Now that iOS and Android are approaching technical maturity, new updates to these operating systems no longer feel revolutionary. The new stuff we get every year is boiling down to smarter notification handling, under-the-hood upgrades, screen notch adaptations, and “borrowing” good ideas from one another. As Google prepares to take the wraps off its next big iteration, Android P, at Google I/O 2018, I have an idea for an alliterative theme: make it Android P for Privacy.
Facebook’s data breach scandal has been the biggest tech story so far this year, forcing the company’s CEO to answer questions before Congress and the rest of us to consider the full extent of what we share with online services and the security of that personal information once it’s in their hands. This increased concern with privacy isn’t going to abate anytime soon, and Facebook won’t be alone in having to answer tough questions. Google, the world’s premier vendor of web services subsidized by user data, should be scrutinized just as closely as Facebook, because it endeavors to collect just as much, probably more, minutiae about its users’ lives in order to sell more valuable ads.
There’s a direct link between the Facebook scandal and Google’s failings on the privacy front. As people started poring over what data Facebook held about them, it was quickly discovered that Facebook collected the call records and SMS data of its Android users but not of its iPhone users. Why the disparity? Facebook’s app could ask for permission to access that info on Android, whereas Apple’s iOS refuses to entertain the idea.
Anyone at risk: do not use an Android phone. You can literally cough in the direction of one to get access. Android security is a nightmare. On the other hand, iPhones and iPads are stellar, *stellar* security wise. Get the cheapest one you can afford (past 5s). Just do it.
— zeynep tufekci (@zeynep) 20 December 2017
Then there’s the complementary matter of data security and protection against malicious attacks, something that Android has been infamously poor at defending against. Google has an internal team called Project Zero, whose task is to identify and weed out vulnerabilities in Android, but those seem to continuously outnumber and outpace Google’s efforts. That problem is compounded by the slowness and inconsistency of Android phone makers in implementing Google’s latest security patches. When I was reviewing the Galaxy S9 in March, for instance, it was still stuck on the January 1st security update. And if that wasn’t enough, a two-year study of Android security updates showed that Android OEMs just flat out lie about the security of their devices.