Sundar Pichai: Android Designed For Openness; Security a Lower Priority 117
An anonymous reader writes "Earlier this week, Google Android chief Sundar Pichai spoke at the Mobile World Congress where he explained, rather bluntly, that Android is designed to be open more so than it's designed to be safe. He also added that if he were a hacker today, he too would focus most of his efforts on Android on account of its marketshare position." Related: wiredmikey writes "Boeing is launching 'Boeing Black phone,' a self-destructing Android-based smartphone that the company says has no serviceable parts, and any attempted servicing or replacing of parts would destroy the product. 'Any attempt to break open the casing of the device would trigger functions that would delete the data and software contained within the device and make the device inoperable,' the company explained. ... The device should not be confused with the new encrypted Blackphone, developed by the U.S. secure communications firm Silent Circle with Spanish manufacturer Geeksphone."
Don't they know... (Score:2, Insightful)
If there's a way to put it together, there's a way to take it apart. Also, it kind of sucks to have your data wiped if your phone takes a major spill and thinks you're trying to break it open.
Re:Don't they know... (Score:5, Informative)
fake oakley (Score:1)
Re: (Score:1)
RMFP. I didn't say anything about who it would be sold to or who/what it was designed for, and those points are completely irrelevant to mine.
To recap:
1) If there's a way to put it together, there's a way to take it apart. This is true no matter who it's sold to. The defense industry tends to hire clever people, who are often clever at disassembly as well.
2) It kind of sucks to have your data wiped if your phone takes a major spill and thinks you're trying to break it open. This is still true if you wor
Slippery slope (Score:2)
The phone isn't for you
What worries me is that if this is successful, certain control-freak mobile phone, tablet, and video game hardware manufacturers are likely to point to this as a success story and attempt to make this the standard for devices sold to home users.
Re: (Score:2)
...attempt to make this the standard for devices sold to home users.
How hard would it be for a competitor to come forward with a marketing campaign like, "This phone won't commit suicide if it falls off the bed"? It seems like that would draw a bigger customer base than "This phone will self-destruct."
Monkey see, monkey lockdown (Score:2)
How hard would it be for a competitor to come forward with a marketing campaign like, "This phone won't commit suicide if it falls off the bed"?
Given that both Sony and Microsoft made a business decision to adapt Nintendo's the lockout chip business model for their set-top gaming computers, I'm guessing manufacturers of other entertainment devices would be eager to imitate one another's repair lockout measures if it thinks the measure will help them seek more rents [wikipedia.org].
Re: (Score:2)
When it comes to phones and tablets, I don't believe the manufactures really want to lock down the devices. Several offer tools from their websites to unlock bootloaders. It's the cell network carriers that force the manufactures to lock down the devices.
T-Mobile: the uncarrier (Score:2)
It's the cell network carriers that force the manufactures to lock down the devices.
Fortunately, T-Mobile USA and the prepaid MVNOs have managed to pressure AT&T into offering plans priced without a hardware subsidy. When the phone is sold separately, what stops the manufacturers from selling unlocked phones in the U.S. market that work on AT&T, T-Mobile, or any of their MVNOs?
Re: (Score:1)
Ooohhhh, look who knows so much...
How do you know what industry I'm in, or what phone they'll want me to carry?
Re: (Score:2)
Not if everything is fused together.
Re: (Score:2)
So was my laptop battery at one point ;)
Fused or not I assume it would still try and detect the pieces coming apart. One would hope it takes more than a Dremel wheel to defeat it.
Re: (Score:2)
Most secure systems like this are assembled before applying power... that's how you put it together. When first powered up, the tamper detect mechanism is in place. And that piece of it is kept powered forever... lose power to the crypto engine, and the unit tampers. Once tampered, you have to reinstall the original software. So basically, even Boeing has no means of taking these apart without tampering them. If you had enough units to study and take apart, maybe you could, maybe not. The case itself can b
Re: (Score:2)
True to their defense contractor traditions they'll probably try to destroy it by way of a drone strike.
Tap Back (Score:3)
Access to my contact list in exchange for information on astronomy?!
That's why Android has a system-wide Back button. If you disagree with the permissions that an application requests, tap Back instead of Install, and take it up with the application's publisher.
Re:Tap Back (Score:5, Insightful)
Access to my contact list in exchange for information on astronomy?!
