Slashdot Mirror
Swiped Tokens Expose Android Devices To Data Theft
tsamsoniw writes "Researchers at the University of Ulm have found that eavesdroppers can intercept and use authentication tokens sent between Android apps and Google services via unsecured Wi-Fi. Those tokens, which aren't tied to specific devices or sessions, can be used to peek at and tweak a user's email, contacts, and calendar. Devices running Android 2.3.3 or earlier (which accounts for the vast majority of phones) are most vulnerable, but there are steps devs, Google, and users can take to reduce the risks."
Please. This is abhorrent fear-mongering.
This is hardly different than sidejacking someone's Facebook session on unsecured wifi at Starbucks. Don't send private data that you want to be secure over inherently insecure networks.
It isn't just you. So far the fanbois mod me down every time I say so, but android really is a huge disappointment. So ironic that Linux finally gets popular, but in such a form.
Caveat Utilitor
Funny, I thought you were using TrollOS.
Yes, you just do that. Meanwhile, those of us with more than two brain cells to rub together will stick with anything but windows.
Caveat Utilitor
Token-based authentication vulnerable when tokens exchanged over unsecured connection? Really?
A shiny,insecure UI will always be more popular than a Plain,secure one
One of my biggest fears when applying for coding jobs for projects such as "developing a shopping cart" or "developing a secure ____" or pretty much anything involving databases was that I wouldn't be vigilant enough about working out all the potential security issues involved. After reading this article, I feel like maybe I should have applied to more of these positions. An easily-capturable device/session independent token that's happy to be transmitted cleartext over an unencrypted wireless connection? I sure couldn't do much worse.
See? Retards...
Caveat Utilitor
While it is fear-mongering, it is hardly as trivial as the Facebook hacks of yore. For one, there is no way to enable/require SSL for these tokens (at least in plain sight). Two, there is no way to easily turn off these activities on a phone that you otherwise want to use for casual traffic on an unsecured network.
Therefore, if you have an Android phone you basically better never use WiFi at less than WPA2 grade encryption unless you want to risk your email and other services being compromised, period, end of story, no workaround.
I can only hope that thanks to the openness of Android, someone can code an app that allows for more granular control of what services are connecting at any given time, to at least give those with a clue the ability to stay safe when using open wifi.
...and turn off Wi-Fi. Don't let your 'smartphone' become a 'dumbphone'
Only use it for emergencies and throwing angry birds.
He who knows best knows how little he knows. - Thomas Jefferson
As it says in TFA:
"The researchers tested out apps that contact Google services, including Calendar, Contacts, and Gallery, on various iterations of Android. They found that those apps were all vulnerable on devices running Android 2.3.3 or earlier. On Android 2.3.4 and later, Calendar and Contacts use a secure HTTPS connection, though the Gallery app -- which syncs with Picasa online Web albums -- does not. More important, the vulnerability is not limited to standard Android apps; any Android or desktop app that accesses Google services via ClientLogin over HTTP is vulnerable."
So, update to 2.3.4 when possible, and avoid unsecured wireless until then. It's not a life-threatening issue, more of a notice.
"Our goal each year should be to increase the number of goals we set for ourselves!"
Unsecured WiFi and authentication tokens sent over unencrypted connections are vulnerable. Interesting, but shouldn't that have been slightly obvious? I'm not getting at these guys for trying to demonstrate something but the original article calling it an "android vulnerability" seems a little excessive.
The suggested remedies are using HTTPS for login purposes (duh?), using the latest version of Android possible (unfortunately not always a choice the user has) and not using unsecured WiFi (duh!).
Sure there is, don't support unencrypted wireless on the devices.
google is harming their own rep and they don't even care. or they are too big to stop it.
over the weekend I bought my first android tablet. I didn't expect much as it was a $100 frys special...
the hardware vendor did not care about quality. cardboard chads were stuck under the resistive touch screen and you could see and feel bumps as you moved your finger over. horrible! they released product like that.
worse, the pad went into an annoying crash/reboot cycle. I went into one gui screen, tried to change some values and it crashed/rebooted. I was just configuring something, not even USING the damned tablet.
apple is evil, its true; but at least they ensure a reasonable experience on their tablet. its hella expensive and locked down, but at least they don't ship product with junk under the screen and with glaring showstopper bugs.
