Apple [AAPL] marketing chief, Phil Schiller, sent a clear message to smartphone users everywhere last night, when he shared a report that clearly shows that when it comes to security, digital nomads who want to stay safe should get an iPhone.
Be safe out there: f-secure.com/static/doc/lab…— Philip Schiller (@pschiller) March 7, 2013
Safety in numbers?
Posting on his Twitter account yesterday, Schiller advised followers, "Be safe out there", accompanying the exhortation with a link to the latest edition of the F-Secure Mobile Threat Report, which summarizes the huge security difference between iOS and Android devices.
The F-Secure report claims around 96 new forms of Android malware were identified inQ4 2012, that's double the number found in the preceding quarter. It gets worse: the company's threat assessment rates Android at 79 percent in 2012 in contrast to 66.7 percent in 2011.
That trend seems pretty clear: The Android ecosystem is looking less secure month by month and year by year. This implies that it's not a question of if a big breach will take place, but when.
In comparison, iOS' share of threats stood at just 0.7 percent in 2012.
Like Mac users, Android loyalists are likely to argue that these security warnings are of little worth, pointing out that -- so far as anyone knows -- few people have been seriously impacted by security problems on their platform; at least, not yet.
[ABOVE: From F-Secure, this image should hint at the need to be secure.]
Gettin' what you pay for
In truth, Android users are already being impacted by some malware variants, as F-Secure explains: "A large portion of this number was contributed by PremiumSMS -- a family of malware that generates profit through shady SMS-sending practices -- which unleashed 21 new variants."
A 2012 report relates up to 100,000 instances in which Android users inadvertently downloaded this infection, which masqueraded as a game.
The report confirms that messages or notifications from these premium rate fraudulent SMS numbers and services are deleted, meaning the user remains blissfully unaware of the problem until charges appear on their bills. In some cases, the malware signs a user up to costly SMS subscription services.
Another infection quietly proliferating across the ecosystem concerns banking Trojans, which steal information required to help criminals raid a user's bank account.
To be fair, Google does occasionally attempt to deal with the threat. Android 4.2 Jelly Bean should help prevent Trojan infections if it is installed. Unfortunately it is only installed on 16.5 percent of Android devices, with the less secure Gingerbread installed on 44 percent of these phones.
We need diversity
There's an argument to say Android threats are widespread because of the market dominance of that platform. This could be true, but given Apple's substantial slice of the smartphone market, it's noteworthy that the number of iOS threats are broadly in line with smaller players in the smartphone scene.
In truth of course the surging threat to the Android ecosystem underscores everything that's wrong with operating system monoculture. The dominance of Windows led to Biblical plagues of malware aimed at that platform, causing untold damage to business and personal users whose systems were afflicted by security problems.
History suggests that when a single OS dominates any technology space, it comes under intense scrutiny by criminal malware authors.
This leads me to believe that when it comes to the smartphone sector -- a sector comprising billions of devices -- it's important to ensure a diversity of operating system variants. In an ideal world, Android's share would be lower, Apple's about the same, and BlackBerry, Windows and Firefox would be peers.
Unfortunately the smartphone world appears to have become dualistic once again, leaving the majority of users potentially exposed to future malware attack against their platform.
It's all in agriculture, really: plant a field with the same seed, year-in, year-out, and the soil loses nutrients it cannot replace and eventually crops fail -- that's monoculture. Switched-on farmers know to rotate crops, leave fields fallow at times, and to seed diversity to protect their precious soil. In the smartphone space we do not need one single dominant software vendor, we need diversity of systems to provide the strongest possible resistance to security compromise.
It seems a tragic wasted opportunity that, rather than learning from the mistakes of the past, smartphone industry evolution appears to be avoiding the chance to create a democracy of OS diversity in favor of a dualistic iOS v Android environment, so I guess the only thing that can be said is, "be safe out there". Though Phil Schiller might add, "or get an iPhone".
Got a story? Drop me a line via Twitter or in comments below and let me know. I'd like it if you chose to follow me on Twitter so I can let you know when these items are published here first on Computerworld.