Did Sundar Pichai really say that Android was not designed to be safe?
If you've been watching the news today, you probably saw some headlines concerning some answers that Sundar Pichai gave at Mobile World Congress this week. We covered the story earlier, because Pichai confirmed that a Nexus 6 will be on the way in the second half of the year, and talked a bit about Samsung as well. However, some are reporting that Pichai said that Android was not designed to be safe, which you might think is a bigger headline, assuming that's really what he said.
Here's the full quote from Pichai:
We cannot guarantee that Android is designed to be safe, the format was designed to give more freedom. When people talk about 90% of malware for Android, they must of course take into account the fact that it is the most popular operating system in the world. If I had a company dedicated to malware, I would also be addressing my attacks on Android...
When we reported the story earlier, the section of the quote that we focused on was the second part where Pichai said that because Android is the "most used operating system in the world", it makes sense that malware attacks would be focused on Android. That's what we reported because that was the story. But, some are focusing on the first part of that quote, and we think they are sensationalizing the quote a bit.
Many are paraphrasing Pichai as saying that Android is not designed to be safe, it is designed to be open. We can't help wonder if that reading of what he said is taking the words, not the meaning. It seems that Pichai is merely stating that Google can't guarantee that Android is safe, just like any company can't 100% guarantee something like that. Google has often pointed out the various ways that it is working to keep Android users safe, including various forms of malware scanning both in the Google Play Store and on devices with the Verify Apps service. Google has said that because of this combination, less than .001% of malware actually gets a chance to attempt an attack. And, a new report is saying that Verify Apps will soon offer continuous background monitoring.
The existence of the Verify Apps service does point to one of those "open" features that Google prides itself on with Android: sideloading apps. The Verify Apps service is mostly there to scan sideloaded apps, because Google already has similar features in the Google Play Store to catch malware before users download and install it. This alone would suggest that the headlines have been sensationalized, because this key feature gives control to users, and when you give control to users on something as fundamental as installing an app, you can never guarantee the safety of a platform. Google can do all it wants to protect users, but no one can be protected from themselves.
But, what if what Pichai said is exactly what others are portraying? Maybe Pichai meant exactly what he said: Android itself isn't designed to be safe... but Google Play services is, so you'd best be using an Android device with Google Play services if you want to be safe. We may never really know the answer to that, but it is an interesting question.
There have been consistent rumors that one of the reasons that Larry Page chose to make Sundar Pichai the head of Android and replace Andy Rubin is because Pichai is much more forceful and able to make deals that others can't. Part of that skill is in how you present yourself and your product. Since Pichai took over, there has been a much bigger push of Google services. Google Play services has been updated quite frequently with a ton of features; Google Apps have continually taken over stock Android apps (like the G+ Photos app and the Google Now Launcher); and, Google has set up new rules to enforce faster software updates by manufacturers and newer software at launch.
That last one is especially interesting. It is rumored that there is a new requirement in order to qualify for Google Mobile Services (Google Play and Google Apps), which states that a new device has to launch with a certain level of Android. For example, as of April 24th a new device has to launch with Android 4.3 in order to qualify, and as of July 31st, a new device will have to launch with Android 4.4. This is a great way to get devices on the market that start out with the newest Android software possible, but it could also backfire and lead to more devices launching without Google services.
And, there are the forks to consider as well. Amazon is the biggest in the U.S., Xiaomi runs a fork of Android that is very successful in China, and of course Nokia recently announced its own fork of Android that trades in Google services for Microsoft cloud services. None of those devices have Google Play services, so wouldn't it be a pretty interesting move if Pichai is actually taking aim at those forks with this comment? If Android isn't designed to be safe, those forks of Android are inherently less safe than a device with Google Play services.
That would be a very risky way to play it, especially since Pichai didn't make that distinction, which makes it sound as though Android as a whole is less than safe. But, Pichai has been working to put Google at the forefront as well as to make Google Play services a much more valuable set of features than just access to Google Apps and the Google Play Store. We'll have to wait and see if there are any more interesting quotes like this.
Of course, maybe the quote is being misrepresented all around the web. There are quite a lot of assumptions to be made in order to arrive at the second way of reading Pichai's quote, so Occan's Razor would say that it is much more likely that tech blogs want to drive more traffic. What do you guys think? Is it sensationalism or is Pichai taking aim at non-Google Androids?