I know you can blame the vendor for shoddy hw and sw quality, but it does speak to google that they are so lax with the vendors. a bit of tighter control would have benefited them. the fragmentation is also a fall-out of their lack of management on the android platform.
android is 'all over the place'. its a dogs breakfast. (that's not a good thing, btw).
--
"It is now safe to switch off your computer."
Seems like it would be easy enough to require ssl for the tokens... can you explain why google couldn't just make this possible via an update? Alternatively they could provide an option to turn off sync when wifi is unsecured.
Get a web developer
"A hacker could collect a large store of tokens by first setting up a Wi-Fi access point with the same SSID of an unecrypted wireless network....."
OMG REALLY!?
Come on!
That's a basic rule that everyone should know !
No matter it's a Android, a iPhone, or laptop...
Ok I agree that using HTTP instead of HTTPS it's bit lame...
Who is stupid enough to connect to an unsecured wireless connection... with their personal cellular device?
Because it is pointing out the Original Argument about security that the OSS zealots feared. Linux isn't that much more secure the only reason it gets attacked less is because it is less popular. As distributions of Linux get popular they become targets and get hacked.
As much as we hate the Apple Store block of apps, it does help protect us in terms of security.
If something is so important that you feel the need to post it on the internet... It probably isn't that important.
I'm with you, it's dreadful. My friend has a verizon Droid which has made random calls and sent random texts since new. It flat-out astonishes me that people not only put up with shenanigans like that, but they will aggressively try to shout down anyone who mentions it. When it comes to Android, the emperor simply has no clothes. Of course, the same thing has been true of microsoft's offerings since the beginning. Doesn't seem to hurt adoption, so long as the marketing hits the right spot. But I strongly prefer competent systems.
Caveat Utilitor
You really are old enough to should know better than to try that hoary, ancient troll. Maybe if you learn more about how linux systems work you'll get over the delusion that the only thing wrong with windows security is "it's too popular".
Caveat Utilitor
I often connect to unencrypted wireless networks with my laptop, knowing full well that unless I ask it to, it will not be exchanging private info with anything. I set it up that way. How do I do that with my android? I doesn't stop sending bits and pieces of information, afaik, even when you turn off sync. The only thing that comes to mind is using droidwall...
Just about anyone at an airport or hotel, for starters. And what's wrong with that? Shouldn't I be able to expect that to work, without compromising my accounts?
And? What kind of idiot uses unencrypted WiFi on their phones these days -- especially because you can't know what applications are sending or receiving in the background.
Devices running Android 2.3.3 or earlier (which accounts for the vast majority of phones) are most vulnerable, but there are steps devs, Google, and users can take to reduce the risks."
Why not eliminate the threat entirely? 'Reducing the risks' just does not gut it in the security industry.
Who is stupid enough to connect to an unsecured wireless connection
Plenty of people. Otherwise restaurants wouldn't offer them to entice customers to eat there.
with their personal cellular device?
There isn't much of a difference between a "smartphone" and a "laptop" anymore except for size. Tethering and USB 3G modems have turned laptops into "personal cellular devices". (If you disagree, we may have run into a definition problem.)
Yes, just like their archiving of your location data keeps you more secure... Apple is totally perfect, right? They wouldn't EVER let anything unknown or an app that did more than it said into the app store, right?
This is simply an implementation flaw. Shit like that happens on ANY system. It's just that with open systems you actually learn about it. Are you SURE that you know all the security weaknesses in your iProduct? Are you sure Apple is telling you everything? How can you be?
My blog. Good stuff (when I remember to update it). Read it.
