Ask Slashdot: Android Security Practices?

Soft writes "Smartphone security recommendations seem to boil down to Windows-like practices: install an antivirus, run updates, and don't execute apps from untrusted sources. On my own computers, running Linux, I choose to only install (signed) packages from the distribution's or well-known repositories, or programs I can check and compile myself, or run them as a dedicated user — and I don't bother with an antivirus. What rules should I adopt on my soon-to-be-bought Android device? Can I use it purely with open-source apps and still make the most of it? Are Android's fine-grained permissions (accessing the network, contacts...) reliable? Can apps be trusted not to scan your files and keyboard for passwords and emails? What precautions do security-conscious Slashdotters take to keep control of their phones?"

Install a firewall

[girlintraining]

Install a firewall. Not to keep the hackers out, mind you, but to keep your data *in*. There are way too many apps that try to phone home or do things they don't need to ('live' wallpapers come to mind). Disable their network access. If an application requires network access, bring it home, set it up on your home wifi network, and run a sniffer to find out where the data goes. You don't need to know what the data is per se. Then, try blocking as much of it as you can until the application stops working. You've now found the minimum amount of access that app needs to function.

Re:Install a firewall

If you don't want your personal information getting out, don't install those programs that request the information you're not comfortable with giving out?

I mean, as much as you will know, that's a lot of work (and quite a bit to remember to do) for each application. I have about 150 on my N1, not counting ones that I've uninstalled already due to space constraints... If I took 10-20 minutes each, that's a good 3-5 hours.

Or you look on the market and if it's something that doesn't make sense, 2 seconds to do a quick scan over "contacts", etc.

Besides, if you're going to root, you might as well get the root app that selectively disables permissions. Don't remember the name, but it's a lot easier than packet sniffing.

Re:Install a firewall

[mlts]

More specifically, root your Android phone (no, it will not lessen security unless you are stupid and click "allow" on any app that pops up the su dialog unless you KNOW it needs the root permission.)

Install DroidWall and allow it full su access. Then when you install a new app, make sure to allow it out, because by default, new apps are not allowed to phone anywhere. LVL is handled by another mechanism, so apps should know they are licensed even if you block them with DroidWall.

After installing DroidWall, and selecting the apps you know that need to communicate, that will provide a decent measure of protection.

Re:Install a firewall

[improfane]

On a phone? Are you serious? Honestly I never thought you'd ever need a firewall on a phone. If we cannot trust the software running on our phones not to be able to do malicious things, something is seriously wrong with the software architecture on phones. I always thought that the Bitfrost security architecture from OLPC was a good idea. How come this style of capabilities is not in Android?

Nokia 1661 and loving it baby. As far as I can tell, I can't put software on it!

Re:Install a firewall

[i.r.id10t]

The problem isn't that it is a phone, but rather, it is a computer with phone functionality. Would you tote around a laptop w/ no firewall or AV?

Re:Install a firewall

[wiggles]

That's because it's no longer a phone. It's a palmtop computer with phone functionality.

Re:Install a firewall

Dude, it's wrong to think of it as a phone. It's a computer running Linux, and should be administered just like any other Linux workstation or server.

Re:Install a firewall

[Jeremiah+Cornelius]

Agreed. When "signed apps" are little different than trojans to steal your PII and report on your activities, the definition of security moves away from one of "penetration and exploitation" towards "scope of trust and violation".

As to the original article.posting, with its naive POV regarding security? What does your posture do for you, when exploitation and abuse are built into signed apps - or signed apps consume and interpret code from untrusted, arbitrary sources? Flash, Acrobat and any AJAX capable browser are all wide-open to abuse, on any given 0-day.

Re:Install a firewall

[fermat1313]

If we cannot trust the software running on our phones not to be able to do malicious things, something is seriously wrong with the software architecture on phones.

Ah, the myth of perfect security. There is no system that connects to a network that is perfectly secure. We all want open phones that will run any software we want, and we expect the OS to be able to ward off any possible attempt to compromise it. Ain't gonna happen. That's why we need firewalls, as well as software that blocks processes based on either known signatures or behavior.

Only a mathematician could believe in perfect security. Engineers, they know better.

Re:Install a firewall

[improfane]

I think you're missing my point. It's a phone. You shouldn't have to install security software on something as trivial as a phone. Something is wrong with the API and security assumptions of the device that it is insecure by default, without security software.

Now that the cat is out of the bag, we can never put it back in. App companies have gotten used to the APIs that give them amazingly intimate personal and marketing information. Apple and Google (an advertising company) has a vested interest in allowing companies to phone home with all your personal data. Expect to have phones and tablets that are insecure by default. We aren't going back. It's just going to be a repeat of the PC industry.

It just sounds as ridiculous as installing security software on a walky talky or a landline telephone. The API should not be able to access data that the app store has not agreed to. It should be shipped with a list of capabilities it expects to use. It really sounds like that software on Android just runs and does whatever it pleases. We're reactive rather than proactive again...

