Monday, 27 October 2008

Android vs iPhone OS - Is open source to be feared?

With the impending arrival of the T-Mobile Android G1 phone there has been plenty of discussion online regarding the merits of the open source nature of the Android OS versus the closed nature of the Apple iPhone OS.

There is an inherent fear in users of having their personal information stolen and used for nefarious means like emptying bank accounts and credit card fraud. As our mobile devices become more usable and gain functionality they also increase the amount of personal information stored and as such increase the number of ways that thieves can get at our personal details.

There appear to be lots of pros and cons being discussed however there is one that really caught my eye that being the idea that Googles open source approach to development has some inherent issues when it comes to information security and venerability to viruses. In a recent Cnet article there seemed to be a confusion bought about by a statement of comparison between the iPhones locked down nature and Googles Android wide open nature.

On the majority of these websites there is opportunity for readers to comment at the bottom and once you ferret through the usual fanboy rubbish you eventually hit some people who are voicing some perceived concerns. Things like:

"Let the viruses, trojans, spam, and porn begin! Has no one learned from Microsoft's example?"


"There is nothing wrong with 'openness'. However, Android frightens me a bit. The idea of leaving it open to developers for modifying the OS can lead to issues. For example, I wouldn't want a scenario where I find an app and download it to later find that it's malicious. And then, it will track or steal my personal data. To me, it's all about user security and privacy. Apple's approach, however, I'm in much favor of. Now, that's not to say that Google's approach is malicious or harmful to privacy. It's just more exposed and a bit more vulnerable. Whereas Apple's much more guarded yet, still retains it's 'openness' in a safe manner."

One of my old managers used to hit us with a line that has stuck in my head for a very long time and I try to remember it as often as is possible, "Perception is reality", meaning that regardless of actual fact, a persons perception is their reality.

Android touts its main selling point in that it's an open source OS, that anyone can develop and publish applications for it, and eventually it will be available for any piece of hardware. This is all well and good but it has left an opening to other vendors like Microsoft and Apple to point out that open source means a field day for hackers and thieves. A very brief search will quickly bring to light that this is not the case. Googleing "Android Security" takes you directly to this page which outlines the measures that Google has taken to protect their users from malicious elements.

"A central design point of the Android security architecture is that no application, by default, has permission to perform any operations that would adversely impact other applications, the operating system, or the user. This includes reading or writing the user's private data (such as contacts or e-mails), reading or writing another application's files, performing network access, keeping the device awake, etc."

This is a pretty clear statement and further reading of the structure of the Android approach to protecting their users leaves me feeling confident that I am going to be safe using it. However if we go back to the "Perception is Reality" idea then I personally can see an issue that Google should perhaps be highlighting in a more active manner, that being that open source does not mean an open field day on a users personal information.

Currently the thing that puts me off Apples iPhone, i.e. it's closed control freak nature, is the one of the main things that allow people to feel secure using it. If there is anything that Steve Jobs is a genius at it is altering and controlling end user perception and in my opinion Google should be taking a page out of his book and be working to remove any doubts instilled by their competition. Security in both their applications and on their devices should be something highlighted as a main feature not just mentioned in passing.

No comments:

Post a Comment