th.jpeg

Secure by design is not a motto Google is likely to be taking up anytime soon. Almost the same time Apple was documenting its commitment to, and methods of security as a priority, The Android chief was explaining that freedom, not security was the real consideration. Appleinsider wrote an excellent piece on the subject that I highly recommend:

Apple touts secure design of iOS as Google chief admits Android is best target for malicious hackers

Speaking at Mobile World Conference, Google's new Android chief Sundar Pichai admitted that security plays second fiddle to "freedom" in the design and implementation of Google's mobile operation system, exposing Android users to an overwhelming, disproportionate share of malware vulnerabilities...

When asked about Android's malware problems, Pichai (the Chrome OS executive who replaced Andy Rubin as the head of Google's Android development early last year) answered by saying that Android is not really "designed to be safe" but rather to provide "freedom."

His comments, reported by French site Frandroid.com translated: "We do not guarantee that Android is designed to be safe; its format was designed to give more freedom. When they talk about 90% of malicious programs for Android, they must of course take into account the fact that it is the most used operating system in the world. If I had a company dedicated to malware, I would also send my attacks to Android."

The excuse Google provided was more of a swipe at Apple than a reasonable defense. It is the same excuse Microsoft gave back in the day. Both companies are saying that Apple is only more secure because it is a smaller, less attractive target. The term is "security by obscurity". They are suggesting that a big target cannot be secure, and that Apple is not really doing anything to make their system more secure than anyone else. These are lies.

Big targets can be secure. Want gold? There is no bigger store of it than Fort Knox. The nation's gold is still there, still safe. America is a big target with a lot of well-funded, highly motivated enemies. We're still here. The Mac was not more secure than Windows because it was small, at least, that is not the only reason. For a while, Microsoft was extremely caviler about security. They made Windows vulnerable by criminal neglect and arrogance. Security was simply not their priority. 

In the iOS age, no system has been more secure. Despite useless marketshare numbers, there is no bigger target than iOS for the same reason people rob banks: That is where the money is. iTunes is the Fort Knox of the digital world. It contains more credit cards on file than any other repository, except maybe for a bank. Touch ID is a nice, juicy target. Come and get it! Malware coders are not attacking the biggest targets or the richest targets. They are attacking the easiest targets. 

Google knows that there is a balance between security and freedom. As one increases, the other decreases. One must choose which is more important. Google has made a conscious choice to designed for freedom rather than security. The reason might have to do with their business model. You cannot monetize secure information. Google is about monetizing your personal information and activities on the web. Securing that for users means locking themselves out. 

Apple's model is about making cool things and selling them to you for a fixed price. The services they offer are designed to make their hardware more attractive. When you are more secure, Apple sells more products. Apple does not make a penny by mining the contents of your email, messages, and documents. It does not benefit them when third-parties gain such access. Security is a matter of business models and incentives. Apple is incentivized for maximum security. Google is incentivized for the opposite extreme. It has nothing to do with the number of activations per quarter. 

David Johnson

 

Comment