Well even with that Google did have to start getting serious about the security they HAVE to have in the OS. They started to work on this with version 4.0 where they put in a half-baked version of Address Space Layout Randomization (ASLR). Typically when this is implemented the OS randomizes where it loads items into active memory. This includes the Kernel and any other part of the OS. This helps to prevent attacks that involved memory overflows. Unfortunately in Android 4.0 the core components of the OS were not randomized which meant that a malicious coder could predict where their code was in memory.
When you combine ASLR with Data Execution Prevention (DEP) you can quickly prevent a wide range of basic exploits. Of course these types of items do not guarantee security as even with ASLR and DEP there is still a chance of being exploited due to a poorly implemented app or other software in use on the system.
Apple has had this in their iOS for well over a year now and also includes a requirement for signed code (meaning that the developer has to have an installed digital certificate before the code can run). However, even with these in place Apple is finding that their mobile OS is not secure from all outside attacks. Just recently a flaw was found in the in-app purchase system that has allowed someone to make in-app purchases available for free. Although currently the person responsible for this is not looking to install malware and even says the requirement for a password is not really needed (he says put in something random) the opening has great potential as a vector for attack on iOS.
We have a feeling that Android may never include code signing as a requirement. If they did it would remove the open feel and nature of Android. Besides, there are plenty of security apps available that do a great job of keeping your phone safe some of them free, others that will cost you a little money. Still they are there; this is something that we cannot say for either Microsoft or Apple. They rely on their control to keep them safe; a move that did not help Apple with some rough malware that popped up at the end of 2011.
Discuss this in our Forum