) It would catch most malware by triggering alarm bells the moment it tries to access contacts/files/messages/SMS/etc. This is better than silently blocking an operation because it tells the user that the app is up to something.
B) It would provide a clear indication to users why legitimate software isn’t working and offer the ability to re-grant the permission. This is better than silently breaking the app.
It’s conceptually similar to UAC on windows. The problem with UAC, at least on my win7 laptop, is that certain things I do frequently triggers it EVERY SINGLE TIME and there’s no option to “allow always”, which became so annoying I was forced to turn it off completely. An android implementation ought to be much better because:
A) it would only show up for users who’ve overridden the defaults
B) the user could remove the block once and never be bothered by it for the app again.
Edited 2014-03-01 08:34 UTC
I don’t know. A least, the current approach forces developpers to not ask for more permissions than requested. I often see bad play store ratings associated with comments such as “why does this app requests this and that”; and more than once have I seen an app update changelog with “[some permissions] removed” stated.
But yeah, Google should begin to make App Ops more readily accessible (in the Developer Options submenu for ex.). Good thing it is still available in custom ROMs.
That’s probably it. It’s also probably why they shipped devices without root access by default – a hosts file null-routing all of Google’s data mining services and in-app advertisements significantly undercuts people’s ability to make money off of the platform.
In the late 90s – early 2000s, windows accounted for a small percentage of websites and a much larger proportion of website defacements (see the attrition.org archives).
If you occupy a tiny niche you can usually avoid scrutiny, but if your anything other than an absolute bit player someone will be targeting you.
Also a distinction needs to be made between malware which targets the user (ie tricks the user into running it), malware which requires otherwise innocent user interaction (ie drive by browser attacks), and attacks which are entirely separate from the user (ie remote root). Server systems (unless grossly misused) are typically only susceptible to the last type of attack.
Edited 2014-02-28 13:49 UTC
People act as if Android was always the number one OS on earth! No it wasn’t! But yet Malware has been there since the start, just like there were viruses all the way back in the dos days.
Point is people write malware just as much for how easy it is to catch people slippin and not reading security warnings as they are cause there are a lot of Android devices.
There are almost as many old versions of android as there are android devices.
What like 10 percent on Kit kat (Maybe)
Even with technical means (perms) in place and working, common users usually not understanding security architectures tradeoffs will fall into associating a risk factor connected with Android OS as opposed to WP , IOS or BBRY.
Here a walled garden approach gives them better *sense* of security.
The same could be achieved in Android if Google and partners started promoting a conscious choice between using 3rd party sources or not. Having 3rd party installs associated with risk can also do some good to piracy metrics. Getting customers to understand something is much harder task than making things work on technical level though.
Edited 2014-02-28 07:46 UTC
This. The only people with concerns about viruses on Android devices are people who sideload apk’s from torrentz and warez forumz. ’nuff said.
The problem is, there are several parties (av vendors, apple, microsoft) who have a vested interest in the general public perceiving malware on android to be a serious problem, and they will ensure that scare stories keep cropping up in the media.
On the ground i know lots of people with android phones and none of them have ever suffered a malware problem. Contrast that with all the windows users i know, most of whom have encountered malware recently.
Even if we are talking about 0.001% of the softwares, that does not say how many devices that ends up infected. That is the interesting question i would say.
In worst case scenario you could have only 1 single malware that could infect all devices in the world.
Read “in worst case scenario” before you start commenting on my comment.
Please read more carefully. It’s not 0.001% of software packages – it’s 0.001% of all application installations. There have been 1.5 billion application installs, meaning a total of only 15.000 infections.
That’s it. That’s negligible. This is a non-issue.
I dunno. If the news channels were reporting on some strain of flu and said “it has already infected 60,000 people around the world”, I’m pretty sure viewers and the WHO would not treat it as a non-issue, even if it was non-fatal.
Well, in The Netherlands, on average, about 0.03% of the population has the flu at any given time. The institutions here will only start to monitoring actively when that number doubles to 0.06%.
So, no, 0.001% is nothing.
UPDATE: More fun facts: on average, between 250-2000 people die during a usual flu epidemic in The Netherlands. Let’s pick 1000 – that’s 0.006% of the Dutch population.
So, no, 0.001% is nothing. I’m sorry.
Edited 2014-02-28 13:25 UTC
The 0.001% is fake. It assumes absolutely that the maleware follows Googles prescribed method of installing inself.
It does not take into account software which use faults in the operating system to install itself, or bundled apps.
