Google’s Director of Security at Android, Adrian Ludwig, gave a talk at a security conference in Manhattan on Tuesday, and in a brief interview afterwards, he gave us a bit of insight into Google’s views of Android’s security, particularly as it compares to that of Apple’s iOS.
In particular, Ludwig said:
“For almost all threat models, they are nearly identical in terms of their platform-level capabilities. For sure, there’s no doubt that a Google Pixel and an iPhone are pretty much equal when it comes to security. Android, will soon be better though.
In the long term, the open ecosystem of Android is going to put it in a much better place”.
During his talk at the O’Reilly Security Conference Ludwig said that Android’s built-in security service called Safety Net scans 400 million devices per day and checks around 6 billions apps per day.
The result of these security checks, coupled with the exploit mitigation measures baked into Android, mean that a really small number of Android devices has malware. That really small number could be as little as 1%, if not less.
One of the best known Android exploits that made mainstream news headlines was Stagefright, but Ludwig wasn’t all that worried:
“At this point we still don’t have any confirmed instances of exploitation in the wild”.
Things have improved significantly in the last year, but those using Android — such as carriers and OEMs — need to improve their update cycles and adopt security patches more quickly to make Android as a whole more secure:
“We got quite a bit of work left to do to get to a point where that actually happens on a regular basis across the whole the ecosystem”.