You need to not use wireless at all in that case, aside from known trusted networks that you are sure contain only trusted clients. Unless you are using WPA-Enterprise all clients on the same AP are using the same encryption key so can decode each others packets (intercepted simply by putting your network adaptor into promiscuous mode) easily.
So public wireless is a no-no even if it is not working "plain" (no authentication/encryption), and private wireless is out too unless you have audited every device that has access.
You could get around this by using some for of VPN setup of course, but that option is not open to non-technical users.
Sounds like a OE problem to me, I've had a Incredible for over a year and never had problems like that... Tell your friend to stop blaming his phone for his drunk shenanigans? (BTW there's even an app in the google market to stop him from drunk dialing search for "drunkblocker")
it does speak to google that they are so lax with the vendors.
There's a difference between OHA Android, which comes on phones and 3G tablets, and AOSP Android, which comes on PDAs and Wi-Fi-only tablets. Anyone can make a device with AOSP (Android Open Source Project), without Google's permission, but it'll come with AppsLib or Amazon Appstore instead of Android Market. I'm guessing that the 100 USD tablet you bought came with AOSP Android, not unlike my Archos 43 PDA. OHA Android-powered devices, on the other hand, are subject to tighter Google scrutiny, but they come with Android Market and other Google apps in return. If you want the tightest scrutiny ever, make sure to choose a phone with "Nexus" in the name.
Google makes a decent (not great, but decent) OS, so use that. But for fuck's sake, don't use it for what they want you to use it for.
"Believe me!" -- Donald Trump
Or you could unjustifiably assuming things. I've been in the room when her Droid was on the table with no-one anywhere near it and it called me. :P
Caveat Utilitor
Isn't this more or less the same thing that Firesheep does, and why the EFF is urging everyone to use HTTPS wherever possible?
Qu'on me donne six lignes écrites de la main du plus honnête homme, j'y trouverai de quoi le faire pendre.
You realize that your WiFi traffic goes plain-text again as soon as it hits that first router? So you can trust a router that encrypts traffic over the air, but not one that ever does? Why is everyone so dense?!?
The traffic is not safe without end to end encryption...
You bought a tablet at a price point where you could expect a dog's breakfast, and you're surprised that you got one? I fail to understand what you think is wrong with the world here. There are always going to be hardware makers that are willing to put out shoddy (and possibly knock-off) products at super-discount prices.
I suspect that you bought the tablet on the self-fulfilling prophecy "Android is terrible, even this cheap tablet can't do anything properly!" Next time, either spend 10 minutes playing with the device in the store, or spend enough money to get a product that goes through proper quality assurance (both hardware and software).
I've had an Android phone for most of year now - never had a problem with it until I loaded CyanogenMod, and even the one problem I have had is relatively minor and easily worked around.
Loose things are easy to lose. You're getting your hair cut. They're going there to see their aunt.
Sorry but that argument is lame and totally inappropriate. Google drop the ball on this one. If an application needs to transfer sensitive information back to a server then the application should ensure that it is done securely. It is bad practice to assume that the path to the server is secure.
Why are we only taking Wifi into account? I remember a while back talk about an exploit in GSM that allowed femtocells to eavesdrop on a cellphone's transmissions. Don't assume that wifi is the only weak link.
These comments are my own and do not necessarily reflect the views or opinions of my employer or colleagues...
This is hardly different than sidejacking someone's Facebook session on unsecured wifi at Starbucks
True, the Facebook thing was a big deal too, and all over the news.
Google would have you buy a new phone to get the security update. This is because Android is "open".
None of those are remote exploits for in-box software.
You let me know which manufacturers are regularly pushing updates out to phones, and I'll give you a cookie, lol. Even if you run the wildly popular Droid X, you are running 2.2.1, and there are NO expected updates. And even the best carriers drag their asses and force us to wait for them to push the update, rather than update it ourselves. The luckier users are unlocked enough to get an updatable Mod, like Cyanogen. Unlucky users like me have no such option.