I don't think it's an issue of running untrusted executable code, the code IS trusted but it's capable of doing things the phone should never have exposed to the application. I'd like to see security enforced for every execution of an application, so when you close an application, it gives you a list of the data the application tried to access. Rather than trying to ask the user each time to accept or decline, it should be configured BEFORE execution.

Re:Install a firewall

[The+Dawn+Of+Time]

You're missing reality - it's not a phone, it's a computer with phone software. I know that's exactly what the post you replied to said, but apparently it went right over your head.

Re:Install a firewall

[afex]

what's ridiculous is you comparing a phone to a walky talky.

"as trivial as a phone"? my phone almost has a faster cpu than my current nettop (atom 1.6), and about as much ram.

Re:Install a firewall

[Desler]

Would you tote around a laptop w/ no firewall or AV?

Yes, I do all the time.

Re:Install a firewall

[mlts]

It is a Linux kernel, but the userland is very different. Root is there, but apps have their own UIDs, and almost all the UNIX command lines are links from busybox [1]. To prove this, try getting gcc to work natively on Android.

It really can't be run like a Ubuntu box -- users by default don't even have root access on almost all Android devices. Instead, you have to be careful on the app level.

[1]: Busybox is (IMHO) one of the few programs that just is pure awesomeness in its functionality.

Re:Install a firewall

[molnarcs]

I think firewall is a bit overkill. My advice would be to just use normally. I do. I DON'T install apps from shady sources, I just use the official Market. I have a few dozen apps installed, and I clicked through the permission screen mindlessly, yes. Why? Almost every app needs network access, after some time I got bored reading through the list of permission they require. BUT - the apps I install are well established apps with overwhelmingly positive reviews (based on a large number of reviewers). That's basically it - just use common sense.

And yeah, I enabled geolocation - not allowing it doesn't make me any safer. The information is NOT shared with the world by default, but it helps with weather apps, and targeted ads in the few ad supported apps I have. And I do prefer those to random shit from accross the world... So, as I said, just use it, the Market is pretty safe, but don't install just released apps mindlessly (you won't need to anyway, the quality of apps in the market has increased dramatically since I started using my Nexus last August).

That said, I never ever do anything like online banking on my phone. I have a PC and a Laptop (well, slate actually) for that. I entered my password for sync (gmail/picasa/calendar/etc) when starting up the phone the first time. So even if some app installs a secret keylogger (very very unlikely with the above common sense measures) what can they get? My text messages? I'm not in the habit of writing lenghty emails on my phone either... So never type sensitive passwords (banking, cc numbers, passwords) - and that's about it. If you need apps that want some password (Skype, YM, whatever) install them first before installing anything else. And just enjoy your phone, don't be too paranoid - I'm very very satisfied with my Nexus (ran cyanogenmod for some time, but switched back to stock, running Gingerbread 2.3.3 now + Go Launcher) - it's a very well built, sturdy little thing.

Re:Install a firewall

[improfane]

I wish I could accept how easily you accept the status quo. One that only benefits big companies that harvest personal information from the clueless masses. Perfect security is impossible, I agree.

I don't want a phone that is continually monitoring my whereabouts by default or can connect to the network at the same time as accessing my data.

Should a phone be able to access my phone book AND the network at the same time?
Should a phone be able to access files on the phone AND the network at the same time? What files can it access and why?

I think these are reasonable precautions. The app developer should have to go through hurdles to accomplish these things. Perhaps enforce SSL by default when your software has the capability of reading phone book information = enforces your data security when transmitting it and the identity of the recipient.

Re:Install a firewall

[poetmatt]

so basically you like the complete lack of control over what info we can pull from your N1661? Specifically where you are, who you've talked to, etc?

Re:Install a firewall

[spikenerd]

AV is like installing a house-fly chasing robot. It's big and often gets in the way, but it keeps the fly population in your house small. On proprietary platforms, AV is critical because you cannot close the windows through which they enter. On open platforms, it's a stupid idea. Just close the stupid hole! Why would anyone put up with AV? It's as annoying as what it protects you from, and the days when it was a good thing have passed.

Re:Install a firewall

[improfane]

The rest of the world says no, we shouldn't have to manage the security of a phone. It's a burden that the technological world has failed to recognise.

All my cellphones have been connected to the network (GSM or whatever). It's not the 'being networked' that's the problem. Nor is it code execution. My Nokia 3410 could run Java applications. Internet access was something that the phone ased me for.

Why is my Nokia 3410 more secure than Android?

Re:Install a firewall

[Riceballsan]

"I don't think it's an issue of running untrusted executable code, the code IS trusted but it's capable of doing things the phone should never have exposed to the application. I'd like to see security enforced for every execution of an application, so when you close an application, it gives you a list of the data the application tried to access. Rather than trying to ask the user each time to accept or decline, it should be configured BEFORE execution."

You pretty much described the way the android works, when you install the application it gives you a list of what it can access. Out of the box when you install a program the android says "this program requires permission to access X, X and X, do you still want to install it?"

