I took a journey over to my local AT&T store last week to purchase a new phone for my wife (a Palm Pixi). While I was there I chatted with the salesman about some of AT&T's new Android offerings -- in particular the Samsung Captivate (a.k.a. Galaxy S). I have been considering upgrading from my iPhone 2G to the Captivate, as I can't sync an iPhone 4 with any of my computers.
The salesman was very enthusiastic about the Captivate, and we discussed some of the pros and cons of the Android and iOS platforms. One thing he mentioned was (to paraphrase) "If you are concerned about security you should chose the iPhone 4, since Android is Open Source and less secure". I didn't say anything at the time, but I hope my weird look registered with him. I largely ignored this event until yesterday when I watched an online review of the Captivate, where the reviewer incorrectly said that the Android app store was Open Source.
I want to define a few things so people reading this don't make similar mistakes.
Android is an Open Source operating system that is built from Linux -- in fact it is Linux, but customized for use on embedded hardware vs. a desktop or laptop computer.
The Android app store is an open market place -- meaning, unlike Apple, there is no screening process to add a new application to the Android app store. One could potentially add an Open Source application to the Android app store, but just as easily, someone could add a closed source application.
An unfortunate side effect of having an open marketplace is that criminals have added trojan applications to the marketplace that steal user data. This has nothing to do with Android being an Open Source platform, and has everything to do with sneaky closed source apps. In fact, I wrote about this a couple of months back, arguing that Open Source Software is the solution to these problems.
Open Source Software (OSS) means that the work is licenced under one of the many OSS licenses. Each license has different requirements, but one basic ideal that most OSS licenses state, is that the source code for the application must be made available to the user, and if the user decides to publish modifications, they must also make the source code and modifications available.
There are many security benefits to having an application be Open Source (a point that some companies debate), mostly derived from others being able to easily screen an application for flaws. I won't go into these points in detail here since it has been covered widely by many other sources.
And that pretty much sums up the point I wanted to make -- An open marketplace does not mean apps are Open Source -- but it would be nice if they were!
Posted: Oct 06, 2010
Keyword tags: androidsecurityopen source softwareapp store