Until Manufacturers supply completely unlockable phones, how "open" Android is doesn't mean shit. 2.3.4 will NEVER... EVER... be released for my phone. And I can't upgrade to Cyanogen, because it has Motorola's "fuck you in the ass" locking mechanism. I have my phone unlocked, but it's a hell of a hack, and Google removed the unlock app from their store because carriers complained that it can be used to enable tethering.
I don't blame android, but I sure as hell won't ever buy Motorola again. My next phone with be 100% update-able by me (except for the cell radio itself, obviously). I don't care if I have to wait until Android 8.0 comes out to get it.
I8-D
And my wife has a Samsung Galaxy with T-Mobile that has worked perfectly. My anecdote cancels yours out. Perhaps your friend's problems are with Verizon or Motorola? Both have been known to screw customers over, and shoddy products and service from them wouldn't surprise me. Also, if it's really an Android problem, file a bug report. Bitching on slashdot won't do anything.
PS - I've got mod points, but decided to respond. Problems do need to be pointed out and fixed, but bitching on slashdot will do jack shit.
Nathan's blog
Everyone? I mean, it should be perfectly secure nowadays, with SSL and the likes. Which is why this is an issue.
Oh, did you miss the part where it's not the poster's phone? I don't think making an observation and raising a concern qualifies as "bitching", either.
Speaking of Android concerns there's also the swiftness with which posts like the one I made above get modded "troll". Seems to me there's big google money being spent on astroturfers, or perhaps Taco and Co have signed a special contract...
Caveat Utilitor
That's because shiny is much more important than secure. Learn to live in the parameters of reality, and improve upon weaknesses when possible.
Plenty of people. Even if you're among those few who know better, sometimes you don't have a choice. If I'm in the middle of my building, I don't get a signal other than out unsecured wifi. Do you know how my superiors would look at me if I wasn't in contact with them during a major event and I told them it was because I was worried about something like this? At best, they'd stick tin foil on my head. That I'm right makes no difference and I'd rather not get fired.
Yeah, I have Droiwall to try and limit ways my phone can be exploited but that's not a cure-all. Besides, as dependent as the world has become on smartphones, I do think the manufacturers have some level of responsibility to protect customers who are at risk because they don't know better. It's too late to try and limit this type of tech to nerds.
If Google had any guts, they would push out updates without the greedy, trogliditic carriers involvement, using the unassailabe justification of security.
Of course in retaliation, the a-hole carriers would suddenly switch to Bing even on Android devices.
I thought we had all learned this lesson a long time ago -- Encrypted data BEFORE it leaves your computer, especially when connecting via untrusted WIFI.
Android > Wireless And Network settings > VPN Settings > Add VPN.
"Yeah, but it's difficult to set up my own VPN. What about computer illiterate users?"
"You expect my grandma to do this?"
No. I don't care about anyone else's competency or security. Use VPN or only SSL websites on untrusted WIFI or face the consequences.
This story just proves what I've been saying all along: If you don't know shit about it, leave it the fuck alone.
the internet has matured, people are much faster at spotting trolls now? IF her phone was really randomly dialing people it was defective and should have been returned...
Given that someone can't sit next to me at Starbucks, or even in my driveway, and pick up packets off the wire and decode them, yes it is a LOT more worrying that this happens in the air as opposed to it being possible at all. I mean, how often did your PPP dialup and POP3 password get exploited for being transferred in cleartext? Sure, in a perfect world every single endpoint would have a major CA signed cert, and SSL/TLS would wrap every single packet on the internet. Until we get there, I will start my worrying with what happens over the air, and get to the wire when that's done.
Now STFU,, troll.
And my wife has a Samsung Galaxy with T-Mobile that has worked perfectly.
Does that include the GPS? I just returned one yesterday because the GPS wouldn't work.
Never turn on account sync in the first place. If you -do- have a gmail address, create a separate one just for your phone (since google makes it mandatory to have a gmail/google account to use android, for -some- reason I can't imagine...)
Disable all 'back up my data to google' options in the sub-sub menus.
