For posterity’s sake, I’ve collected a few choice quotes from Google’s security team and sprinkled a handful of security stories in between.
I hope you find it interesting reading.
We’ll start off by jumping back in time to 2011, when Chris DiBona had a bee in his bonnet…
Google staffer Chris DiBona posted a rant on Google+, sharing precisely what he thought of the anti-virus industry and its products:
“Yes, virus companies are playing on your fears to try to sell you bs protection software for Android, RIM and iOS. They are charlatans and scammers. If you work for a company selling virus protection for Android, RIM or iOS you should be ashamed of yourself.” - Chris DiBona, Open Source Programs Manager, Google.
Over 100,000 Android users download a fake BBM app from the Google Play store.
The official launch of BBM for Android is delayed, as dozens of fake BBM apps are found in the Google Play store.
Security researchers looked at over 600,000 apps available for download from the Google Play store - and were depressed to find that many were being reckless with users’ privacy and security.
An anti-virus app, somehow makes it to the highly-prized position of #1 new paid app in the Google Play store, despite being utterly fake. A detail not spotted by Google.
Despite virtually all mobile malware targeting Android devices, the operating system’s security head tells the Sydney Morning Herald that Android users don’t need anti-virus protection.
“I don’t think 99 per cent plus users even get a benefit from anti-virus. There’s certainly no reason that they need to install something in addition to [the security we provide]” - Adrian Ludwig, lead engineer for Android security at Google.
In the same interview, Ludwig declares that users shouldn’t need to worry about apps they download from the official Google Play store:
“By the time a user goes to install an app they’ve had … the best review of that application that is possible”
The web browser built into Android 4.3 and earlier has many security issues, but Google said it wouldn’t be patching it anymore. An estimated 930 million users were running Android 4.3 or earlier.
“..in some instances applying vulnerability patches to a 2+ year old branch of WebKit required changes to significant portions of the code and was no longer practical to do safely.” - Adrian Ludwig, lead engineer for Android security at Google.
Google confirmed to CNET, that Ludwig’s opinion was the company’s official position.
Security company Avast warns Google about malicious and fraudulent apps in the Google Play store, some of which have been downloaded more than five million times.
5000 new Android malware samples are being discovered every day, claims a report from security firm G Data.
Google announces that it will start to issue monthly security updates to Android users, in response to critical vulnerabilities such as Stagefright and another flaw that can render an Android phone “apparently dead – silent, unable to make calls, with a lifeless screen.”
“We’ve looked at the events of the last few weeks and realized we need to move faster, and that we need to tell people what we are doing” - Adrian Ludwig, lead engineer for Android security at Google.
Samsung says it will also adopt a similar patching schedule.
It’s good to see Google becoming more proactive about Android security - as historically Android owners have suffered due to a lack of updates and proper support.
Let’s hope things are going to get better from now on - both in terms of keeping the Google Play app store free of malicious apps, and also ensuring that hundreds of millions of users get the security patches they deserve.
If you have any other quotes or incidents that you think the timeline would benefit from including, please leave them as a comment below - and I may update the article. Thanks!