What security guard? There was no security that kept Android from being vulnerable. It would have been just as easy for someone to infect the Android build chain.
Even if you look at something like the way that third party keyboards work on Android, it’s a security nightmare.
On iOS, users have to explicitly go into settings to add a third party keyboard and even then it doesn’t have network access by default. The user has to go back into settings to enable the keyboard to have network access and then they get a big scary warning. Android users happily install keyloggers.
Also, even after you both install the keyboard and give the keyboard network access, iOS still switches back to the default keyboard when entering passwords.
> Stage fright didn’t involve having an app in the Play store.
If the MMS app and the browsers were updated to filter Stagefright exploits (on Android, unlike iOS, system app updates do not require an OS update and happen through the Play Store, one of many things Android gets right and iOS gets wrong), the only way to exploit it is by publishing your own app to the Play Store and getting somebody to install it and hoping that the device doesn't have an selinux policy that limits the privileges of the exploit. The Play Store can trivially block apps that don't use an approved wrapper library for media that filters Stagefright exploits.
Back then the built in Web view that apps embedded was built into the OS as was the browser. You remember that Chrome wasn’t the browser for apps back then.
Also, what’s the differences between updating the OS from Apple’s servers and hypothetically updating an app from Apple’s servers. Are you trying to turn a weakness that Google can’t just press a button and allow every single Android worldwide to receive an OS update into a strength?
Even if you look at something like the way that third party keyboards work on Android, it’s a security nightmare.
On iOS, users have to explicitly go into settings to add a third party keyboard and even then it doesn’t have network access by default. The user has to go back into settings to enable the keyboard to have network access and then they get a big scary warning. Android users happily install keyloggers.
Also, even after you both install the keyboard and give the keyboard network access, iOS still switches back to the default keyboard when entering passwords.