Problem solved. Your phone won't have any account credentials worth worrying about, outside of through the browser (standard cross-site-scripting exploits, etc) or reasonable apps that ask for no permissions beyond internet (connectbot for ssh, etc)
---
the pen is mightier than the sword, the sword is mightier than the court, the court is mightier than the pen.
No, it's just you.
--Jeremy
Jesus was a liberal
Which one is which?
These comments are my own and do not necessarily reflect the views or opinions of my employer or colleagues...
Swiper no swiping!
That's all it takes for a STFU?
Jesus was a liberal
Ditto. However the replacement myTouch 4G hasn't given me any problems yet.
These comments are my own and do not necessarily reflect the views or opinions of my employer or colleagues...
Android vs Blackberry
or the old s60 could be considered as being somewhere in between
So basically then, because Google humped the dog & doesn't allow you to specify to use SSL Authentication, you should therefore not use any unsecured wifi to use your Andriod phone to access Google services?
Seriously, are you fucking KIDDING me?
So when Adroid has an issue, the response is "just don't use it"?
I wonder what the bloodbath would be here if this was the iPhone. Seriously, "it runs linux" is not a reason to ignore the fact that they fucked up again.
Seriously, you fucking Linux/Andriod fanbois are getting worse than the Jobswhores. Grow the fuck up already.
Mods: This is both trolling and flamebait. Please mod accordingly.
This is what Apple did: stood up to the carriers and said, "We're in charge, not you losers with a track record of crippling phones.". And people hated them for it.
Android was the answer. Except that its end customers are the carriers, not users.
What about Blackberry's Android? ;P
These comments are my own and do not necessarily reflect the views or opinions of my employer or colleagues...
What do you expect? If you release software and allow independent vendors to install your software on their hardware, you will get a wide range of products, from cheap and shoddy to pretty darned nice. If you only want to shell out $100 for a tablet, well, you get what you pay for. OTOH, I have a $450 Dell Streak 7 that I'm reasonably happy with. Fit and finish are pretty nice, the screen is sharp and clear, and the tablet works pretty well. There are a few apps that work fine on my HTC Hero but won't work on the Streak (Astro file manager, Google Sky); I assume that's because they were designed for the smaller screen of a phone and don't know how to scale to the larger tablet size. However, I have seen progress on that front even in the few weeks I've owned the Dell. ConnectBot wouldn't work when I first tried to install it. I tried it again last week, and the force-close on start-up on the tablet had been fixed -- now it works quite well (and the larger keyboard on the tablet makes it much nicer to use than on the Hero).
It seems to me that Apple provides a one-size-fits-all approach. They provide a premium product at a premium price. If you can afford the ${iDevice} you'll probably be happy with it. Android allows you to buy a product that fits your budget. You can get a cheap device, but you'll probably get a cheap experience. You can buy a higher-end device and get a higher-end experience. Or you can buy at the point in between where your budget and your needs intersect. I don't see that as a bad thing.
MCSE? No, sir...I don't do Windows. Yes, I am an idealist. What's your point?
How is this a "OMG -- Linux is inherently insecure!!!" argument? The developer of software on a Linux platform is stupidly passing clear-text, confidential data across a WiFi connection. Guess what? If you set up a POP3 e-mail account on an Apple product with no encryption on your user name and password between you and the e-mail server, then try to connect to your POP3 e-mail on a shared network (for example, through an Ethernet hub), you'll be able to sniff those credentials, too. Did Apple fail to "protect you in terms of security" there? That's not an OS issue, that's an app issue.
MCSE? No, sir...I don't do Windows. Yes, I am an idealist. What's your point?
Two, there is no way to easily turn off these activities on a phone that you otherwise want to use for casual traffic on an unsecured network.
Well, going to 'settings' -> 'accounts & sync' and turning off 'background data' would do it. Then nothing in the accounts and sync page (google calendar, contacts, facebook, exchange etc etc) will be silent syncing in the background on your untrusted network. A lot of third party apps also follow that setting, so it should pretty much kill off all unsolicited background connections unless individually requested in a given app.
