Flawsome software: Making educated platform choices

The internecine warfare between Android and iOS continues to rage, leaving no one unscathed. This week brings another volley as researchers discovered a Major Flaw In Android Phones Would Let Hackers In With Just A Text.

Are you ready for some of the Macalope's patented faux surprise? Well, too bad, because here it comes.


Surely this can't be right. The Macalope distinctly remembers being told by The Huffington Post that Tim Cook's talk about iOS's security superiority was nothing but "inaccuracies" because Business Insider's Jim Edwards said Google had "demolished" Cook's case with an only slightly more nuanced response than "I know you are, but what am I?"

Seriously, this is a thing you can read on the Internet. No one knows why it's a thing you can read on the Internet, but it is. And the government continues to do nothing about it. Please sign the online petition.

"This happens even before the sound that you've received a message has even occurred," says Joshua Drake, security researcher with Zimperium and co-author of Android Hacker's Handbook. "That's what makes it so dangerous. [It] could be absolutely silent. You may not even see anything."

The Macalope is not a "security expert". He's not into "hacking culture". He doesn't "know" the "difference" between a "man in the middle" attack and a "smurf" attack. He's not "wearing" any pants or "taking" his medication. But he does know that that don't sound so good.

None of this is to say that iOS or OS X are flawless ivory towers of security. First of all, who builds a tower out of ivory? Uncool, bro. Elephants are people, too. Second, they both have flaws and Apple historically hasn't been the best about taking security seriously, although it's gotten better. But Android's flaws are compounded by the fact that users are much less likely to ever get vital security updates. It's probably not representative of any kind of significant movement, but this is what's driven at least one long-time user from the platform.

Google still has very little control over software updates, and Android users are basically at the mercy of their carriers and phone manufacturers when it comes to getting updates or new operating system versions. For example, it took Sony more than six months to push Android 5.0 Lollipop to its new line of Xperia Z phones, despite the fact that it had promised for a much shorter turnaround after Lollipop was released by Google.

Hey, you already bought the phone and signed the contract. What do they care? Who are they, your mother? The Macalope supposes you would prefer a little animated clown who would juggle over to the update and wink at you and install it himself. You'll never learn to stand on your own two feet if you aren't willing to code, compile and install your own security updates.

Here's the bottom line:


No, wait, that's not the bottom line. That's just a line. Possibly the thin line between love and hate. Hard to tell. These lines used to be labelled but the Macalope left them on the dash of his car and all the labels peeled off. Anyway, the horny one has a final point to make before getting to the bottom line.

It's OK to recognize that Android is worse on security than iOS and still get an Android device. Because -- surprise! -- each platform has its own benefits and drawbacks. Shocking, right? Who knew that we didn't live in a black-and-white world? Gary, was it you? Why didn't you say anything? Sharing, Gary. That's what it's all about.

iOS really is more restrictive. Android provides more hardware choice. Most iOS apps are better designed. Android is a toxic hellstew of vulnerabilities, the iTunes Store back-end is a toxic hellstew of impossibly complicated tasks. We could do this all day. But that would be a crappy way to spend a day. The point is, if you're supporting Android under the idea that it's more secure, you're simply wrong. The Macalope knows this drives open software proponents absolutely insane, but it's true.

Pick the things that important to you and go with the platform that better satisfies those requirements. But be honest. Much more for yourself than any other reason.

Bottom line.


Join the CSO newsletter!

Error: Please check your email address.

Tags The Huffington Posttim cookMacalopeiossecuritysmartphonesAndroidsoftwareoperating systemsconsumer electronicsGoogle

More about AppleDrakeGoogleSony

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by The Macalope

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Market Place