That's why Android has a system-wide Back button. If you disagree with the permissions that an application requests, tap Back instead of Install, and take it up with the application's publisher.
And that kind of attitude is why Android's privacy model is flawed. This puts the control of your options at the whim of the developer. Instead *you* should be able to disable the camera, or disallow access to your GPS for any given app. If I find out after the fact that I don't want an app to have access to that information, I shouldn't have to uninstall the whole app. Example: weather apps almost always (reasonably) ask for my location info. I deny them, because, I have all my locations already entered. They don't need to know where I've been, but I still like to get the forecast on my phone.
Re: Tap Back (Score:2)
Contrasted with what, Apple?
Here's a hypothesis: Most malware is written by groups associated with the US government and their allies, the UK and Israel.
It's easier to just call Apple because they completely own anyone who buys their products already and Apple will do what they want.
Android isn't secure, true, but at least it isn't always owned the moment you get it, though Google does try.
Thus, the malware targets the devices that are most secure, from the perspective of those on the attack.
Add in some for
Re: (Score:2)
Contrasted with what, Apple?
I gave actual examples of why I find Apple's privacy model better than Google's. Can you rebut that, or are you just going to go on about "Apple owning the user".
Android isn't secure, true, but at least it isn't always owned the moment you get it, though Google does try.
Thus, the malware targets the devices that are most secure, from the perspective of those on the attack.
This just shows have zero understanding of basic economics. The lower hanging fruit is always the best bet unless you can justify that the more difficult is indeed far more profitable. And guess what - iPhone users are more valuable to advertisers and developers [1]... yet have only 1% of the malware. Nice try at sophistry.
[1] https://digiday.co [digiday.com]
Re: (Score:2)
If you sign up with Apple, they have complete control over your device from the hardware to the software, they know who you are, and they'll tell the authorities anything they ask.
If you buy an Android phone, there is no one entity that has control like Apple does.
Your position is based around the motive of the "hackers" being economic. If they're just scammers trying to steal money, then yeah, Apple is probably more secure.
I believe the motive of the majority of malware does not come from such people, is
You might not even need an app (Score:2)
Instead *you* should be able to disable the camera, or disallow access to your GPS for any given app.
The developer always has the opportunity to make the activity close itself if you don't grant it the right permissions. (In fact, this is what applications do by default in modded ROMs and in Android 4.3 with App Ops because they don't catch SecurityException.) So again, the beef is between you and the developer. You could always get applications from F-Droid, where all applications are distributed under a free software license. Then you can load an application's source code into Android SDK and compile out
Re: (Score:3)
The developer always has the opportunity to make the activity close itself if you don't grant it the right permissions. (In fact, this is what applications do by default in modded ROMs and in Android 4.3 with App Ops because they don't catch SecurityException.) So again, the beef is between you and the developer. You could always get applications from F-Droid, where all applications are distributed under a free software license. Then you can load an application's source code into Android SDK and compile out the feature that you insist on not using.
No my beef is with Google/Android's weakness at letting users control their apps, I'll keep using my iPhone, thanks. While you look down on iOS users, you feel free to jump through all those wonderful hoops to lick the developer's boots or maybe I'll look down at you instead for simply rolling over and taking what the developers offer instead of taking control of your own device.
Re: (Score:2)
Re: (Score:2)
No my beef is with Google/Android's weakness at letting users control their apps, I'll keep using my iPhone, thanks.
Because Apple/iOS gives you such strong control over your apps?
Re: (Score:2)
But not everybody has a desktop pc or laptop on which they could do this.
Scroogled.com lists new 10" Windows laptops for $250 as competitors to the Chromebook.
Re: (Score:2)
This discussion can go in any of three ways. Feel free to reply to any or all of them:
First, someone who owns an Android tablet and a Bluetooth keyboard can use AIDE. I haven't used AIDE, so I can't tell how easy it would be to load the project file of a free Android app, but AIDE is supposed to allow development of Android applications directly on an Android device.
Second, you're describing the niche case of someone who bought a tablet running a so-called mobile operating system as a primary computing
Re: (Score:2)
On top of that, at least you get to see what that app wants access to before installing it. Last time I used my iPad it wouldn't show me anything before installing something.
Re:Disproportionate Malware (Score:5, Insightful)
I spent a few moments RTFA and TFS distorts it badly. What he is actually saying is that unless you lock the OS down like iOS is you will never get that level of security. In other words any open system that allows the owner to run the software they want to run can never be as secure as one that only runs software Apple wants to run.