If you want to only kill off specific services, and have those require a manual sync, just change the settings for those options under the same acccount & sync page.
Remember kids, it's all fun and games until someone commits wholesale galactic genocide.
apple is evil, its true; but at least they ensure a reasonable experience on their tablet. it
This is just as wrong as the FA. How can you compare a 700$ tablet with a 100$ one? It's great that you allow yourself some Android bashing / Apple loving, but at least try to be a *little* fair.
I bough a XOOM (same price as the IPad) hoping it would not be too crappy. Well, guess what. It works like a CHARM, just as well as the IPad I tried before, maybe even better since it is way more flexible. And oh well, I knocked up an application on it in minutes without a 100$ SDK.
Your example is wrong and biased. If you buy a 100$ made-in-china-punkyards tablet, you get what you paid for. Let's see what you get from Apple for a 100$
Oddly enough MSFT used a similar term when security experts started telling everyone that activeX is bad and not to use it. MSFT called it fear mongering.
10 years later we are still cleaning up the mess that activeX made of the Internet.
i thought once I was found, but it was only a dream.
No Shiny is more important than plain.
the problem is securing things is hard, and in the end should be nearly invisible to the end user.
Shiny is is to show a CEO that you actually accomplished something today.
i thought once I was found, but it was only a dream.
That's the voice recognition software working for her. Try disabling voice dialing.
I used to use voice stuff until I sneezed while driving and discovered my phone thought I said father and dialed him.
From then on I refuse to use Voice activated features as none of them actually work right in the real world. They use quarter or half samples of pick up key phrases and hash those for speed however because of the compression/ judging that they use for hashes there is huge number of items that "sound alike"
i thought once I was found, but it was only a dream.
Considering I bought it... oh, over a year ago when it was released, you contradict yourself. I Besides, We were promised it would be an unlockable bootloader!
I have every damn right to be mad. FTA: "This follows Motorola's earlier statement that it is 'working closely with our partners to offer a bootloader solution that will enable developers to use our devices as a development platform.'"
So, for calling me a whiner... stick it up your ass, my friend.
BTW, if Google had a clue how to sell a phone through popular carrier channels to begin with instead of their stupid web-store experiment, I would have gotten one.
I8-D
I dont use the "sync to google" functions anyway. Was always too scary to me.
Android does make it very easy to send your private data "to the cloud", though. For example, the configuration wizard (which opens when you first turn on the phone) asks if you want to "back up data to the cloud" - a simple checkbox. If you do that, it'll back up, among other things, all your WiFi keys...
I've noticed this too, "unpopular" opinions are getting modded down in these Android stories. It's ridiculous. Some might be on the trollish side but even calm, well reasoned arguments are getting the treatment. I try modding them back up from time to time but it's depressing to have to spend mod points undoing bullshit moderations.
Do any apps or services actually use the ClientLogin API anymore? I thought everybody had switched to OAuth already. Wouldn't this be akin to using Telnet over an unsecured network instead of using SSH?
It is the constant battle between the Fandroids and the iCult.
God forbid anyone speaks truth about your platform of choice.
09 F9 11 02 9D 74 E3 5B D8 41 56 C5 63 56 88 C0
If they are too open - China releases crappy products using a bunch of reference code. If they lock it down so they control the release cycle more the zealots come out and decry Google for not being open enough.
Is there any middle ground? Keep in mind - any released code from Google no matter what the license - China will steal.
Well no, of course Windows is loaded with potential exploits.
The problem is...so is OSX and Linux.
But Windows does take the majority of exploits out there. Two reasons really:
Market Share
Technical Savvy of Users
The average Windoes user is, well....stupid. And no, I'm not saying that to all you admins and shit out there...but Windows is the bastion of the average masses...they buy a PC from xxxxx that has Windows pre-installed and they just keep using it. They don't understand fuck all about computers, and they (or their 15 year old son) go surfing for porno, and they go to a dodgy site & get infected. They probably don't even know it, which leaves an infected/botted PC out there just waiting to accept commands from the almighty bot masters.
