Security flaws? Oh, Android has a few and most Android users have to wait a long time to get them patched… if they even get patched at all. Technology Review reports that Chris Soghioan, the principal technologist at the American Civil Liberties Union, claims that even people he knows within Google understand the shoddy state of Android security and are “embarrassed” by it.
“Google has by far the best security team of any company in Silicon Valley, and the security people I know at Google are embarrassed by Android,” he said this week at MIT Technology Review’s EmTech conference.
Soghioan’s remarks are in the context of a talk on the differences between Android and iOS when it comes to privacy and security features. While iOS is locked down and its users get new security patches as soon as they’re available, the majority of Android users have to deal with a fragmented upgrade process in which their devices have to wait for both OEMs and carriers to sign off on new software before getting it installed. Essentially, the only way to ensure you get security updates right away on Android is to own one of Google’s Nexus devices.
Soghioan says this is particularly disturbing because iPhones are typically owned by the affluent while people without a lot of disposable income gravitate toward cheaper Android phones. What makes this worse, he says, is that Google is only forcing smartphone OEMs to encrypt all stored data on their phones by default on high-end hardware, thus leaving people who buy low-cost Android handsets vulnerable.
“We now find ourselves in not just a digital divide but a digital security divide,” he explained. “The phone used by the rich is encrypted by default and cannot be surveilled, and the phone used by most people in the global south and the poor and disadvantaged in America can be surveilled.”
Soghioan says his goal here isn’t to start another tiresome iPhone-vs-Android flame war but to draw attention to these issues so all major tech companies — Apple included — up their games and create a more secure experience for their users.