An Android Secuity Threat? A Self-Serving Answer

Is Google Inc.’s (NASDAQ:GOOG) Android operating system more vulnerable to security flaws than the Apple Inc.  (NASDAQ:AAPL) iPhone as Trend Micro CEO Steve Chang claims?  Who knows?

But that didn’t stop Bloomberg News from regurgitating Chung’s statement saying “Android is open-source, which means the hacker can also understand the underlying architecture and source code….We have to give credit to Apple, because they are very careful about” allowing developers access to its code.

The fact that Android is an open-sourced software isn’t exactly a secret as  that Apple guards its code like a fat kid guards his cake.  Anyone who has read anything about cell phones in the past year or so knows this as do any hackers with a brain cell. For its part, Google doesn’t hide from this fact either.

“We have made great efforts to secure the Android platform, but it is inevitable that security bugs will be found in any system of this complexity,” the Android site says. “Therefore, the Android team works hard to find new bugs internally and responds quickly and professionally to vulnerability reports from external researchers.”

That brings up the odd way some computer security researchers do business.    Some make vague accusations that a company’s products are not safe in the hopes that said company will pay them to make the problem go away.   Still others are hoping that the publicity for discovering new security flaws will help them drum up new clients.  It’s like throwing a brick through a window in someone’s house to advise them that glass shatters.  Regardless, the process is opaque and raises many questions.

For instance,  why now just as the iPhone 4 is due to launch on Verizon (VZ)?  Security issues about Android are not new.   In 2009, researcher Charlie Miller found a vulnerability that allowed “hackers to remotely take control of the phone’s web browser and related processes.”  SMobile Systems Inc. , an Ohio-based mobile security, issued a report in June questioning the security of Android apps which Google refuted. As Information Week noted, Google and Apple take different approaches to vetting apps.

“It’s fair to say that the iPhone app review process presents an opportunity for risk mitigation that Google’s Android Market doesn’t have,” the website says. “Apple spends a small amount of time vetting every iOS app submitted while Google relies on its user community to flag bad apples, so to speak.”

The iPhone maker’s website offers “Trend Smart Surfing for iPhone, iPod touch and iPad…  the first secure browser to provide enhanced Web threat protection for these devices.”   The app is free but the marketing boon associated with its ties to Apple is worth it.  Trend Micro also offers services for Android users. A company spokesperson declined to comment.

This is an argument that’s been heard before.   Seven years ago, Microsoft Corp. (NASDAQ:MSFT) tried and failed to convince corporate America that open source Linux was less secure than Windows.   The system now is used networks throughout the Fortune 500.

If Linux’s security issues can be overcome, so can Android’s.

–Jonathan Berr