Pixel phones as secure as iPhones, claims Android head of security
“In the long term, the open ecosystem of Android is going to put it in a much better place,” said Ludwig in a short interview with Motherboard after this year’s O’Reilly Security Conference in New York.
At the conference, he the took the stage to explain “Android’s misunderstood security,” noting that Android’s SafetyNet API, which allows developers to build apps capable of analyzing the device they are installed on for vulnerabilities, helps scan “400 million devices per day.”
According to Ludwig, these daily scans, coupled with Android’s built-in exploit prevention measures, leavesmeans only a “small number” of Android devices may have “Potentially Harmful Apps” installed on them. Pointing at last year’s “Stagefright” vulnerability — a fairly deep-rooted exploit in the OS, dating all the way back to Android 2.2 Froyo — Ludwig said his team is yet to see a real hack based on this exploit.
Android 6.0 Marshmallow was patched against Stagefright, but is currently installed on just shy of 19% of all active Android devices, 18.7% to be exact, leaving the vast majority still vulnerable. Without directly addressing the severe state of Android fragmentation, Ludwig acknowledged that there’s still a lot to be done to improve update and security patching cycles which are dependent on carriers and/or manufacturers.
“We got quite a bit of work left to do to get to a point where that actually happens on a regular basis across the whole the ecosystem,” Ludwig said.
How this comes to be remains to be seen. Currently, at least Pixel owners have nothing to worry about, apparently, as a “Google Pixel and an iPhone are pretty much equal when it comes to security,” according to Ludwig.