Google decided to take on IOS by loosening the quality controls that help make the ecosystem secure. Google could easily require code signing and auditing for all non-google OS components, but it chooses not to because doing so would hinder phone sales.
The vulnerability in BLU phones was due to third party code packaged in the Android build for BLU phones. This was discovered because it sent texts back to china. Imagine if a slightly more sophisticated attack were included, how easy would it be to spot?
I'd estimate that there may be over 20 stuxnet level malwares lurking in the Android ecosystem, leveraging it to spread opportunistically deeper into infrastructure and onto higher value targets, etc.
And this doesn't even consider hardware level malware which could be included in bulk via alternative ASIC designs that end up on millions of phones.
The vulnerability in BLU phones was due to third party code packaged in the Android build for BLU phones. This was discovered because it sent texts back to china. Imagine if a slightly more sophisticated attack were included, how easy would it be to spot?
I'd estimate that there may be over 20 stuxnet level malwares lurking in the Android ecosystem, leveraging it to spread opportunistically deeper into infrastructure and onto higher value targets, etc.
And this doesn't even consider hardware level malware which could be included in bulk via alternative ASIC designs that end up on millions of phones.