Who thinks your iPhone is not a secure device? Non other than Dr. Eric Schmidt (he’s not a ‘real’ doctor), Google’s former CEO, former Apple board member turned traitor and fired by Apple, and the guy Google’s founders kicked upstairs and out of the way.
The story kind of goes this way. Schmidt was asked a few questions during a recent business seminar and responded to the common refrain “Android is not secure” with a statement that defies belief.
Schmidt said, ‘Not secure? It’s more secure than the iPhone.” That response drew laughter from the audience of course, but it begs the question, ‘What the hell does he mean by secure?‘
It’s one thing for an executive to defend an indefensible position, but it’s something else again to admit to delusions of grandeur.
Alright, I want to be fair about this. What does ‘secure‘ really mean? And how does Android OS have more of it than Apple’s iOS?
As you might expect, Schmidt didn’t say, but I’ve been around Wil’s geeky friends long enough to pick up a few things regarding security nuances.
What Is Secure?
First, there are vulnerabilities. These are operating system susceptibilities or flaws for which an attacker may exploit. All operating systems have vulnerabilities, including Android and iOS. Somewhere, somebody keeps track of them.
Second, there are exploits which take advantage of known or unknown vulnerabilities in an operating system or application. That said, secure, as in security, can be measured many ways. As an example of the math, an operating system may have 10 known vulnerabilities, but 50 exploits taking advantage of them. While another operating system may have 50 vulnerabilities but only two known exploits.
Which is most important? Plugging all known vulnerabilities? Or, plugging up known exploits? I’ll go with what’s behind Door #2, Monte, because the damage, whatever it may be, comes from action, and that’s an exploit.
It’s apparent that Schmidt was referring to vulnerabilities vs. exploits. Some reports estimate that 90-percent of all known malware (which includes user interaction with trojans) on mobile devices come on the Android platform. What about iOS? Malware ranges between non-existent and trivial.
Was Schmidt lying? Is it lying if you believe it to be true?
Finally, Schmidt didn’t actually say the iPhone is not secure. He said Android was more secure than iPhone. But Android in the real world is not really secure, so, based on Schmidt’s law, the iPhone must not be secure, either.