Last week the Wall Street Journal, citing anonymous sources, reported that Google “plans to fold its Chrome operating system for personal computers into its Android mobile operating system.” Journalists, bloggers, and security professionals quickly jumped on the bandwagon to condemn Google for a bad decision. Some valid points were made, but overall the media frenzy has been an exercise in jumping to conclusions.
There are three rings in this circus: The Chrome operating system, Android, and the larger topic of operating system security.
The Chrome OS situation is simple. A Google spokesperson confirmed that it is not going away. Chrome OS was designed as an operating system to meet the needs of low-cost, browser-centric PCs. It makes no sense to use Windows, OS X, or a full Linux install if all the user wants is a web browser. Chromebooks have proven successful in the education sector, some people love them as a second notebook for travel, and the operating system’s superior security characteristics make it suitable for some business applications. Chrome OS is open source and the WSJ article indicates that “Google engineers will continue maintaining it.” Even if Google drops support, Acer, Asus, Dell, HP, Lenovo, and Toshiba all sell Chromebooks and have a strong incentive to take over the open source operating system.
The Android situation is more complex. This operating system was originally developed for phones and tablets. Until recently, Android’s only significant competition was Apple iOS. However, Microsoft’s strategy to turn Windows into a mobile operating system began with Windows 8 and has come to fruition. Windows 10 runs on desktop PCs, notebooks, Surface tablets (positioned as a desktop and notebook replacement), and even imported $200 tablets. This positions Windows 10 as a serious threat to Android’s market share. It makes perfect sense for Google to respond by expanding Android capabilities to include PCs.
Microsoft’s challenge was to adapt a traditional keyboard and mouse (or trackpad) operating system to function in a touchscreen environment with lower-power processors and less RAM. In this respect, Google has a significant advantage; Android was originally designed for touchscreen and a constrained computing environment. It makes perfect sense to leverage the keyboard, mouse, trackpad, and USB capabilities in Chrome OS. Google engineers are intimately familiar with them and they are already designed for lower-end devices.
Google’s spokesperson had no news to share with respect to Android. That’s not surprising given that the WSJ reported that, “The company plans to unveil its new, single operating system in 2017.” I doubt that Apple and Microsoft are going to share their 2017 strategy, even if possible details leak.
It is understandable that people familiar with the security properties of Android might believe Google is heading in the wrong direction. But it is also important to keep in mind that the WSJ article is based on information provided by anonymous sources. Important context is missing.
The topic of operating system security is complex and multidimensional. Discussions often resemble religious arguments influenced by vendor preference instead of objective security assessments. Many people are passionate about the products they buy. Also, a standard for operating system security has yet to be developed; a consensus has not even been reached on what criteria should be used.
It is easy to label Chrome OS as the most secure notebook operating system. It has a small attack surface, is automatically updated from a single source, is designed to be secure by default, but includes the least functionality. If the application is surfing the web and webmail, Chrome OS is likely the safest operating system to use. However, it has limited offline functionality and very little software can be installed.
OS X users have long touted the security virtues of Apple’s operating system, pointing to malware infection rates that approach zero and UNIX-based privilege management. OS X El Capitan, the latest release, adds features such as System Integrity Protection to prevent modification of the operating system, even by the root user. OS X has good overall security properties, but with less than a ten per cent market share, and not being the dominant operating system used in corporations and governments, OS X is a less profitable target for malware developers and other cybercriminals.
Windows has traditionally taken the brunt of attacks. Much of the reason is marketshare; criminals have a strong profit motive. But Windows also had the least mature security controls. User Account Control (UAC) helped, and Windows 10 includes several security enhancements such as better support for multi-factor authentication, data separation, and trusted application controls. Microsoft is clearly improving the product, but it is difficult for them to address one significant source of risk: user behaviour. As long as administrators continue to perform daily tasks with excessive privileges, and users click “Yes” on every UAC dialog without considering the implications, devastating compromises will continue.
iOS, Apple’s mobile operating system, has had its share of security flaws. Some developers complain bitterly that closed-source iOS has no option to run code from non-Apple sources. Unless users jailbreak their devices, Apple retains tight control of the entire ecosystem. But it is precisely that control which protects the vast majority of iOS users from malware and allows Apple to respond quickly if a malicious app slips through their vetting process.
Android, on the other hand, has not fared as well. A 2014 report by Alcatel-Lucent’s Motive Security Labs division revealed that, “in the second half of 2014 alone, there were as many Android devices infected with malware as Windows laptops.” The obvious reasons are that Google does not control the hardware and software ecosystem. Current Android devices have a check-box, “Allow installation of applications from both trusted and unknown sources.” Users are given the option of opting-out of security controls. Mobile device vendors may or may not release security updates as Google makes them available. There are also human factors; users who wish to tinker with their phone or tablet operating system usually prefer open-source Android over proprietary iOS.
From a security perspective, the Android of today might be the worst choice for a notebook or desktop operating system. But what if Google’s plan includes leveraging Chrome OS to make Android more secure? Google developed Android and it has a poor security reputation. Google developed Chrome OS and it has the smallest attack surface of any OS delivered on a notebook. The company undoubtedly learned a lot from both operating systems and watching their competition. It is fine to maintain a healthy level of skepticism, but when it comes to the future of Android don’t underestimate Google.