The general assumption is that securing Android is like a game of whack-a-mole. You shut down one set of vulnerabilities, another just pops right up. After all, Google issues a monthly security patch for this very reason.
Don’t let that mislead you, says Google’s Adrian Ludwig. The lead engineer of Android’s security efforts recently told attendees to a security conference in Manhattan there’s no doubt the Pixel and iPhone “nearly identical” when it comes to security. And the advantage goes to Android over time, according to a Motherboard report from the event.
“In the long term, the open ecosystem of Android is going to put it in a much better place,” he said.
His talk at the O’Reilly Security Conference focused on Android’s Safety Net product, which scans 400 million devices per day and checks six billion apps.
That means the number of Potentially Harmful Applications (PHAs) is very low, with less than one percent of Android smartphones actually containing malware. He also said despite how much was made over Stagefright, it hasn’t even been a blip on the radar screen.
“At this point we still don’t have any confirmed instances of exploitation in the wild,” he said.
While it’s easy to see why Google can claim the security crown on the Pixel, where it controls software updates, it’s much trickier for the whole ecosystem. There’s been some good movement by partners to implement monthly updates, though still most lag woefully behind when it comes to the latest versions of Android.
Why this matters: One of the biggest reputation problems for Android is the idea that it’s far less secure than the iPhone. Challenging this idea is going to be important in order to win over those who may be sticking to iOS for this reason alone.