David Kleidermacher, Google’s head of security for Android, Google Play and Chrome OS, has said that his team has been hard at work to make Android bugs a thing of the past, while adding that Android is now just as safe as the competition (via CNET). Considering that Android’s main competitor is the iPhone, Google seems to be making a pretty big claim.
In its recently published annual Android Security Report, Google notes that Android security has made “a significant leap forward in 2017 and many of our protections now lead the industry”. According to Kleidermacher, Android flaws have become harder for researchers to find and that Android OS now protects users from any malicious software.
Google’s security report also notes that the company is paying freelance bug hunters more money per flaw, which means it’s harder to find the flaws to begin with.
“As Android security has matured, it has become more difficult and expensive for attackers to find high severity exploits,” the report says. In other words, the low-hanging fruit is gone. That was reflected in the results of a major annual phone hacking event, Mobile Pwn2Own: In 2017, good-guy hackers didn’t win rewards for any core Android flaws.
“As a global, open-source project, Android has a community of defenders collaboratively locating the deeper vulnerabilities and developing mitigations,” the report says. “This community may be orders of magnitude larger and more effective than a closed-source project of a similar scale.”
Kleidermacher also noted that Google has come a long way in getting phone makers to provide regular updates, and that it’s going to improve further in 2018.