Security in an Age of Openness

Google’s mobile operating system, Android, is the most open platform yet. And that’s not necessarily all a good thing. Here’s why…

The recent debut of T-Mobile’s G1, the Android smart phone, is both a blessing and a curse. Why? Because Android is arguably the most open mobile Operating System yet. Created by a partnership of Google, the Open Handset Alliance, and T-Mobile, Android hopes to grab coveted market share from RIM (Blackberry) and Apple (iPhone) by opting not to put regulations on third-party application development. Essentially, those involved in bringing the G1 to life have said that nary a person or organizing body will put a limit on “what users can download to the G1 or what developers can upload to the Android Market storefront,” says Judy Mottl of


And thus, open source technology has the potential to be a bit of a double-edged sword. Google is hoping that pushing open sourcing will help catalyze a paradigm shift in how operating systems are developed. Behind this mindset is the belief that open source development will be a platform for innovation — by advancing mobile applications, services, and by allowing carriers, OEMs (Original Equipment Manufacturers), and development experts to gain access to licensing and coding, there is the belief that Android software will proliferate and lead to more players building functional smart phones with their software.

The downside is, of course, that open source formatting can prove to be more susceptible to security threats than a more regulated system – say, with proprietary rights. Most agree that a level of openness in development is good for any platform, but at the same time, the openness needs to have checks and balances. Without the necessary regulation, we could watch the destruction of the Android platform, as we’ve watched the deregulation of the markets create unprecedented economic turmoil in the last year. Hoping to prevent hackers from spoiling their fun, Google has implemented a “kill switch” on Android’s Market service agreement that allows them to remove applications that are potentially malicious.

But this may not be enough. Users of this technology should be aware that open sourcing can bring an elevated degree of risk, as it opens the door to threats such as file deletion, stolen passwords, traffic sniffing, spamming of contact lists, and can create backdoors into corporate networks. It is also easier for hackers to cover their tracks, because of the mobile nature of the device. This isn’t to say that people should stay away from the G1, but as open source spreads across the mobile market, which it is bound to do, it is important to understand the implications. And the security threats. If open sourcing is seen as a risky platform, it may drive consumers away and hinder the development of the technology. The available applications need to be seen as legitimate and this may necessitate a level of control and oversight of the Android Market that may not yet be in place. Thus, users should take the appropriate measures to protect themselves from potentially dangerous applications and software.

— Rip Empson