A site quoted Sundar Pichai saying at MWC that Android was designed to be open instead of safe, but that doesn’t appear to be exactly what the Google exec said. TechCrunch secured a transcript in English from Google on the Android malware-related discussion between Pichai and reporters. The executive apparently said the opposite, that Android is designed to be safe and secure, especially its latest versions, hinting that OEMs that ship dated Android versions on their devices may be partly responsible for any malware issues.
“Sorry, the premise of the question is because Android is open, it has more security issues? Respectfully, I’m not sure that’s a correct premise of the question. Open platforms historically undergo a lot of scrutiny, but there are a lot of advantages to having an open source platform from a security standpoint. I would argue that it’s the best way for a platform to be secure, because every researcher in the world can inspect it, every developer in the world can inspect it, and I think that contributes a lot to Android security,” Pichai said.
He continued, “Android was built to be very, very secure. The thing that you’re seeing is because Android is an open platform, many people can ship Android in many different ways, and so there are some partners when they ship devices, they have an older version of Android. And sure you can have a security vulnerability there, but that doesn’t mean Android isn’t secure. We go to great lengths–the depth of work in Android to make it secure; the depth of work done by Google Play… Google Play automatically scans and verifies thousands of applications for malware. We track data on this. It’s state of the art in terms of what we do. What you see across the ecosystem…people will ship good phones and keep them updated… you will have some phones that will not be updated. That’s where we see issues. Not Android at a fundamental level.”
However, those older versions of Android were still developed and released by Google, and the company has previously defended fragmentation in its Android ecosystem, even though now it’s trying to prevent it.
Pichai responded to a second question about security saying that “As long as you’re on a phone and able to update, Android is very very secure. It’s designed to be very very secure. I would go as far to say — open systems are far more secure. We do this on the browser side. Chrome is very secure. The fact that some things are open, by any stretch of the imagination, does not make it any less secure.”
While Google has continuously updated the security of Android over the years, there still are many devices that don’t actually run Google’s latest, more secure Android OS versions. Moreover, many Android devices out there have third-party app stores that aren’t controlled by Google and may be sources of malware apps. Only recently, the popularity of Flappy Bird encouraged developers to come up with plenty of clones, including malware-ridden applications.