Phil Schiller points to new mobile security report criticizing Android


Phil Schiller doesn’t tweet very often. But when he does, he tends to make good use of his 115,000+ followers. Early last year the executive tweeted a link to an Android-slamming mobile malware report, and today he’s pointed to another report that highlights Android’s security flaws.

This afternoon, Schiller tweeted a link to Cisco’s 2014 Annual Security Report, which was released last week. The report notes that overall vulnerabilities are the highest they’ve ever been (since tracking began in 2000), and that 99% of all mobile malware is targeted at Android devices…

Here’s the tweet:

And here’s an excerpt from the report via MacRumors:

“Not all mobile malware is designed to target specific devices, however. Many encounters involve phishing, likejacking, or other social engineering ruses, or forcible redirects to websites other than expected. An analysis of user agents by Cisco TRAC/SIO reveals that Android users, at 71 percent, have the highest encounter rates with all forms of web-delivered malware, followed by Apple iPhone users with 14 percent of all web malware encounters.”

What’s ironic here is that the thing most Android users complain about regarding Apple—its closed ecosystem—is the very thing that’s keeping iOS users safe from most mobile malware. By default, iPhone and iPad users can only install apps from the heavily monitored and curated App Store.

Android, on the other hand, is a free-for-all. Users can install apps from either Google’s Play store or one of dozens of 3rd party venues. Admittedly, this kind of openness allows for deeper customization and other stuff you can’t do on iOS, but it also makes it much more vulnerable to security risks.

Interestingly enough, Schiller’s tweet comes less than a week after the Starbucks iPhone app was found to store sensitive user data in unencrypted text. I wonder if Apple has received a lot of feedback from customers in regards to security concerns, and maybe they’re trying to change the conversation.

What do you think? Good or bad move by Schiller to tweet a link to this report?