Is Android’s Lack of Security About to Become the Common Wisdom?
Another week, another series of stories questioning the security, in one way or another, of the Android operating system.
It is appropriate this week to say “in one way or another” because there is a twist. The American Civil Liberties Union (ACLU) – an organization most often associated with advocating in favor of unpopular people or causes because it believes doing so protects the rights and freedoms of the rest of us – has filed a complaint and request for investigation about Android with the Federal Trade Commission.
The ACLU is not going after Android directly. It is claiming that carriers are not passing information to subscribers whose phones use the software in a timely fashion. This is how CNET reported on the filing:
The civil liberties group claims that AT&T, Verizon, T-Mobile, and Sprint are not doing enough to protect users' private and personal data -- specifically on Android devices. The gist of the complaint (PDF) is that these carriers aren't providing users with timely security updates, which the ACLU says is akin to "deceptive and unfair business practice."
The subtext here is the most important thing. Whether or not the four carriers are dropping the ball is important. What is perhaps even more important is that the group considered it necessary to call attention to Android in particular. This suggests the position that Android security is far dicier than it is for the other OSes.
This comes as no shock to folks who follow the field closely. Most experts feel that way. But the idea of a more general interest organization, such as the ACLU, making such a distinction clearly is a step toward a wider labeling of Android as an unsafe OS. That’s clearly bad news for Google, especially as concerns about the handling of data by Google and other technology companies grow.
Another piece of news that separates Android from the rest of the mobile OS pack is that Dennis (Liang) Xu, a graduate student at the University of California, Davis, assessed approximately 120,000 free apps from Android Play and found numerous dangerous security vulnerabilities in texting, messaging and microblogging apps. The press release says that the developers have been notified but have not responded to the team at the school.
Android also during the past few days received troubling security news from a security firm, which is a more familiar source of bad tidings. NQ Mobile reported that mobile malware increased by 163 percent last year compared to 2011. That’s bad. What’s worse for Android is that 95 percent of the threats last year were directed at its platform, according to eWeek’s report on the study. The firm said that the top three attacks are: app repacking, malicious URLs and smishing, or the phishing attacks carried via SMS message.
Android’s security – or perceived lack of security – may be breaking through to the audience beyond those who closely watch mobile device technology. A complaint from the ACLU is a big deal simply because it is an organization that is not generally concerned with such topics. The bottom line is that the ACLU could be a canary in the coal mine for the acceptance of Android’s inferior security as common wisdom.