Sundar Pichai: Android Designed For Openness; Security a Lower Priority 117
An anonymous reader writes "Earlier this week, Google Android chief Sundar Pichai spoke at the Mobile World Congress where he explained, rather bluntly, that Android is designed to be open more so than it's designed to be safe. He also added that if he were a hacker today, he too would focus most of his efforts on Android on account of its marketshare position." Related: wiredmikey writes "Boeing is launching 'Boeing Black phone,' a self-destructing Android-based smartphone that the company says has no serviceable parts, and any attempted servicing or replacing of parts would destroy the product. 'Any attempt to break open the casing of the device would trigger functions that would delete the data and software contained within the device and make the device inoperable,' the company explained. ... The device should not be confused with the new encrypted Blackphone, developed by the U.S. secure communications firm Silent Circle with Spanish manufacturer Geeksphone."
Don't they know... (Score:2, Insightful)
If there's a way to put it together, there's a way to take it apart. Also, it kind of sucks to have your data wiped if your phone takes a major spill and thinks you're trying to break it open.
Re:Disproportionate Malware (Score:5, Insightful)
I spent a few moments RTFA and TFS distorts it badly. What he is actually saying is that unless you lock the OS down like iOS is you will never get that level of security. In other words any open system that allows the owner to run the software they want to run can never be as secure as one that only runs software Apple wants to run.
So, take your pick, run only Apple approved code (which as we saw recently isn't immune to malware anyway) or actually own your device and take some responsibility for it. Almost all malware for Android relies on the user being an idiot, and that is what this guy is saying. With power comes responsibility and all that.
Also, you wouldn't expect that an OS with say 85% of the market would only get 85% of the malware. People gravitate towards the most popular systems, and you also have to consider that Android is much bigger in countries like China and India where they don't seem to have had as long as westerners to become get savvy to torjans or excessive permission requests. Many Chinese carriers put their own app stores on their devices too, and then fail to properly police them, and of course (trojan) pirate software is widespread.
Re:Disproportionate Malware (Score:4, Insightful)
To be fair, there are issues with Android that don't have anything to do with signed code. On iOS, you can deny individual permissions (at the time they're actually exercised!) and still run an app (and modify those permissions post-install), whereas on Android it's an all or nothing sort of thing. That's more "open" but it's less "secure", and it doesn't really anything to do with app stores or code signing.
Re:Tap Back (Score:5, Insightful)
Access to my contact list in exchange for information on astronomy?!
That's why Android has a system-wide Back button. If you disagree with the permissions that an application requests, tap Back instead of Install, and take it up with the application's publisher.
And that kind of attitude is why Android's privacy model is flawed. This puts the control of your options at the whim of the developer. Instead *you* should be able to disable the camera, or disallow access to your GPS for any given app. If I find out after the fact that I don't want an app to have access to that information, I shouldn't have to uninstall the whole app. Example: weather apps almost always (reasonably) ask for my location info. I deny them, because, I have all my locations already entered. They don't need to know where I've been, but I still like to get the forecast on my phone.
Disingenuous (Score:5, Insightful)
Since when was security mutually exclusive with openness?
It's pretty obvious that Google has refused to give users the optional security permissions that they would like to have control of.
It's daft that you have to root your phone in order to be able to increase the security.
And just because Apple have (A) good security and (B) a crazy degree of control freakery, doesn't mean that everyone else with good security needs to be a control freak too which is some in these threads are insinuating.