So, take your pick, run only Apple approved code (which as we saw recently isn't immune to malware anyway) or actually own your device and take some responsibility for it. Almost all malware for Android relies on the user being an idiot, and that is what this guy is saying. With power comes responsibility and all that.
Also, you wouldn't expect that an OS with say 85% of the market would only get 85% of the malware. People gravitate towards the most popular systems, and you also have to consider that Android is much bigger in countries like China and India where they don't seem to have had as long as westerners to become get savvy to torjans or excessive permission requests. Many Chinese carriers put their own app stores on their devices too, and then fail to properly police them, and of course (trojan) pirate software is widespread.
Re:Disproportionate Malware (Score:4, Insightful)
To be fair, there are issues with Android that don't have anything to do with signed code. On iOS, you can deny individual permissions (at the time they're actually exercised!) and still run an app (and modify those permissions post-install), whereas on Android it's an all or nothing sort of thing. That's more "open" but it's less "secure", and it doesn't really anything to do with app stores or code signing.
Re: (Score:2)
Can you block internet access so that apps can't download advertising? Seems like developers of free apps would not be very happy about that. I do it on Android via a firewall, but I don't have an iOS device so I'm asking.
Re: Disproportionate Malware (Score:2)
No, on iOS internet access isn't considered a permission. Off the top of my head, the ones I remember are location, microphone, camera, and contacts. Access to pre-configured social network accounts I believe requires permission as well.
Re: (Score:2)
Really? Apps don't have to ask for internet access, and you can't deny it to them?
Re: (Score:2)
Really? Apps don't have to ask for internet access, and you can't deny it to them?
No. But iOS protects any resource that would be considered something you wouldn't want uploaded (i.e. Contacts.) iOS apps are sandboxed as well which means that an app can't access files created by another app (so it's not going to be able to upload documents or settings from another app), and an app can't download a bunch of stuff to a system directory. So you can't deny an app internet access, but unless you're worried about an app running up your data bill, there isn't much reason you'd want to as anythi
Re: (Score:2)
I had no idea it was that bad. Apps have access to personal data without permissions, things like unique device IDs and anything you enter into the app itself. They can also download advertising and collect data like how long you use the app and what you do in it. I deny most apps internet access by default unless there is a really good reason for them to have it.
Re: (Score:2)
I had no idea it was that bad. Apps have access to personal data without permissions, things like unique device IDs and anything you enter into the app itself. They can also download advertising and collect data like how long you use the app and what you do in it. I deny most apps internet access by default unless there is a really good reason for them to have it.
Unique device ids are not available under iOS as of... iOS 6 I think? It might have been 5.
Apple will give you a per-app-per-install id that is only valid for your app for that specific install. You can't use it to derive personal information about the device or relate to any other app installs. It's basically a one time locally generated UUID that is saved for that app. You might be able to identify people with a push id, but that requires permissions.
That gave the advertisers and analytics people fits whe
Re: (Score:2)
That's still a unique device ID, just unique per app. The developer can use it to see what you personally have done with the app by transmitting usage data stamped with this ID.
Re: (Score:3)
Any app can do that on any device. If you don't want software on a mobile device to have access to the 'net, don't install it. It's not an inherent insecurity to have network access.
(On iOS 7, you can disable access over cellular on a per-app basis to cut down your data usage.)
Re: (Score:2)
On Android internet access is a permission apps have to ask for. If you root your device you can block apps with the permission anyway, or simply choose not to install them.
At least by making it a permission you can tell before hand if the app is going to access the internet. It seems that on iOS there is no way to know, short of packet-sniffing your wifi and doing a lot of detective work.
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
So, take your pick, run only Apple approved code (which as we saw recently isn't immune to malware anyway) or actually own your device and take some responsibility for it.
I agree, but what I am saying is that for non-technical users they simply CANNOT take a proper level of responsibility for an Android device - they are simply not able to.
Re: (Score:2)
[...] any open system that allows the owner to run the software they want to run can never be as secure as one that only runs software Apple wants to run.
So what you are saying is that none of the apps in the Apple app-store can be Turing-complete.