One SMS infection hit 300,000 users http://www.v3.co.uk/v3-uk/news/2328691/android-apps-with-trojan-sms…
Edited 2014-02-28 14:43 UTC
Deviate_X,
I read the link thinking that it would actually be about an operating system vulnerability through an SMS attack vector, indeed that’s something I’d be very interested to know about. However it’s not that at all. It’s merely convincing users to install the malicious app with SMS permissions.
Edit: The pandalabs post is much clearer:
http://pandalabs.pandasecurity.com/new-malware-attack-through-googl…
Still, that 300k users were affected says alot about the lack of user security awareness. And of course it should have been pulled earlier from the app store.
The recommendation by a Panda Labs rep was “please always read the permissions needed to install each application and if among them it is the one letting the app read your SMS and connect to internet and it is not really needed, do not install it,”
Edited 2014-02-28 15:50 UTC
I do think that Android’s permission system is flawed and arguably more needs to be done about it on the Google Play store too.
Each permission should be individually grantable. If a permission is refused by a user, the system should feed dummy neutral data related to that permission wherever possible. Of course, lazy programmers will often either refuse to allow their app to run if it doesn’t have all the permissions or crash because they don’t trap errors caused by lack of permissions (hence the need for dummy data a la Privacy Guard in CyanogenMod).
On the Google Play store, I’d like to see three obvious permission improvements:
1. The developer must state why each permission is needed (and not just “I need it”) – the store should refuse an app that doesn’t explain every permission (i.e. this would involve new data fields they’d have to fill in during app submission).
2. The user should actually be able to control the permissions from the Play Store (app or Web interface) so that it covers all their devices in one fell swoop.
3. If an app works with a permission but force closes without it, this is an app bug and the user should have an opportunity to report this (semi-automatically) to the developer. Enough of these permission-related crashes should flag something on the app store about this (e.g. app will crash if this permission is removed – developer has been notified).
Edited 2014-02-28 12:30 UTC
While this sounds nice for the user, it’s completely unrealistic from a developer context. In addition to all the extra code needed to troubleshoot/work around permissions, it would eliminate a huge category of apps from the market. How do you have a free app w/ads if the user can just block internet access and therefor ads? So by denying a permission you might be taking away the developers reason for making the app.
In the old days, the OSs targeted to the home market lacked the right security protections.
Then they added them, but most people and average developers, not able to deal with security nuisances, just executed the applications as root/administrator.
With package repositories becoming mainstream in the form of app stores, one is quite safe, except of worms or security exploits.
Issues, that anti-virus can seldom protect against.
However, thanks to the people stupidity to avoid paying 1^a‘not by sideloading applications and installing customs ROMs, the Anti-virus companies have found out a new market.
In the old days, those OSes were typically not connected to a public network and were rarely used for anything important.
BBS? Aminet? Demoscene letters with floppies?
Edited 2014-02-28 14:07 UTC
This is PR for believers.
Since this website hates John Gruber and all he stands for, I’ll have to forward his thoughts for you.
http://daringfireball.net/linked/2014/02/27/pichai-malware-freedom
Puts the “most popular operating system” line in proper perspective.
He also linked this, clarifying that 98% of 2013’s mobile malware was for Android (not 90): http://www.theinquirer.net/inquirer/news/2331127/android-is-target-…
And updated with this statistic, showing that 99.9% of new mobile malware detections are for Android (not 90): http://www.theinquirer.net/inquirer/news/2331127/android-is-target-…
Granted, this is nothing to run around panicking about, but having just a little bit of your house on fire is still a problem for the landlord, and if I’m shopping for real estate, I know I’d prefer the house that’s not on fire at all.
Yeah, that’s right, dislike of the ‘Grube obviously isn’t due to a general dislike for those who are notoriously-biased, shameless fanboys. No, clearly, it must be a hatred of Gruber on a personal level. Now that you’ve discovered the secret, I’m sure Thom will have no choice but to shut down the site & slink away in shame.
Interesting that you’d use the word “perspective,” given that perspective is the main thing conspicuously absent from that article. Namely, any figures or even references to back up his claim that malware is “the only sort of software where Android leads iOS in third-party developer support.”
I’m sure it’s great as long as you don’t think about it too much. Because then, you’d risk realizing that the 2nd house isn’t on fire only because the landlord took the easiest/laziest route to fire prevention, and just put terms in the lease banning all open flames or any heat-emitting device that they don’t get a cut of the sales fro… uh, sorry, I mean… that hasn’t passed their rigorous and totally not-arbitrary approval process.
