Security Now
Security is top-of-mind everywhere, especially right here where Juniper experts share their thoughts on the latest security breakthroughs and product advancements
Showing results for 
Search instead for 
Do you mean 

The Security Focus on Android: Fair or Unfair?

by Juniper Employee on ‎02-14-2012 01:52 PM

When looking across the many recent mobile security discussions, much of the attention focuses on threats posed by malware on Google’s Android platform, which has quickly risen to become the most popular operating system. Some would say this is because Android is an inherently less secure platform when compared to other mobile operating systems and that the openness of the Android Market can easily lead to exploitation. Others would simply state it is because Android has more market share leading to more attention by industry and attackers. Regardless of these differing opinions, looking at Android security in more detail is certainly worthy of discussion. 


Any examination of mobile security should holistically look at all of the threats to mobile devices and the means to address them. Regardless if the device is an Android smartphone, Apple iPad, or from other platform, the threats remain the same:


  • Malware – Spyware, Trojans, Worms, Viruses
  • Direct Attack – Browser-based exploits, attacking device interfaces, malicious SMS messages
  • Data Communication Interception – Intercepting Data transmitted over Wi-Fi or other transport methods
  • Loss and Theft – Devices left in taxis or actively stolen to obtain the device and its data
  • Exploitation and Misconduct. – Employees leaking information, children behaving inappropriately or being maliciously targeted via cyber bullying or online predators


In the majority of these threat categories, it could be reasonably concluded that there is a good deal of parity between Android, iOS and other platforms. Specifically, both Android and iOS have had documented instances of successful direct attacks, are susceptible to the same Wi-Fi interception attacks and can be easily lost or stolen. 


In regards to exploitation and misconduct, Android could be seen as more secure, because there are solutions available today that allow parents and companies to monitor their children and employees in great detail to prevent unapproved activity. Examples include the ability for a supervising authority to view the content of SMS messages, phone call logs, as well as pictures taken, sent and received by devices issued by or connecting to corporate networks. Conversely, granular insightful parental or corporate control features into actual device usage are not able to be developed on iOS devices due to development restrictions for that platform.


This leads to, of course, the focus on malware, which errantly garners the most attention when most people think about mobile security. Many have said in the past that Apple devices are more secure because of Apple’s sandboxing of applications and the analysis of applications being posted in the Apple App store. Related, many have also argued that Android’s open platform and open Android Market make that platform comparatively less secure.


Google’s recent announcement that they do scan the Android Market should be taken into consideration on the last point. It will certainly help reduce infection rates from downloads on the official market of known threats. However, this mitigation does nothing for the millions of applications that are downloaded from the Web and third-party app stores.  Further, the standard which Google considers an application malicious will prove to be fairly narrow when compared to what many security companies, enterprises and consumers, who do not have an allegiance with the developers providing applications to the Market, want to protect themselves against.


There are several other aspects of Android’s approach to security that help keep users safe and are differentiated from Apple.  Let’s start by realizing that free market competition leads to better security products and services to protect consumer and enterprise data.  This is especially true with malware protection, because companies are constantly trying to make their solution better than the competition, with more in-depth analysis, complex detection technologies, increased speed in detecting threats and other innovations to stop attackers.


The result and benefit of this competition is very clearly seen through the plethora of easily available choices for Android anti-malware protection.  Enterprises and consumers can take their pick of many different anti-malware solutions to best fit their needs.  On the other hand, enterprises and consumers using Apple devices are not afforded the free choice of security solutions to protect their devices.  Apple device security is handled exclusively and secretly by Apple, with no insight on malicious application statistics and detection capabilities made available to the public.  This forces consumers and enterprises to put their blind trust and all of their security “apples” in one basket, so to speak.


If the threats to each kind of mobile device are similar and each device platform has its security strengths and weaknesses, why is much of the security focus on Android?  The answer comes down to market share and the availability of security data.  Hackers are incented to target Android, because there are simply more Android devices as compared to the competition. Additionally, there are security statistics readily and publicly available from numerous security vendors and researchers on the security concerns related to Android. Conversely, there is little known about Apple malware statistics and a complete lack of meaningful anti-malware security solutions for the iOS platform due to development restrictions.  If there aren’t statistics or products, there isn’t much to talk about, except for the absence of data.


