In Manhattan, security professionals have assembled this week for the O’Reilly Security Conference, including Adrian Ludwig who is the director of security for Google’s Android platform. During the conference and in a subsequent interview, Ludwig addressed comparisons between Android and iOS in terms of security. Despite concerns that Android may lag behind Apple’s platform thanks to the more open nature of the ecosystem, Ludwig says the two are “nearly identical in terms of their platform-level capabilities.” Ludwig not only points to Pixel devices and iPhone devices being on equal footing, he claims Android will surge ahead in the near future.
Ludwig’s claim about the future of Android and security appears to be based on the many eyeballs concept as he says “the open ecosystem of Android is going to put it in a much better place.” Google is not relying just on the nature of open source development to help improve security though. He points out that the Safety Net security product now built-in to Android is proactively scanning a whopping 400 million devices and 6 billion apps on a daily basis. This means that a very small number of devices running the world’s most popular mobile operating system are even victims of malware.
Outside of potential malware infections, Ludwig also discussed bugs like Stagefright. Despite the theoretical danger these issues create, Ludwig noted that at least in terms of Stagefright no one had succeeded in exploiting the bug in the wild. According to Ludwig, “at this point we still don’t have any confirmed instances of exploitation in the wild.”
Ludwig indicated Google is still aggressively working on improvements to the whole Android ecosystem when it comes to security. Of particular concern is the process for security patches and updates, especially those delivered by carriers and manufacturers. These update cycles need to be much faster according to Ludwig.