Re: (Score:2)
... That is an explicit requirement of Apple's approval process, just in case you've been living under a rock for the last seven or so years. Actually, the requirement is that they can't run *arbitrary* code - you're allowed to include a (Turing-complete) game emulator in an app, so long as it can only load the game(s) included with the app - in practice it's the same thing. An app that can load arbitrary ROM images would be prohibited. So would one that includes its own JS engine (this is why Chrome on iOS
Re: (Score:2)
Isn't the vast majority (all?) of the malware side-loaded? That would explain the number, since you can't turn on side-loading on the i-things.
Not vast majority (Score:1)
There is malware in Google Play.
There are also exploits like the recent SMS attack on Android via Facebook ads. [pingzine.com]
You don't need to side-load to be compromised on Android, and most non-technical people have very few options for updating devices if there are security patches in newer Android versions.
Re:Not vast majority (Score:4, Informative)
The link you posted is a side-loading exploit, albeit one that begins with instructions when you click on an ad. You have to download the app and then sideload it.
Re: (Score:3)
I'm still okay with recommending Android to non-technical users, given that most of them manage just fine on Macs and PCs that face the same primary vector for attack (i.e. the user downloading and installing a trojan).
That said, yeah, Android is really getting a disproportionate share of the malware. More recent reports peg it at 99% of all mobile malware, and Pichai is trying to brush that away as a simple factor of market share, which is rather short-sighted. iOS currently sits around a 16% market share [techcrunch.com]
Re: (Score:1)
I'm still okay with recommending Android to non-technical users, given that most of them manage just fine on Macs and PCs that face the same primary vector for attack
But with computers there is no really secure alternative (though I would still argue in this case Macs are more secure, since they manage updates in a way it's more likely to happen for non-technical users).
With phones there is an alternative that we know is more secure - the iPhone. That is why I don't think it's right to steer non-technical
Re: (Score:2)
it's really nasty stuff like the recent Android SMS exploit where just getting an SMS can infect you.
Which one is that? I did see a recent SMS exploit but it relied on the user using the Facebook app, being presented a particular ad from Facebook's ad network, clicking on that ad and following it to a fake version of google play then downloading a malicious application and only then are they available to the SMS vulnerability. Perhaps you are thinking of another one but that's the only one I've seen recently.
Re: (Score:3)
People use those same devices when proclaiming how huge market share is - which means people still buy them. So they should be included in discussions on security.
Re: (Score:2)
Yes, actually; some malicious sites used the same exploit as the jailbreak for drive-by malware installations. The hilarious thing is that the only way to defend against it (either early, before Apple released the fix, or after they dropped support for older devices so the patch was never officially available) was to jailbreak your phone and use the elevated access to patch the vulnerability yourself.
There were also exploits which targeted jailbroken iOS devices, since a number of the security defaults post
Re: (Score:2)
Depends how we define "in the wild". There was a proof-of-concept app released that took advantage of a current exploit in iOS. It was reported here on Slashdot [slashdot.org] just two days ago. There was also the ability to wirelessly jailbreak iOS devices at one point in time by simply visiting a specially-crafted web page, which could open up all sorts of other attacks, though the hole that allowed that has since been patched. Even so, tens of thousands of users jailbroke their devices that way before it was patched, a
Re: (Score:2)
Re: (Score:2)
You don't understand how malware works, do you? It's a market. Money, the almighty buck, is the driving force of it. Not even necessarily the *user's* money either, although genuine mobile botnets are less common than on PCs.
When writing malware, why would you target the player with 25% marketshare if you could target the one with 70% instead? That's voluntarily giving up about 2/3 of your potential income. Even if it was much harder to exploit Android (which it really isn't), they would still be the prefer
Re: (Score:2)
You don't understand how malware works, do you? It's a market. Money, the almighty buck, is the driving force of it.
Then you would ABSOLUTELY target iOS preferentially.
Re: (Score:2)
Non - technical users are only using Google Play, maybe Amazon, for their Android software. Of that malware, only 0.3% of it was ever on the Play Store, and in all cases quickly removed.
Freedom is risk. With Android, you are free to stay safe, or choose more freedom in return for less safety. IOS and the others only offer safety, including safety from yourself and safety from their perceived software competitors. Maybe that's ok for some people.
The market has spoken (Score:2, Interesting)
Blackberry prioritized security over extensibility. Where did that get them?
Re: (Score:2)
Blackberry had the wrong business model, we are in the new millennium.
Wrong business model: concentrate on the product.
