Great Motorola Edge deal on Amazon!

Android security is still important, no matter what Google tells you

By
15comments
Android Editorials
This article may contain personal views and opinion from the author.
Adrian Ludwig speaking at Black Hat USA 2015 - Android security is still important, no matter what Google tells you
Adrian Ludwig speaking at Black Hat USA 2015

On Tuesday at the RSA Conference held in San Francisco, Android’s director of security, Adrian Ludwig, claimed that there have been no confirmed infections as a result of Stagefright, the massively publicized vulnerability uncovered in 2015, and that complex Android malware basically doesn’t exist. As a result, several popular publications have since run stories on how the whole threat of viruses on Android is overblown, with one even dropping the following gem: “With such low rates of infection, it makes you question whether such security flaws are ever worth worrying about?”

Well yes, they absolutely are.

Google is basing its claims on wildly incomplete data

But let’s start with the facts: as Ludwig claims, Stagefright has resulted in zero confirmed infections in the wild – data based on Google Play Services’ built-in malware detection. All that is good and well, except he conveniently forgets to mention the fact that Google Play is unavailable in a number of countries, most notably China, which also happens to be one of the biggest smartphone markets in the world.

So his claim that no Stagefright exploits exist is based on wildly incomplete data, which also just so happens to fit a “pattern” he noticed – this is military-grade disinformation at its best, and it coming from the head of security for the most widely used mobile OS in the world is downright scary.

But never mind the Chinese – what’s important is no Americans were infected, right? Except that’s not concrete information, either: Ludwig claims no confirmed cases exist, raising the possibility that there were, or maybe even still are, probable candidates. And let’s not even begin discussing the fallibility of Google’s malware detection, which has failed a numberof timesin the past.

Recommended Stories

Ludwig may be technically correct, but he's still missing the point

Ludwig did have a point, however: regular users needn’t worry about being hacked by elaborate means such as exploiting Stagefright or its brethren – phishing and adware are a much more common occurence, especially in the mobile world. So the everyday consumer is much more likely to infect themselves, due to their own stupidity and/or ignorance, rather than become an unwitting target of malware.

But this line of thinking is just simple misdirection: while users don’t have to worry about being hacked, the threat of hacking itself is still of great importance, and on a much larger scale to boot. As of a few years back, government officials in the United States are approved to use smartphones when handling classified data. To meet the required security standards, Android devices run specialized forks of the OS with a number of cut features, which presumably include Google Play Services. Or in other words: Google doesn’t have data on one of the biggest markets in the world and one of the most prolific targets of elaborate hacks.

The Qatari government's phishing tactics involved creating fake social media profiles - Android security is still important, no matter what Google tells you
The Qatari government's phishing tactics involved creating fake social media profiles
But it’s not just governments being hacked – the opposite is also just as true, and much more common at that. Just yesterday news broke out about a massive phishing operation targeting human rights activists in Qatar, which spanned multiple years and targeted hundreds of people. While this was, admittedly, a phishing attack rather than a malware-based one, it doesn’t discount the possibility of the latter being used for similar purposes, it just means nobody has been caught doing it yet.

As for the obvious question this poses: “Why should I care about Qatar?”, consider this: as of March 2015, it's officially the richest country in the whole world, and is also one of the biggest players in the oil industry. It’s also run by a laughably corrupt government with no regard for human rights, a trend which seems to be getting ever so popular these days. Autocracies like these have both the desire and the resources to exploit vulnerabilities like Stagefright, and use them against their opposition. And who’s to say there isn’t a treasure trove of undiscovered bugs stashed somewhere right now, waiting to get abused?

Yet despite all that, the big G has the audacity to claim worrying about security is meaningless. Well guess what, Google, it isn’t – even just a single successful exploit at the right place and time could be disastrous to millions of people, and it’s your job to protect everyone from it. So how about instead of conducting smear campaigns against security researchers, you try not leaving gaping holes in your code instead, okay?

Recommended Stories

Loading Comments...

Popular stories

Even longtime T-Mobile customers will have to put up with slow internet speed policy
Even longtime T-Mobile customers will have to put up with slow internet speed policy
Two more companies want FCC action against T-Mobile for interference from 5G
Two more companies want FCC action against T-Mobile for interference from 5G
The 51 million customers affected by the AT&T data breach are getting free protection for 12 months
The 51 million customers affected by the AT&T data breach are getting free protection for 12 months
Make your Galaxy fingerprint scanner unlock faster as Samsung fixes what One UI 6.1 broke
Make your Galaxy fingerprint scanner unlock faster as Samsung fixes what One UI 6.1 broke
Doesn't matter if T-Mobile, AT&T or Verizon, don't fall for the ring: How to stay safe in a world full of tricks?
Doesn't matter if T-Mobile, AT&T or Verizon, don't fall for the ring: How to stay safe in a world full of tricks?
iPhone users warned to disable iMessage temporarily to avoid getting hacked
iPhone users warned to disable iMessage temporarily to avoid getting hacked

Latest News

Verizon's Visible introduces annual plans with discounts up to 26%
Verizon's Visible introduces annual plans with discounts up to 26%
Comcast launches NOW, low-cost and prepaid brand for data, TV, and WiFi hotspots
Comcast launches NOW, low-cost and prepaid brand for data, TV, and WiFi hotspots
Apple tipped to reduce display size of iPhone 17 Plus
Apple tipped to reduce display size of iPhone 17 Plus
Google Photos working on an option to hide your downloaded memes and other UI tweaks
Google Photos working on an option to hide your downloaded memes and other UI tweaks
Hurry up and snatch Amazon's jumbo-sized Fire Max 11 tablet at its biggest discount yet
Hurry up and snatch Amazon's jumbo-sized Fire Max 11 tablet at its biggest discount yet
Memes of the week: Crazy Pixel leaks, OnePlus feels the heat in India, and more!
Memes of the week: Crazy Pixel leaks, OnePlus feels the heat in India, and more!
FCC OKs Cingular\'s purchase of AT&T Wireless