Google’s chief of security for Android Adrian Ludwig believes the hype over malware targeting the popular devices are overstated, and that the open architecture that allows anyone to develop and market an application is superior to more restrictive processes offered by competitors like Apple.
Ludwig made the statements at last week’s Virus Bulletin conference in Berlin, noting that data shows that only 0.001% of applications available pose any risk to users, data, or Android devices, and that the latitude granted developers furthers innovation.
“A walled garden systems approach blocking predators and disease breaks down when rapid growth and evolution creates too much complexity. Android’s innovation from inside and outside Google are continuous, making it impossible to create such a walled garden by locking down Android at the device level,” Ludwig said.
He compares Google’s approach to monitoring malware as akin to the role the Center for Disease Control (CDC) plays in public health.
“The CDC knows that it’s not realistic to try to eradicate all disease. Rather, it monitors disease with scientific rigor, providing preventative guidance and effective responses to harmful outbreaks,” Ludwig argued.
Ludwig’s assertions come on the heels of reports that a widely used Android mobile ad library could be leveraged to conduct attacks on potentially millions of users, having been downloaded more than 200 million times.
“These vulnerabilities when exploited allow an attacker to utilize Vulna’s risky and aggressive functionality to conduct malicious activity, such as turning on the camera and taking pictures without user’s knowledge, stealing two-factor authentication tokens sent via SMS, or turning the device into part of a botnet,” the researchers determined.