Gartner Blog Network

Is Google Android The Same “Most Secure Operating System” That Windows XP Was Supposed to Be?

by John Pescatore  |  November 4, 2009  |  Submit a Comment

Eweek published a puff piece promoting the security of Google’s Android operating system that is starting to show up on some mobile phones. It read like a rip and read job from a Google marketing brochure:

1 – not really valid – we’ve said open source code gets more secure, more quickly but it is the security focus of the development cycle that determines if code starts out and ends up more secure.

2 – Running applications in multiple processes by no means guarantees that “no application gains critical access to system components”

3 – Starting from Linux does not guarantee a more secure OS.

4 – Access restrictions that somehow guarantee that applications won’t harm the user or touch sensitive data would be very nice. No evidence that they have actually achieved this.

5 – Code signing support, nothing new here, but a good thing.

6 – Total hogwash: “Google has shown time and again that it is focused on user security.” Not been true to date any more than any other software vendor.

7. – More hogwash – putting the bug reporting email address on your web site is pretty standard for every software vendor. I did a RN grading IT vendor web sites on this and other web site security pages over 5 years ago.

8 –  Sounds like the UAC feature in Windows Vista, which didn’t exactly prove to be effective, let alone popular.

9 – Not building a media player into the OS is a good thing, but the claims that “One of the most common ways attackers gain entry to a mobile phone is through audio and video running in a web browser” is a totally false strawman.

10 – “Google gets the web” is certainly valid, but so was “Microsoft gets the desktop” – Google certainly does have a good view of web sites and through acquisitions of security companies like Postini does have a good view of malware running out there.  However, talking with Gartner clients at our security conference and the recent Symposium I listened to many complaints from unhappy Postini customers since Google acquired them – it is not clear that Google actually “gets” how to secure the web.

Yesterday, I pointed out that “Transparency plus inspection is the friend of security, freshness not so much.”  This certainly holds true for Android – transparency and freshness, yes – inspection, not so much yet.


John Pescatore
VP Distinguished Analyst
11 years at Gartner
32 years IT industry

John Pescatore is a vice president and research fellow in Gartner Research. Mr. Pescatore has 32 years of experience in computer, network and information security. Prior to joining Gartner, Mr. Pescatore was senior consultant for Entrust Technologies and Trusted Information Systems… Read Full Bio

Leave a Reply

Your email address will not be published. Required fields are marked *

Comments or opinions expressed on this blog are those of the individual contributors only, and do not necessarily represent the views of Gartner, Inc. or its management. Readers may copy and redistribute blog postings on other blogs, or otherwise for private, non-commercial or journalistic purposes, with attribution to Gartner. This content may not be used for any other purposes in any other formats or media. The content on this blog is provided on an "as-is" basis. Gartner shall not be liable for any damages whatsoever arising out of the content or use of this blog.