So, is the security focus on Android fair?  It would be reasonable to say yes, as Android has the largest market share and any company in a leadership position should expect a level of scrutiny.  As to whether Android is comparatively less secure is fair, that is completely subjective. Is a platform with documented security exploits and a free and competitive market of solutions to address the risks deserving of more security scrutiny than a closed platform also with documented exploits whose security is completely and secretly controlled by the device’s manufacturer? 


That is an intriguing question. What we do know is that cyber-criminals and other attacks will continue to come up with new ways to attack mobile devices and the data that resides on them. To read our full report on mobile threats please visit






Juniper Networks Technical Books
About the Author
  • Andrew is a Juniper Distinguished Engineer responsible for the architecture of Juniper's network management user interfaces.
  • Amy James is Product Marketing lead for Security at Juniper Networks. She brings her knowledge of cyber security from companies like FireEye, Cisco and Cloudmark with deep roots in technology storytelling.
  • Asher Langton is a senior software engineer and malware researcher on Juniper's Sky ATP team.
  • Aviram Zrahia is a consulting engineer at Juniper Networks and an industry researcher of cyberspace. He holds a CISSP and GCIH certifications, as well as a bachelor's degree in computer science and MBA in management of technology, innovation, and entrepreneurship. He is also a research fellow in the Blavatnik Interdisciplinary Cyber Research Center (ICRC) at Tel Aviv University, currently focusing on the domain of threat intelligence sharing.
  • Brad Minnis, CPP is the Senior Director of Corporate Environmental, Health, Safety & Security for Juniper Networks, Inc. based in Sunnyvale, CA, where he is responsible for strategic design, implementation and management of the company’s security, safety, environment, crisis management and business continuity functions. He also leads the company’s efforts in corporate citizenship and sustainability, and manages the Corporation’s government-related security programs. Mr. Minnis has over 30 years experience in the Silicon Valley and has managed EHSS operations for a number of high tech companies, including Juniper Networks, 3Com Corporation, and National Semiconductor Corporation. Mr. Minnis’ specialties include security management, supply chain and product integrity, anti-counterfeit, occupational health and safety and crisis management. In his role as Cyber Incident Response Team Leader for Juniper, Mr. Minnis has managed numerous high impact cyber-related incidents and cross-functional responses. Mr. Minnis served for ten years in the United States Navy and has served in leadership positions the International Security Management Association (ISMA) and ASIS International, serving as Chairman of the San Francisco Chapter in 2003. He has also co-written several publications on software integrity assurance and supply chain security with organizations such as SAFECode. Mr. Minnis is certified as a Protection Professional by the Professional Certification Board of ASIS International and attended the University of Connecticut, where he received two certificates in Environmental, Health and Safety
  • Bill is the Director of Federal Certifications and Policy at Juniper Networks. In this role, Bill focuses on several areas unique to the needs of Federal Government customers, including product certifications, IPv6, and security. Bill came to Juniper Networks in January 2008 after more than 20 years in the IT community working with commercial enterprise customers, service providers, and the US Federal Government. Bill started his career as an engineering officer in the US Air Force after graduating with a Bachelor of Aerospace Engineering from the Georgia Institute of Technology. Bill has an MBA from the Wharton School at the University of Pennsylvania.
  • Craig Dods is the Chief Architect for Security within Juniper Networks' Strategic Verticals. He currently maintains multiple top-level industry certifications including his JNCIE-SEC, holds multiple networking and security-related patents, as well as having disclosed multiple critical-level CVE's in a responsible manner. Prior to joining Juniper, Craig served as IBM's Managed Security Services' Chief Security Architect, and held previous security roles at Check Point Software Technologies and Nokia.
