Android isn't 'more secure than the iPhone,' but Google's security woes are overblown

It's been a while since Eric Schmidt made any bizarre public statements, but he's back at it again with recent claims about Android security.

According to ZDNet, Google's executive chairman was taking questions from Gartner analyst David Willis during the Gartner Symposium/ITExpo. Willis raised the point that most people in the room don't use Android as their primary platform, and that Android isn't secure.

"Not secure? It's more secure than the iPhone," Schmidt said. The response reportedly drew laughter from the audience.

iPhone users take security as a given because of how the App Store works. Apple maintains tight control on the app approval process, making it difficult for malicious apps to get through. Unless users jailbreak their phones, the App Store is the only way to install software on the iPhone, so the likelihood of installing something nasty is practically nil.

Android works differently for two reasons: The Google Play Store is not as tightly controlled, and users can allow apps from outside the store by checking a box in their settings. Unsurprisingly, mobile security firms have painted Android as a haven for malware, all while peddling their own anti-malware solutions.

But even these Android alarmists admit that if you stick with apps from Google Play, you're not really in great danger. Although Google doesn't subject every Android to a review process, it does employ a malware scanner, called Bouncer, which automatically checks new apps for suspicious behavior. Google also made a change this year that requires Google Play apps to update through the store. Bouncer is not an invulnerable system, but then again, neither is Apple's approval process.

As for Android apps from outside Google Play, Google recently added a "Verify apps" process that's enabled by default on Android devices. When users try to install an app from an outside source, Google offers to scan the app for suspicious behavior first. Even outside Google's ecosystem, the threats are minimal; Quartz reports that for every million app installs from outside Google Play, just 1,200 are flagged as potentially harmful. And that number is holding steady.

If there's one major issue that Android has, it's the fact that Google can't deliver security patches directly to users. These updates must go through phone makers and wireless carriers, and that can take a long time. Even so, Google has tried to work around the problem by using Google Play Services to deliver app verification to older phones.

Schmidt's remarks on Android security will probably become an instant classic, right up there with "the creepy line" and the empty promise of Google TV's dominance. But when you consider everything Android does to keep malware out, Willis' claim that "Android isn't secure" is just as worthy of a chuckle.