Right business model: give free or cheap stuff away and collect users' data in return.
Oh and the new millennium sucks.
Re: (Score:1)
Wrong business model: concentrate on the product.
No, Blackberry got beat there, too, by Apple. You could just as well say "frozen OJ" is "concentrating on product". What matters isn't how hard you work, but what you're working on, and whether it has appeal.
Android being "open" and given away free to manufacturers and carriers wouldn't be worth a shit without their mimicking a successful design and adopting the iPhone look and feel. In 2006, Android devices being specced looked like a Blackberry copy, in 2008, they pivoted to become iPhone imitations.
Built in MITM attack "security"? (Score:3)
Blackberry prioritized security over extensibility.
They had a built in man in the middle attack. I would argue they NEVER prioritized security, just presented a strong illusion of it.
It would be more accurate to say, Blackberry prioritized email above everything. And look where that got them... but it is not true of the iPhone or Android.
Bad headline (Score:1)
but I digress...
If Android was made to be open, with security as a far flung after thought, wouldn't its open nature prove it to be more secure by its availablitiy to 'more eyes'? I'm not talking about the implementation here, but the nature of its existence.
That said, and with regard to that openness, hasn't the mobile security landscape changed a little in the past few years? More threats than ever now on the mobile landscape, and I would think that openness would be a much appreciated door to combat such
Re: (Score:3)
I spend quite a bit more for my devices than $100, but that's because I hate be
Re: (Score:2)
There are no "many eyes" on Android The most important parts, the drivers, are closed source binary blobs in most cases. It is ungodly easy to hide crap inside those blobs.
Re: (Score:3)
There are no "many eyes" on Android The most important parts, the drivers, are closed source binary blobs in most cases. It is ungodly easy to hide crap inside those blobs.
The key is to differentiate between Android and AOSP, there are many eyes on AOSP but devices don't actually ship with AOSP, as you say they ship with many binary blobs that are platform services, UI layer, stock & 3rd party applications and drivers for all the hardware. The Android Open Source Project is open but (AFAIK) there is no device that runs Android that is open.
A phone which self destructs when taken apart? (Score:3)
It's designed to be open? (Score:1)
Then why can't I use an old phone as a usb to bluetooth adapter for my old laptop? And why can't I use an old phone as a bluetooth "audio receiver" so that I don't have to buy a $200 mono speaker in order to enjoy wireless audio from my regular phone? It seems to be a combination of software restriction and no one has made the app, but the hardware should do these things just fine, so what about Android is open? Its ability to manipulate the hardware via simple abstraction? It's opened source, but it hasn't
Re: (Score:2)
You must not have listened to A2DP Bluetooth audio.. you dont enjoy barely FM radio quality from them. Just plug it in, it's 20X better sounding.
GPL Compliant? (Score:1)
Boeing needs to sell to the DOD (Score:3, Interesting)
Seriously??? (Score:1)
Ok, we have Google's Android chief admit that security isn't their priority and that malware makers _should_ target their users and Slashdot tacks on a "related" article about Boeing making a destructible phone which, really, has ABSOLUTELY NOTHING TO DO WITH THE FIRST SUBMISSION.
Come on! Really?
Let's make it a bit more obvious that we're all HUGE fans of Android and don't want there to be any discussion about anything vaguely negative about the OS, why don't we. Two entirely unrelated discussions in the sa
Re: (Score:1)
I had an old JVC rear CRT projection TV that had an elaborate procedure you had to follow if you disassembled it (to prevent it from wiping the HDCP software when exposed to light.)
That "elaborate procedure" was "turn off single light in basement".
Hmmm (Score:2)
Yeah, its so open each phone tends to have issues on boot loaders and on getting root. And yet, despite that, its more open to the malware writers than to its users.
tut tut tut.
Even more related news... (Score:4, Informative)
The summary provided some related news, but isn't the fact that Apple just published a white paper about the security of iOS [apple.com] a bit more relevant to comments from Android's chief about its security than what the summary provided?
For example, consider the contrast in how the two companies approach the topic of security:
Google's Android chief: "We can not guarantee that Android is designed to be safe, the format was designed to give more freedom."
Apple's white paper: "Apple designed the iOS platform with security at its core. [...] The tight integration of hardware and software on iOS devices ensures that each component of the system is trusted, and validates the system as a whole."