The average Linux user is, well, socially inept (sorry, I had to) but understands technology. If there were virii out there to infect its 1% (desktop) market share, it would have to be a damn good one, because the average Linux user wouldn't click some random file in an email that says it is a screensaver. We, the users of Linux, just fucking know better.
Even if Linux somehow magically became the dominant OS of the smartphone market (for example) and loaded with a pile of "Oh look! Shiny!" dumbass users that bought the phones because they wanted an "iPhone-like" device without paying out the ass for it, then you can be sure that there WILL be malware, and lots of it.
09 F9 11 02 9D 74 E3 5B D8 41 56 C5 63 56 88 C0
Um, you forgot the rest of us. You know, slashdotters who aren't irrational, flaming, fanbois? We're probably the majority, too.
Caveat Utilitor
Am I the only one that has noticed a strange rash of Android/Chrome FUD lately?
Plenty of people. Otherwise restaurants wouldn't offer them to entice customers to eat there.
And this is why there should be no such thing as 'unsecured wireless', all wireless should be secured even if it is with a default password of 'password'.
all wireless should be secured even if it is with a default password of 'password'.
WEP with a well-known password has the same vulnerability to passive Firesheep-type attacks as open Wi-Fi. Even WPA is vulnerable to an active attack that forces a deauth and then snoops the pairwise transient key on reauth. WPA+PEAP is less vulnerable because the handshake takes place over TLS.
Oh, did you miss the part where it's not the poster's phone?
I'm not sure it could be any more obvious that he in fact didn't miss that at all:
My anecdote cancels yours out. Perhaps your friend's problems are with Verizon or Motorola?
So take your reading comprehension failures elsewhere dumbass.
But if the encryption is end to end, the air is moot.
The large sniffers are not next to you at starbucks, they are in the datacenter within 200ft of you POP to the internet.
Encrypted wifi for internet access is strictly for access control and has nothing to do with keeping data secure.
Work bio at MMWD
Shrug, goodbye karma, but my iPhone's voice recognition does pretty well. Needs you to tell it to listen, repeats what it's going to do before it does it so you can cancel when it does get it wrong.
100% success rate for the number I call most often, probably around three quarters successful for the other numbers I very infrequently call - so maybe it just seems good to me because of the specific circumstances I use it in.
you have a 100% success rate in telling it when you want it to do something.
What is the rate of error when you make other noises at it?
it may be able to tell the difference between mom & dad, but can it tell the difference between a throat growl and mom?
That is the trick. not that it can identify clearly spoken sounds but does it also identify badly garbled sounds and find matches for those? If the answer is yes then the software only partially works as the error correction isn't good enough.
i thought once I was found, but it was only a dream.
I haven't tried using it in any place noisier than the inside of my car with the windows up and no passengers. It doesn't start interpreting sounds as voice until I explicitly tell it to, so I've not pocket-dialled someone by farting yet.
I expect it would not work particularly well in noisier conditions. If that's the use case you'd have for voice recognition, then the technology probably isn't mature enough for you yet, but for my use case, it's good enough to be using now.
If this was an Apple or Sony bug I'm sure each and every one of you would be ranting about it and how there bad companies. But because its an Android bug your all praising Google and not blaming it on anyone.
Figures, the reason why I hate this site.
Android apps run in a stinking VM. There's no reason whatsoever that the kernel and drivers have to be distributed with everything else as a monolithic package. The system apps and even the VM should just be packages like anything else and should be updated from Google. The kernel should present an API or ABI to which other packages can be compiled or run against. You know, like Linux. Oh, wait...
What was Google thinking? Android has so much potential but crap like this ruins it. They dug themselves a hole with no way out. The only hope is for thirdparty distros, but those void warranties. What a stupid mess that should have never been an issue.
"Those who consume the bulk of goods are those who make them. We must never forget this secret of our prosperity."