Default or 3rd Party Mobile Security?
The devices I use make me think of the protection I will need for them. I use a Nexus 7 tablet (in stock condition) and a Galaxy Nexus (that is FAR from stock condition). They are both mobile devices that can be lost or stolen, they can also be victim to ill intended code (AKA Malware, Trojans). It’s believed that as of NOW, all of the mobile operating systems are using some version or component of Linux.
Linux in its history has been a platform that is opened sourced, with the ability of having a community operating system reviewed by anyone who wants to look into it. From IOS with its BSD components, to Windows having its CE components, of course Android is 99% open source (Google services are the elite 1%, ask IOS 6).
The difference obviously is that Android is the only operating system that’s released to the general public ‘open’, then can be dissected and taken apart piece by piece. IOS is handled in house then released as a closed software suite for you to use, but not pick apart and tinker.
However, having an open ‘enough’ layer that allows some intelligent individuals to obtain exploits on the system and ‘jail break’ it, users of IOS of course can use the platform in an ‘open’/albeit, limited manner (based on drivers and its proprietary nature). Windows was similar as it had components of the operating system that could be manipulated to run in a different manner.
I think back to Windows Mobile…it made me feel how I do now with Android. Except Windows had a special link to the real world, in that, the primary desktop computer is running Windows. With SPB shell or the newest flavor Rom on XDA for whichever device I used, I could make my phone seem “new” daily if I desired.
The issue of course being…’opening’ my device up was the equivalent of leaving my car’s trunk open, in a busy urban area with a high crime rate. Not that bad things are always going to happen…but it could.
For Windows Mobile, I didn’t worry about security as much simply because smart phones were so new to the average hacker. There was always that concern when loading a Rom that the creator of the Rom could have something in there…but that was stymied by having ‘user verification’. If you were a good Rom developer, with a high download count and communication in the forums you were good.
That rule still applies and is a good basis to start, but it’s better to be safe then have the contents of your SD card or your contact, SMS or emails dumped on some sick person’s server.
This applies to all of the mobile operating systems. Bad guys are always trying to hack for gain and the mobile front is the new battle ground. From SMS exploits that effect iPhones whether or not they are jail broken. Or browser exploits within the default Safari or Internet Explorer browsers. The open nature of Androids Play store is an entry point as well for bad guys.
The fact is, right now we are kind of ok…we have the inbuilt network security from the cell provider. We have the Android Bouncer app checking for ill-intended code. IOS of course is a closed ecosystem only having to worry about browser and SMS exploits, which are not as popular yet. Windows Phone (pre-October 26, 2012), has limited benefits to the average bad guy because of its lack of gaining market share. But the new Kernel being introduced shortly could change the mobile threat to Windows.
Having the facts, are Third Party security solutions the future? It would seem the more eyes we have on the, almost looming, mobile security threat the better. With an open approach to security Android has a leg up on the competition.
There are hundreds of thousands of Android Developers and any security company can simply look at what’s going on with the code. With full/fair disclosure, Android can constantly improve its security at a faster pace then closed operating systems.
I know its lot of more intelligent people out there than me, whom can weigh in on this subject. Hope to hear from you in the comments section.