  • François Prowse is a Senior Systems Engineer for Juniper Networks, based in Brisbane Australia. Francois joined Juniper in 2006 as part of the New Zealand SE team, subsequently relocating to Australia. Prior to Juniper, Francois worked for four years at Alcatel in both operational and architectural roles, being jointly responsible for the construction of New Zealands' largest MPLS core network. Prior to Alcatel, Francois worked at UUnet, focusing on core network expansion in Europe. In all previous roles JUNOS has been the driving factor behind day to day operations, providing him with over 8 years of operational experience. Francois is a Juniper Networks Certified Internet Expert (JNCIE #144) which he obtained prior to joining Juniper Networks.
  • Greg Sidebottom is a Senior Engineering Manager in the Identity and Policy Management business unit at Juniper Networks. Greg has spent the last decade plus conceptualizing, architecting, designing, and leading the implementation of Juniper's SDX and SRC families of policy based service management applications. Previous to this, Greg held positions in the software and networking industries at Siemens, Cognos, Nortel, GTE labs subsidiary MPR Teltech, and the Alberta Research Council. Greg is an author of eight invention disclosures resulting in two patents issued and three pending. Greg holds a B.Sc. in Computer Science for the University of Calgary and an M.Sc. and Ph.D. in Computing Science from Simon Fraser University.
  • Jennifer Blatnik is vice president of cloud, security and enterprise portfolio marketing at Juniper Networks with focus on enterprise deployments of security, routing, switching, and SDN products, as well as cloud solutions. She has more than 20 years of experience helping enterprises solve network security challenges. Before joining Juniper, Jennifer served multiple roles at Cisco Systems, Inc., including directing product management for security technologies aimed at small to medium enterprises, as well as supporting managed services, cloud service architectures and go-to-market strategies. She holds a B.A. in Computer Science from University of California, Berkeley.
  • Jim Kelly, Senior Product Line Manager – CTP Products Juniper Networks. Jim Kelly is the senior product line manager for the CTP products where he is responsible for the CTP product direction, marketing and circuit emulation applications within Juniper Networks. Mr. Kelly has more than 28 years of experience in the networking industry in technical roles, sales, marketing, and product management positions. He started his career in the United States Air Force. He has worked for Wang, Digital Telecom Systems, American Airlines, Network Equipment Technologies, Carrier Access, and Nortel Networks. He started Juniper Networks federal DoD sales in July 2000 and joined Juniper Networks again in October 2005 through the acquisition of Acorn Packet Solutions where he was the director of sales and marketing.
  • I have been in the networking industry for over 35 years: PBXs, SNA, Muxes, ATM, routers, switches, optical - I've seen it all. Twelve years in the US, over 25 in Europe, at companies like AT&T, IBM, Bay Networks, Nortel Networks and Dimension Data. Since 2007 I have been at Juniper, focusing on solutions and services: solving business problems via products and projects. Our market is characterized by amazing technological innovations, but technology is no use if you cannot get it to work and keep it working. That is why services are so exciting: this is where the technology moves out of the glossy brochures and into the real world! Follow me on Twitter: @JoeAtJuniper For more about me, go to my LinkedIn profile:
  • Kevin Walker is the Security Chief Technology and Strategy Officer for Juniper’s Development and Innovation (JDI) organization. He is responsible for driving the security strategy both internally within Juniper, and externally with investors, partners, influencers, and customers. He provides the guidance required for JDI to conceive, develop and create momentum for industry-leading security solutions. Working closely with the Security Engineering team, Walker identifies the opportunities for improved security, growth, and innovation to deliver the scalable, reliable, and compliant security architecture needed in today’s security landscape. Before joining Juniper, Walker was VP and Assistant Chief Information Security Officer (CISO) at He has served as a Chief Information Security Officer (CISO), Chief Security Strategist and Director of Information Security across a number of notable companies including Intuit, Cisco, Symantec and VERITAS Software. With over twenty-five years in various computer science and information technology disciplines, focusing on enterprise applications, network design, and information security, Walker possesses research and engineering expertise across of range of technologies including networking protocols, securing applications at the atomic level, cryptography, and speech biometrics.
