When it comes to security, Android is the new Windows

For decades, it’s been conventional wisdom that Windows PCs are more vulnerable to attacks and malware than computers running the Mac OS. There’s been some argument over whether that was primarily due to inherent, structural security weaknesses or simply because Windows’ dominant market share makes it a bigger, juicier, more lucrative target for hackers.

Whatever. There’s plenty of truth to the thought that Windows was more vulnerable than Macs, especially with earlier versions of the Microsoft operating system.

But even as Windows security seems to be improving, the rise of mobile computing means the Windows/Mac security rivalry is no longer top of mind for many people. The biggest issue now concerns mobile security on iOS and Android devices, and once again Apple’s (relatively) walled garden appears to create a safer world than the more open environment of its more popular rival.

Also on Network World: Security apps you need on your new Pixel

This month alone, for example, a number of Android security concerns and incidents have underscored the perception that Android devices are more at risk for security problems than other mobile operating systems.

The highest profile issue?

Mobile security company Kryptowire claimed that up to 3 million cheap Android devices have a firmware backdoor that sends text and call logs, as well as location data and personally identifiable information, back to China on a regular basis without telling users.


If that’s not bad enough, IT security company Fortinet discovered a new Android banking Trojan that pretends to be an email program and “tries to hinder some antivirus mobile apps and service utilities, preventing them from launching.”

Double yikes!

And here’s another one: The November Android security patch didn’t fix the recently discovered Dirty Cow vulnerability on all devices, though Google promises a complete fix in December. The flaw has been around for years, researchers say, though it came to light only in October. Oh, and did you know you can use Android malware to steal a car? A Tesla no less?

Still, these issues haven’t stopped Google from claiming that Android is just as secure as iOS.

Adrian Ludwig, the director of security at Android, recently told Motherboard: “For almost all threat models, they are nearly identical in terms of their platform-level capabilities,” adding that Android’s open model will help it become more secure than iOS over time. (I wouldn’t hold your breath, though. Android has already been around for eight years.)

Apple has security issues, too

Perhaps Ludwig is predicting that iOS will soon sink to Android’s level when it comes to security. After all, iOS endured its own security scandal this month when The New York Times reported that “hundreds of fake retail and product apps have popped up in Apple’s App Store in recent weeks.” These fake apps, which resemble real ones from top brands, could steal credit card information or install ransomware, the Times wrote. That’s not supposed to happen in the lovely walled garden of Apple’s heavily curated App Store, but apparently Apple can’t keep up with the flood of apps to make sure they’re all legitimately associated with the brands they supposedly represent.

Nevertheless, it’s clear that like Windows back in the day, Android is now becoming the world’s top target for malware, hackers, phishing and other attacks. Security practices have come a long way since the 1980s and 1990s, but so have the bad guys. We’ll have to see who ends up winning the latest battle in the never-ending battle of warding off the online bad guys.