Is Android a secure OS?

Posted by Trent Nouveau

Google's Android is one of the most popular operating systems for both smartphones and tablet devices. But is the OS secure enough to protect critical user data from unfriendly eyes?

Well, Sophos principal virus researcher Vanja Svajcer believes that pressure to improve Android-based security protocols has been steadily "building up" over the last few months.

To be sure, one of the first serious proof of concept exploits for Android was made publicly available last week.

The targeted vulnerability - discovered in the Webkit mobile browser platform - was fixed by Google in the latest Android iteration, 2.2. or Froyo.

"[However], Froyo is only used by 36% of all Android devices, which means that the majority of the devices can still be successfully attacked using the exploit," explained Svajcer.

"And unfortunately, recent research by Coverity indicates that the Linux kernel 2.6.32 used by Android 2.2 contains a high number of potentially exploitable vulnerabilities which could be combined with Webkit exploits."

Svajcer also recommended that Google create an automatic security update mechanism similar to those found on current desktop operating systems.

"Of course, modern smartphones are just as powerful as the desktop computers of only a few years ago so the requirement for a flexible security update mechanism should not be a surprise for the operating system developers and handset manufacturers," he added.