A lot of people bash Android for the lack of security and privacy in the platform. Google would be first to admit that it is complicated work securing a platform that was designed to be open source, after all. But for all its scares of bugs and malicious hackers and vulnerabilities, the mothership claims that major bugs – like last year’s Stagefright bug – have claimed little to zero Android users as victims.
Adrian Ludwig, director of Android security, spoke at this year’s RSA Security Conference and said that while Stagefright did put 95 per cent of Android devices at risk, there have been no “confirmed” cases of infections via the bug. This is a very strong claim, especially when you think that it was the Stagefright bug that ultimately pushed Google to start updating Android security on a monthly basis.
Ludwig says that this was also the case with big bugs before Stagefright – like MasterKey in 2013 and FakeID in 2014. He says that the infection rate went from one for every million users to as “much” as 8 for every million. “Most of the abuse we get isn’t interesting from a security perspective,” he said. “We see spamming ads for fake antivirus stuff but it’s really basic social engineering. Even if malware is installed it seldom involved privilege escalation, it primarily just downloads other apps.”
Ludwig is pretty confident in this – that making exploits for Android is pretty much just a major annoyance. But we just hope that malicious hackers out there don’t see this as a direct challenge. That would not be good for the users at all.
VIA: The Register