Recently, Chris DiBona published a comment (or blog or whatever it is) at Google+ bashing at a lot of companies and people in the industry. He starts with "people claiming that open source is inherently insecure and that android is festooned with viruses because of that and because we do not exert apple like controls over the app market." Further down he claims that no major cell phone has a virus problem like Windows or Mac machines. There are some other harsh statements in the article, especially about vendors in the security space being charlatans and scammers.
Not surprising that there has been a flood of press releases and other types of responses by vendors of anti-virus, anti-malware, and other types of security tools.
If you look at the facts, then from my opinion some things are evident:
- Every type of software is potentially insecure - that includes closed source and open source
- There are better and worse approaches to deal with security flaws - and that doesn't relate to software being open source or not
- There is malware attacking Android devices and the number of known issues is growing
- There are different approaches to marketplaces like the ones for Android and iOS - however even open marketplaces could use independent test and certification approaches increasing security
- Yes, vendors are trying to earn money with security solutions for mobile devices and there is marketing in
I personally believe that its worse to play down security issues than trying to identify and address the issues. And if someone uses the wrong term (like "virus" for something that isn't a virus), OK - that happens and virus is sort of a term used commonly wrong. But it doesn't change the fundamental facts: There are security risks for mobile devices. Thus users have to react. Oh, and by the way: I thought we ended these religious "open source or not" discussions at least five or ten years ago. There is no value in these discussions. There is only value in providing better software.
And when talking about Android, looking at the way it uses information I just can state that it is not the best example for "fair information practice" (carefully spoken). Information security is not only about malware and the likes, it is about the way systems deal with information overall. With respect to the way Android deals with GPS locations, SSIDs of available WLANs, and other information, just have a look here (to give you just one example, there is more to be found at YouTube). So again, Google: Do your homework first before you start bashing at others.