Platform said to be designed around openness

Google has defended the security effectiveness of its Android OS against criticism focused on the relative ease of gaining root access. An engineer on the Android Security Team, Nick Kralevich, points out that the company intentionally leaves the platform open to allow users to run their own customized boot images, however the Android method does not need to take advantage of security vulnerabilities.

"Legitimately gaining root access to your device is a far cry from most rooting exploits," Kralevich says in a post on Android evangelist Tim Bray's blog. "Traditional rooting attacks are typically performed by exploiting an unpatched security hole on the device. Rooting is not a feature of a device; rather, it is the active exploitation of a known security hole."

Kralevich highlights a list of security features that are said to be effective, including application sandboxing to prevent malicious code from affecting other applications. The OS also requires apps to declare permissions, while Google teams "aggressively fix" known security vulnerabilities.

Despite active efforts of Google's Android developers, the platform has faced several notable security issues. A malicious app, reportedly downloaded by millions of users, masqueraded as a wallpaper utility while collecting SIM card numbers, text messages, subscriber identification, voicemail passwords and other information. More recently, a developer discovered a significant data exploit that could have been used to steal information. Google was only able to patch the issue for Android 2.3, leaving earlier versions vulnerable indefinitely.

By Electronista Staff