The Macalope Daily: Guilty pleasures
Oh, little fishies. You are so tempting the way you swim around in that barrel. If it’s wrong to shoot you, then the Macalope doesn’t want to be right.
Some may call slamming an article from a year ago “claim chowder.” Others, “throwing someone’s words back in their face.” Others still, “a cheap shot.” But just because a shot is cheap doesn’t mean you shouldn’t still take it, right?
That’s a rhetorical question, by the way. We are so doing this.
Because imagine the Macalope’s surprise upon reading InfoWorld’s Galen Gruman say that Android is a malware cesspool—and users don’t care.
Wow, a cess pool? That’s the worst kind of pool ever!
Android smartphones are expected to reach about half the market by year’s end, surpassing iOS as the market leader in such devices. Android smartphones (and, tablets) are also among the least secure ones available, thanks mainly to the Android Market being full of Trojan horses and other malware masquerading as legitimate apps. Just this week, Google was revealed to have removed another dozen or so of such malware apps, months after they entered the uncurated Android Market.
Well. This. Is. Just. Shocking.
Why? Because the Macalope distinctly remembers being told by the brain trust over at PCWorld how Android security was better than iOS security. How could you have let us down, PCWorld?
(BLAM! Who wants trout?)
Whereas Android puts the user in control of evaluating an application’s requirements before it installs, Apple keeps that control for itself.
Now, just reading that you might assume that the Macalope pulled it from Gruman’s article. But he didn’t. That’s from the PCWorld piece by Katherine Noyes, who listed it as an advantage of Android. Seriously. She wrote that. You say “Oh, silly Macalope. You’ve got your tabs mixed up.” But, no, he doesn’t. See? Here’s Gruman pointing out the reality:
You can’t really lock down an Android device as you can BlackBerry OS or iOS. And the security mechanism that Google has bulit in to Android is easily defeated—by users, who happily give malware apps the permission the Android OS makes them seek to access information stored on the device as well as access to other apps on the device. “The user is prompted for that access by the OS, but clicks OK until he gets through” to the promised game or service, says Claus Villumsen, CTO of mobile security firm BullGuard.
And here’s Noyes riding an open-source pegasus through the clear, clean open-source air of OpenSourceLandia:
On the Linux-based Android platform, each application runs in a separate “silo,” unable by default to read or write data or code to other applications.
Well, unless there’s a bug. Gruman:
Worse, there’s an attack that circumvents these permission requests by using a hole in the mobile Chrome browser, he notes.
But the Macalope heard that Android is less likely to have bugs because of the power of Open Sauce! Noyes:
Among the many benefits of that openness is that the code underlying the platform is available for scrutiny by users and developers the world over. I don’t care how many people Apple’s team has; there’s no way their number could compete with that. The result? More “eyeballs” studying the code means problems are caught more quickly.
Uh-huh. Of course, bugs like this have happened in Safari, too, but it’s no Android advantage. The browser is probably the easiest vector for attack on iOS, and the browser is based on WebKit—which is open. Not to mention the fact that Apple controls delivering updates, including security fixes, on iOS, while updates on Android have to go through the carriers, which can be kind of a mess.
(BANG! Who likes catfish?)
Now, the Macalope normally wouldn't bother to go back and dredge up something like this, but Noyes made a point of continually linking to this piece as evidence of Android's security superiority.
Back here on Earth, despite the wishful thinking of open-source enthusiasts, iOS has turned out to be the most secure mobile OS, if not the most secure OS currently available on any kind of platform, period. That’s not to say it’s perfect. As Noyes repeatedly points out, Android has more granular privilege controls. But it more than makes up for that in the security provided by a curated App Store (even with its troubles) and Apple’s ability to deliver patches faster.
The Macalope’s an Apple enthusiast like Noyes is an open-source enthusiast, but he’s willing to say that Windows 7 is probably inherently more secure than OS X (although it’s more targeted). It’s not wrong to say how you hope the designs of a platform will give it an advantage, but you have to be honest when that doesn’t work out.
If you’re not a fan of barrel-fish-hunting, take heart. Noyes seems to have lost some of her love for Android (presumably as its open-source credibility has waned), which has the added benefit of getting her off the topic of Apple. For the sake of the horny one’s aching head, as well as the fabric of reality, this is probably a good thing.
[Editors’ Note: In addition to being a mythical beast, the Macalope is not an employee of Macworld. As a result, the Macalope is always free to criticize any media organization. Even ours.]