Pixel phones as secure as iPhones, claims Android head of security

Android phones are just as secure as iPhones, director of security at Android, Adrian Ludwig, claims, as long as they receive timely security patches. This, of course, means that the Google Pixel, Pixel XL, and the handful of other Android phones receiving regular updates are probably as secure as iPhones, and not the OS system as a whole. Phrasing!

“In the long term, the open ecosystem of Android is going to put it in a much better place,” said Ludwig in a short interview with Motherboard after this year’s O’Reilly Security Conference in New York.

At the conference, he the took the stage to explain “Android’s misunderstood security,” noting that Android’s SafetyNet API, which allows developers to build apps capable of analyzing the device they are installed on for vulnerabilities, helps scan “400 million devices per day.”

According to Ludwig, these daily scans, coupled with Android’s built-in exploit prevention measures, leavesmeans only a “small number” of Android devices may have “Potentially Harmful Apps” installed on them. Pointing at last year’s “Stagefright” vulnerability — a fairly deep-rooted exploit in the OS, dating all the way back to Android 2.2 Froyo — Ludwig said his team is yet to see a real hack based on this exploit.

Android 6.0 Marshmallow was patched against Stagefright, but is currently installed on just shy of 19% of all active Android devices, 18.7% to be exact, leaving the vast majority still vulnerable. Without directly addressing the severe state of Android fragmentation, Ludwig acknowledged that there’s still a lot to be done to improve update and security patching cycles which are dependent on carriers and/or manufacturers.

“We got quite a bit of work left to do to get to a point where that actually happens on a regular basis across the whole the ecosystem,” Ludwig said.

How this comes to be remains to be seen. Currently, at least Pixel owners have nothing to worry about, apparently, as a “Google Pixel and an iPhone are pretty much equal when it comes to security,” according to Ludwig.

source: Motherboard



1. HugoBarraCyanogenmod

Posts: 1412; Member since: Jul 06, 2014

As secure as, This tell me that both security level is equally bad and vulnerable.

19. Unordinary unregistered

"Ya, maybe for known vulnerabilities on phones that receive constant updates. However, the iPhone has a much more “hardened” and (ironically) more transparent architecture. Apple has published an extremely detailed layout for its security services including key management during every operation, cyphers used and sources of entropy, explanations for how they preserve secure erase functions despite hardware-based wear-leveling in flash chips, how secured portions of memory are kept out of “swap” or “paging” files, etc, etc, etc. Just look at how Qualcomm’s Trustzone (that secures Android FDE) still has its keys available to software by design (They even patched a recent bug that let you exfiltrate the keys from a locked device). Apple set up their hardware so that the equivalent keys *never* get passed into software, making the system much more robust against attacks or bugs by design. Under review of the wider security community, Apple had to fix a few bugs or poor design choices, but thats the point of transparent review. In this one area, Apple has been significantly more open and transparent than any Android manufacturer I’m aware of, and it seems disingenuous to simply *claim* that Android matches them without giving us the proof to check for ourselves."

2. kiko007

Posts: 7500; Member since: Feb 17, 2016

That thumbnail says it all.....

4. RebelwithoutaClue unregistered

Not really, since Android 6 was patched against SF and the Pixel runs 7.1. So SF isn't an issue on the Pixel. Not claiming the Pixel is indeed as secure as the iPhone, but they come a very long way

5. kiko007

Posts: 7500; Member since: Feb 17, 2016

True that. Like Sissy said, there isn't a "secure" smartphone in existence. As long as they fix any security issues that arise, it's fine.

25. Scott93274

Posts: 6040; Member since: Aug 06, 2013

All I know is that Android phones weren't susceptible to the java script code that was linked to on Twitter last week that forced iPhone to repeatedly call 911 over and over again last week. Both platforms have their own flaws, It's just nice to know that the Pixel, like the Nexus before it, will get updates straight from Google eliminating any third parties from getting in the way of security updates.