  • Security Life timer, who has been described as a true IT security ‘guru’. It is certainly apt: his knowledge and expertise developed over the course of more than 20 years in IT have helped many customers implement a security strategy that not only safeguards their business and information, but enables Digital Transformation. A noted public speaker on security issues, Lee’s passion and style stand out in the sometimes staid world of network security. Prior to joining Juniper Networks, Lee held a number of business and technical roles at Dr Solomon’s, McAfee, Hewlett Packard, Nokia Siemens Networks and Citrix. Lee leads the Juniper Networks security business across Europe, Middle East and Africa. In this role, Lee is responsible for the company’s commercial development in the field.
  • Laurence is passionate about technology, particularly cyber security. His depth and breadth of knowledge of the dynamic security landscape is a result of over twenty years’ experience in cyber security. He understands the security concerns businesses face today and can bring insight to the challenges they will face tomorrow. Laurence joined Juniper Networks in 2016 and is our senior security specialist in EMEA. Security throughout the network is a key area where Juniper Networks can help as business moves to the cloud and undertakes the challenge of digital transformation.
  • 30 Years in Book Publishing, 20 years in Technical Book Publishing, including Apple Developer Press, Adobe Press, Nokia Developer Books, Palm Books, and since 2001, almost 10 years as consulting editor/editor in chief for Juniper Networks Book. Joined the company and started the Day One book line and in 2011, the new This Week book line.
  • Paul Obsitnik is Vice President of Service Provider Marketing for Juniper Networks Platform Systems Division (PSD), responsible for the marketing of Juniper’s portfolio of high performance routing, switching, and data center fabric products to Service Providers globally. Paul's team is responsible for marketing strategy, product marketing, go-to-market planning, and competitive analysis worldwide for the Service Provider segment. Obsitnik has extensive experience in marketing, sales and business development positions with a proven track record in creating technology markets. He has served in senior marketing and sales management positions at several companies including BridgeWave Communications, ONI Systems, NorthPoint Communications and 3Com. Paul holds a Bachelor of Science with Honors in Electrical Engineering from the United States Naval Academy and a Master of Business Administration from the Harvard Graduate School of Business. Obsitnik is based in Sunnyvale, California.
  • Solutions Marketing Sr Manager
  • Michel Tepper is a Juniper consultant and instructor working for Westcon Security in the Netherlands. He started working in ICT in 1987. Michel is also is a Juniper Ambassador. Currently he holds three Junos Professional certifications and a number of specialist and associate certifications on non-Junos tracks. Michel is an active member of J-Net and, where he uses the nickname screenie referring to the ScreenOS with which he started his Juniper Journey.
  • Scott is the Director of Product Marketing for Mobile Security at Juniper Networks. In his 20+ years in high tech, Scott has worked on Mobile and Endpoint Security, Network Security, IPS, Managed Services, Network Infrastructure, Co-location, Microprocessor Architecture, Unix Servers and Network Adapters. He has held leadership roles at Check Point, McAfee, Symantec, Exodus Communications, Cable & Wireless, Savvis, and HP.
  • Sherry Ryan is IT Vice President and CISO of Juniper Networks. Previously, Sherry held similar positions at Blue Shield of California, Hewlett-Packard, Safeway and Levi Strauss where she established and led their information security programs. Sherry holds the Certified Information Security Manager (CISM) certification from ISACA and the Certified Information Systems Security Professional (CISSP) certification from ISC2. She is a member of the High Tech Crime Investigation Association (HTCIA) and the Information Systems Security Association (ISSA). Sherry has a bachelor's degree in Business Administration from the University of Redlands, and earned her MBA from the College of Notre Dame.
About Security Now

Discussing a wide range of topics impacting enterprises and
data center security.

Subscribe RSS Icon

Our Bloggers

Kevin Walker
Vice President
Security CTSO, Engineering

Profile | Subscribe

Ritesh Agrawal
Software Engineering

Profile | Subscribe

Scott Emo
Product Marketing

Profile | Subscribe

Bill Shelton
Director Field Sales

Profile | Subscribe