I didn’t say anything like that, and bias is not a compelling charge when used so broadly (while ‘fanboy’ barely qualifies as verbal communication). Of course Gruber has an opinion, but he also has facts. If you dismiss his facts because you don’t like his opinion, that’s where bias becomes damning.
It’s just a burn, but if you want its context unpacked, I’m game.
Developers, from small upstarts (WhatApp, Threes!) to large corporations (BBC, Netflix), overwhelmingly go iOS-first or iOS-only. With fewer devices running fewer versions of the operating system, a smaller team can deploy a working app more quickly. iOS users also download more apps, consume more data, and spend more money, so market share doesn’t translate directly into audience: iOS is overrepresented.
So if honest developers consider iOS more fertile ground, why should dishonest developers be any different? Because broad permissions, inter-app communication, sideloading, piracy, and carrier and OEM modifications give Android more entry points. It’s entirely a matter of engineering and culture. Beyond taking up a visible slice of the pie chart, its market share numbers have absolutely nothing to do with it; Android’s advantage hasn’t succeeded in changing the priorities of legitimate developers, after all (certainly nowhere near the 999:1 ratio enjoyed by malware).
And yet Cydia doesn’t seem to have much of a problem, either.
What with the evidence, it almost seems as if Android and Windows before it really are inherently less secure than their alternatives. (Cue the repeated-to-death example of an outdated Apple security hole, as if nothing short of unerring perfection counts, and/or the one-two punch of anecdotal evidence and moral indignation proving that anyone who’s ever had a malware problem brought it on himself so that doesn’t count either.)
Funny.
Developers of widgets, icon packs, operating system extentions, launchers, file managers, contacts applications, SMS applications, dialers, lock screens, etc. etc. all overwhelmingly choose Android.
Android has more applications iOS does not than vice versa. It’s just not the kind of applications the Grubers of this world like to mention because it screws up their narrative.
All right, Thom, since you personally asked me to, I’ll bite.
So Android wins only where iOS forfeits, is what you’re saying. I feel strangely unrefuted.
That’s fair; that’s a reason Gruber’s burn isn’t literally factual: Apple doesn’t allow that stuff.
The thing is, when iOS is behind only in categories that aren’t allowed, it stands to reason that wouldn’t be the case if Apple did allow them (and that goes for malware, too, with a looser definition of ‘allow’).
A few quick searches gave me thousand of results for that stuff on Cydia. Unfortunately I didn’t find a way to compare directly with Google Play’s numbers, because the app always reports 250 results and the web site doesn’t give numbers at all.
So in summary, iOS gets almost everything except literal refuse simultaneously, first, or exclusively, despite the supposed absolute powers of market share suggested by Pichai’s quote. Android is more compromised because it’s more permissive (this should not even be remotely controversial); market share is not a factor beyond the threshold of notability.
Ah for crying out loud this thread is so lame. developers target the largest platforms – news at 10. it’s all non-sequitur since neither of these two platforms has a depravity of apps today. I’ve never understood why fanboys are so insecure over the equipment they’ve got in their pants…. Oh uhm, wait… ahem, I see.
There are facts and there are cherry-picked facts.
And lies like “the only sort of software where Android leads iOS in third-party developer support”. You take that lie as a fact and tell us that we dismiss his “facts” because of opinion? No, Gruber is just that – fanboi.
Your assumption is that iOS users are safer by default and nefarious individuals/groups don’t use a different attack vector for iOS users…
Cydia is used mostly by nerds and geeks that are a bad target for malware writers.
That ‘lie’ is just a quip, but it’s barely an exaggeration. The iOS-first trend is well documented. With facts.
I don’t know where you’re getting that, but it’s irrelevant. I hardly think iOS users are any less likely than Android users to get struck by lightning, but they are tremendously, dramatically, night-and-day less likely to have malware on their phone, and not because malware development is some kind of all-or-nothing market share game, but because it’s much harder to get it onto the device.
As opposed to sideloading, piracy, rooting, custom ROMs, and third-party app stores, which all the old church ladies are so into these days? Or was your point that Android devices are more vulnerable even without those things? Because yes, that is correct.
Except for the fact it’s untrue. See my previous comment.
To be fair, WhatsApp used to (?) upload your entire address book to their servers, so it certainly does work like the worst kind of malware.
That “little bit” is the romantic candle… but I’m sure a pristine all white apartment is very romantic.
iOS is abused in different ways to Android. So you have to choose between houses that have candles(fire hazard) in different rooms.