23. Macready

Posts: 1824; Member since: Dec 08, 2014

Even Android 4.0 already has measurements battling the Stragefright security holes. 4.1 took that a few steps further, 5.1 again and it's just that 6 took it far enough to call it a non issue at that point. Phones predating 5.1 are slightly at risk, the ones running version 4.0 or older have serious risks. The latter group accounts for about 3%.

24. Macready

Posts: 1824; Member since: Dec 08, 2014

And I forgot to add that some of the older versions have received manufacturer patches to battle the risks. For example, even the more than 4.5 year old S3 running Android 4.4 received patches.

11. marorun

Posts: 5029; Member since: Mar 30, 2015

see post 10.. you had the same vulnerability for years on ios device but thanks to apple rules no one could talk about it until its patched. False sense of security!

3. sissy246

Posts: 7124; Member since: Mar 04, 2015

No phone is secure.

6. trojan_horse

Posts: 5868; Member since: May 06, 2016

That's technically correct. But, it isn't debatable that there are phones which more secure than others, no?

12. Dr.Phil

Posts: 2432; Member since: Feb 14, 2011

It's also what you define as being secure. If you mean a device that is immune from external viral attacks then the Pixel phone may indeed be as secure as the iPhone. However, if you mean Google collecting user data and being able to turn that data over under a FISA warrant by the FBI or law enforcement, then I would say no they are not secure at all. Google servers have been a part of the PRISM program by the NSA for years.

15. marorun

Posts: 5029; Member since: Mar 30, 2015

easily 90% of iPhone user use some google service btw. also most ppl use Facebook and they are also part of PRISM. So plz stop with those crap :) No one information is safe unless like me you dont use those service at all. I might have a android phone but the only thing i use gmail for is to get apps. I dont use google to search. Dont use Facebook or any others similar product. So my information is in fact more secure than most as they are not on my phone! but on my exchange server wich is hosted in my own server at my office and not on the cloud.

20. kiko007

Posts: 7500; Member since: Feb 17, 2016

"easily 90% of iPhone user use some google service btw." Source? None? Alrighty then.... "also most ppl use Facebook and they are also part of PRISM" Sources? None this time either? "I might have a android phone but the only thing i use gmail" I hate to be that guy, but you do know that gmail permissions give access to several avenues of information OUTSIDE of the app, right? "So plz stop with those crap :) No one information is safe unless like me you dont use those service at all." Hahahaha XD.

31. sissy246

Posts: 7124; Member since: Mar 04, 2015

Oh no I have to agree with you to a point. I don't use FB or any of the others at all. The app is disabled on my phone. If I want to talk to someone I call them.

22. Dr.Phil

Posts: 2432; Member since: Feb 14, 2011

What people send and receive over Facebook is not the same thing as information sent and received through personal messages on your phone (unless you send personal information over Facebook messenger or Google Allo or something like those services). I mean we are talking about people's private conversations, not stuff they want to share with the world. So, no, it is not the same thing. I may tell the world about my new dog, but I'm not about to tell the world about a private medical condition that I'm discussing with a close friend. See the difference? And Google has been very forward about saying that the Pixel device uses Google services throughout the user experience, which goes beyond using one or two Google apps on your iPhone. And, as I said, if you are saying that a device is secure because it protects against hackers or viruses then yes the Pixel is probably secure. However, if you are the type that is worried about what information the government or possibly foreign governments have on you, then I would say it's not that secure.

7. jellmoo

Posts: 2620; Member since: Oct 31, 2011

If security is a high concern, the Dtek60 is likely your top choice. Pixel devices are likely a (relatively) close second.