The two approaches are practically polar opposites of each other, which I find horribly fascinating. As with pretty much everything, there are tradeoffs to either side. Android enjoys a load of benefits from being more open, and Apple enjoys a load of benefits from being more closed. Pick which works best for you and appreciate the differences.
Re: (Score:1)
You should take it with a grain of salt though (Score:1)
For how long does Apple ask to confirm permissions when they are requested? Wasn't it like Apple users didn't even know what an app can and can not access?
And there goes false safety feeling. Remember the Dolphin browser "calling home" to report sites visited by the users?
1) It affected both Android and iOS
2) It was discovered by Andorid users, (and Android is indeed more open)
I don't see any serious issues with Android asking user to confirm permissions, when they are actually exercised by the app. That wh
Re: (Score:2)
Are you talking about the in-app purchases that kids were making after their parents entered the password for an initial purchase? A couple of years ago, the default behavior was that you'd be prompted for your password on your first purchase, but you wouldn't be requested to re-enter your password for 15 minutes if you made additional purchases. This effectively created a 15 minute window in which additional purchases could be made. Parents tried to claim that the OS-level modal dialog box that always popp
Bet you $100.... (Score:2)
That the Boeing phone will give the NSA and Law enforcement the keys to the kingdom. There is no way they made a secure phone, the US government will not allow it.
Re: (Score:2)
That the Boeing phone will give the NSA and Law enforcement the keys to the kingdom. There is no way they made a secure phone, the US government will not allow it.
...unless they only sell the phone to NSA approved government employees.
Re: (Score:2)
Given Boeing doesn't make phones normally, the only reason it exists is because we're talking about Boeing the defense contractor, and not Boeing the plane manufacturer.
The phone will most likely only be sold to government for government use only. In which case, well, it does
Re: (Score:2)
"the only reason it exists is because we're talking about Boeing the defense contractor, and not Boeing the plane manufacturer."
Well either that or Boeing has decided to produce the first cellphone with retractable wings and turbofan engines. Likely? No but a man can dream.
Fail to see the related part (Score:2)
I don't think that was the 'open' they were talking about.
How long have the editors been bots? ...as if we haven't suspected....
Disingenuous (Score:5, Insightful)
Since when was security mutually exclusive with openness?
It's pretty obvious that Google has refused to give users the optional security permissions that they would like to have control of.
It's daft that you have to root your phone in order to be able to increase the security.
And just because Apple have (A) good security and (B) a crazy degree of control freakery, doesn't mean that everyone else with good security needs to be a control freak too which is some in these threads are insinuating.
Android is Open? (Score:1)
Re: (Score:1)
I'll be the first to admit that my knowledge of this topic is almost completely second-hand, so if I'm talking out of my ass, please correct me. However this article sums up fairly well my understanding of the current situation:
http://arstechnica.com/information-technology/2014/02/neither-microsoft-nokia-nor-anyone-else-sho [arstechnica.com]
Re: (Score:2)
http://arstechnica.com/information-technology/2014/02/neither-microsoft-nokia-nor-anyone-else-should-fork-android-its-unforkable/?comments=1&post=26199423 [arstechnica.com]
(via Reddit) [reddit.com]
What Sundar actually said... (Score:4, Informative)
Here's what Sundar Pichai actually said minus the selective editing from that 'iOnApple' hack at NetworkWorld.
[quote]
Sorry, the premise of the question is because Android is open, it has more security issues? Respectfully, I’m not sure that’s a correct premise of the question. Open platforms historically undergo a lot of scrutiny, but there are a lot of advantages to having an open source platform from a security standpoint. I would argue that it’s the best way for a platform to be secure, because every researcher in the world can inspect it, every developer in the world can inspect it, and I think that contributes a lot to Android security.
Android was built to be very, very secure. The thing that you’re seeing is because Android is an open platform, many people can ship Android in many different ways and so there are some partners when they ship devices, they have an older version of Android. And sure you can have a security vulnerability there, but that doesn’t mean Android isn’t secure. We go to great lengths–the depth of work in Android to make it secure; the depth of work done by Google PlayGoogle Play automatically scans and verifies thousands of applications for malware. We track data on this. It’s state of the art in terms of what we do. What you see across the ecosystempeople will ship good phones and keep them updatedyou will have some phones that will not be updated. That’s where we see issues. Not Android at a fundamental level.
[/quote]