The risks of flexibility
Recently, news broke that on the Android Marketplace, there were a large number of innocent looking apps discovered like chess and Super Guitar solo that turned out to be malware. These apps were found to steal data off your phone and opened up holes in the device so that they could be exploited for other, malicious, purposes. Google is proactively working to fix the situation but that aside, this incident illustrates what can happen with such a flexible system like Android.
Often, a flexible system is touted as being great because you can do more with it. What is often overlooked is the level of damage that can be done if something goes wrong. In the case of Android, the devices that were hit had other, larger security holes exposed that put users’ personal data at risk of being stolen. While Google has managed to remove the offensive apps from their app store and the devices that are running the malicious apps, the underlying security issue still is still present in most Android phones out there and Google is still trying to work with carriers and customers to get those devices patched. Given how much control carriers have over what can and can’t be done on the system, it is unclear how long such an update will take.
Conversely, you have an approach like Apple and their iOS platform which is significantly more restrictive as to the range of apps you can have on it. Since the device restricts what you can do with it, even if it is compromised, the damage is much smaller. To date, there hasn’t been any known malware unleashed off of Apple’s app store despite being popular and around longer than Android. In addition to that, even if something major were ever to occur, Apple has deals worked out with carriers to force an update onto an iPhone in the blink of an eye.
What Google should have done is something more along the lines of what Apple did which is to have better damage controls built into their system. This should be the case with all systems that are deployed. The Microsoft model with Windows Update, while not perfect, works more cohesively with end users and the OEM’s that distribute their software.