14. Subie

Posts: 2384; Member since: Aug 01, 2015

Seeing as how there still are BB10 phones like the Passport for sale I would pick those as the winner of security. Sadly going forward they won't be an option anymore. If it's just the Android ecosystem your talking about then you are absolutely correct as long as Blackberry keeps up their fast security software support. How they dealt with quad-rooter really impressed me! http://www.phonearena.com/news/BlackBerry-first-to-patch-QuadRooter-Priv-and-DTEK50-are-no-longer-vulnerable_id84156

16. marorun

Posts: 5029; Member since: Mar 30, 2015

Bitdefender antivirus had the quadrooter vulnerability blocked like 2 day after its came out on the news. So any android phone with bitdefender is as secure as the like of Dtek50 ect.

27. Subie

Posts: 2384; Member since: Aug 01, 2015

Good info, but it still doesn't patch your phone's vulnerability. I think I'd still prefer a firmware patch as opposed to having to run third party software. Not to mention that it will use up extra data while it's running, and may hinder browsing speeds for some.

8. emmawilliam834

Posts: 241; Member since: Feb 09, 2016

Android will surpass iOS one day

9. trojan_horse

Posts: 5868; Member since: May 06, 2016

"Android will surpass iOS one day" That day has already passed. Android has a lower vulnerability rate that iPhones. http://www.businessinsider.com/study-finds-iphones-more-vulnerable-than-android-phones-2015-11 Though iOS is quicker that Android in getting patched from vulnerabilities, iOS gets patched through an entire iOS firmware update, while Android gets patched via just a software update.

17. marorun

Posts: 5029; Member since: Mar 30, 2015

also on android you can use bitdefender antivirus and anti malware. protect against all those vulnerability and get patch like 1-2 days after the vulnerability are out in the open.

28. Trex95

Posts: 2383; Member since: Mar 03, 2013

And Android nought 7.0 only run on 1% of Android phones.

10. marorun

Posts: 5029; Member since: Mar 30, 2015

love the picture they put. Stagefright... you mean this security hole thats permit hacker to hack you with a picture on a website or sent to your phone? The same vulnerability thats existed on all ios product until the latest patch thats fixed it? Sure Stagefright was cried out loud on all tech website but funny there was much less fanfar about the same vulnerability in iPhone. Thats create what we call a false sense of security. On android you know you need to be careful so if you have a minimum of brain you never get any issue ( past 6 year never i had security issue on my android phone because i take the time to put the best anti virus and malware called bitdefender its even protect against stagefright lol ) On iPhone you think you are invincible but you are not lol got clients thats got malware from the app store ( yep apple remove them fast and has very good filter but there is still some thats get tru and as no one use antivirus on ios device... you are vulnerable! )

13. palmguy

Posts: 982; Member since: Mar 22, 2011

Doesn't a software update(in the past to Nexus devices) come quicker than a once a year firmware update(iOS)?

18. marorun

Posts: 5029; Member since: Mar 30, 2015

ios is updated much more often than android thats a fact. but android have antivirus thats get updated even more and faster than any OS is. get bitdefender on your android device and say bye bye to vulnerability and others crap like this.

21. kiko007

Posts: 7500; Member since: Feb 17, 2016

For the guy who keeps spouting bs about Android antivirus apps, read this:https://www.extremetech.com/computing/104827-android-antivirus-apps-are-useless-heres-what-to-do-instead

29. Trex95

Posts: 2383; Member since: Mar 03, 2013

Apple knows how to written there OS.

30. a1awan

Posts: 40; Member since: Feb 26, 2014

So basically every smartphone OS have holes and breaches which makes data vulnerable UNTIL they are closed? That means if a security hole is abused and exploited and the intruder takes what he wants (ie the damage is done and complete) does it then help the victim? Isn't that a kind of self betrayal?

Latest Stories

This copy is for your personal, non-commercial use only. You can order presentation-ready copies for distribution to your colleagues, clients or customers at https://www.parsintl.com/phonearena or use the Reprints & Permissions tool that appears at the bottom of each web page. Visit https://www.parsintl.com/ for samples and additional information.