[squarefoot]

The best place to put spyware into is closed source unauditable software.

On Windows the entire system and most well known applications are closed source, therefore not trustworthy, but on Android things are not that different: Android makes heavy use of closed source device drivers and so far any attempt to get a completely open system while keeping all the underlying iron useable has failed because most device manufacturers keep their hardware undocumented, save for Google and a few big players under NDA.

The point is that security is an OR: a chain whose strength depend on the weakest link; if one closed blob can contain a keylogger, having just one in an otherwise 100% open phone still makes the phone 100% potentially not secure.

[vamur]

By your definition, Linux is also insecure since it depends on closed source BIOS and closed source device firmwares, as well as closed source hardware.

Security is a process not a if/else choice, and Android is more secure than Windows because it is open source and you can replace Google parts. Good luck doing that on Windows.

[squarefoot]

The key is "potentially" and from whom the risk of exploitation comes from. Having one closed driver instead of 20 makes the system statistically a lot less prone to exploitation by the usual malware writers, but if a government or any entity with enough power wants to take advantage of that weak point to install say a keylogger, their chance of success is 100% like it would be on a system that depends on 20 closed blobs.

And yes, Linux (and BSD) is also potentially insecure (or less secure if you prefer), which is the reason why the same effort who brought us a lot of quality Open Source verifiable software now should be directed towards obtaining also Open Hardware. We need to build a culture as we did with Open Source software so that people will understand the importance and associated risks.