Re:Install a firewall

[improfane]

Do you really think your phone being an Android or an iPhone protects you? Any intelligency agency could pull whatever they could pull my phone from an Android or iPhone plus everything else. I don't doubt the remote code execution of phones.

The recent phone "hacking" scandal in the UK which I cannot tell if it were server side (provider) or client side (phone side) demonstrates that it's not that hard.

I protect myself from myself by using a dumb phone. Not from others...

Re:Install a firewall

[ashidosan]

Fortunately, some of us are smart enough not to click every stupid shiny thing we see in the web, or even use operating systems extremely vulnerable to this type of attack.

any other computer

Not all operating systems are created equal, nor have the same attack surface. Not arguing against the usefulness of a firewall here, but what good is antivirus if most (of the really bad) exploits are zero-day? If you don't apply the remaining security patches, well, that's really a different issue.

Your post assumes a great degree of naiveté, but all users are not created equal either.

Besides, the post you're attacking wasn't even the poster who claims AV on a phone is stupid.

Re:Install a firewall

[improfane]

That's the potential to access. Not the actual access. That won't scare users enough.

The software should display the data that would have been accessed with the widgets that is appropriate to the device, say a contact card or a filename and then threaten the user.

Are you sure you want to send this information to somewebsite.com over an unscrambled channel to someone in China?

• a list of your contacts as displayed in your contact list
• a recent email of your naked wife (with picture rendered)
• a map with lines between your last plotted geolocations
• the following picture captured from your webcam

It should be displayed like numerous bits of scrap data on the screen with a picture of a pipe and the pipe attached to a shady looking figure next to the planet earth on the other side of a cloud. The implication should be obvious.

Would that scare you?

Re:Install a firewall

[brainzach]

Any app that uses the Internet and saves information on your phone will need permissions for network access and to modify the contents of your SD Card. It is not surprising that many apps require those permissions and there is little way around this if you want to get the most functionality out of your phone.

Applications on Windows, Linux and OS X also save data and can access information on the Internet at the same time too.

Re:Install a firewall

[TheCRAIGGERS]

Install a firewall. Not to keep the hackers out, mind you, but to keep your data *in*. There are way too many apps that try to phone home or do things they don't need to ('live' wallpapers come to mind).

Bah! Screw that. Maybe I'm too idealist, but if I'm looking at an wallpaper (for example) and the security permissions require net access, SD card access, and access to your bookmarks, I just don't install it. There are two main reasons for this:

First and foremost, the app is obviously shady, if not outright malicious. I don't want it on my device at all.
Secondly, and no offense here, but you are trusting a firewall / antivirus program to protect you from stupidity. There is no replacement for some common sense when it comes to installing programs on your computer. Most of us geeks here on /. already have a finely-tuned bullshit meter that can detect the majority of malicious software in the PC world before we run it. You need to enable that mental filter on your mobile device as well.

Android gives you more information than we ever got on our PC. It's up to you to use it. Yes, I know that live wallpaper is oh so pretty, but resist the urge to install it when you see something fishy in the permission list and 99% of your security concerns disappear.

Re:Install a firewall

[spire3661]

The era of pocket cell PHONES is over, now is the rise of pocket computers. i realize you are trying to make point blah blah blah. I get the part about the providers slurping at the trough of personal data but bitching about having to install a firewall on a networked COMPUTER is silly.The reality is that to have expansive functionality, you need to make security compromises. This is true across the computing spectrum and security in general. Its easy as hell to lock down a computer, simply turn it off. For those of us who have to use our computers (desktop and mobile), the want for expandable functionality requires extra security measures. Compromise is the key term here.

Re:Install a firewall

[GP1911]

Hacking voicemail systems has nothing to do will the actual mobile phone.

Re:Install a firewall

[brainzach]

The most obvious reason that a wallpaper app needs permissions to access networks and SD card access is because it will download images off the internet to store on the SD card. It is basic functionality that improves the user experience so it doesn't necessarily make it malicious.

Re:Install a firewall

[girlintraining]

I think you're missing my point. It's a phone.

They aren't missing it, they're ignoring it. What it is called isn't the issue, it's what it can do, and whether that is what the end-user wants (or not).

Re:Install a firewall

If your AV annoys you, you're using a bad one.

Re:Install a firewall

[improfane]

Writing data that cannot be executed from the internet is not as bad as accessing data and uploading it. Of course as long as it cannot be read into memory and executed.

We have HIPS because it wasn't programmed in by default. The security model in the PC world is non-existent. The phone securiy model has just repeated the same mistakes from the PC industry rather than try solve it. HIPS really do help. Capability based security and appropriate permutations would be a good start for fine grained security.

Re:Install a firewall

[nschubach]

Some of them are non-obvious or too lenient.

SD Card access springs to mind. Google considers all data on the SD card public... I, however, do not think my SD card is free range and wish there was a way to limit apps to just their folder. (Well, I know there is a way [symlinks in app path on local memory to directories on sdcard], but Android does not do it.)

Some apps (I have a friend who did this) will check the built in functionality to determine if you have a firewall app and refuse to run unless you buy his pay for version.

Also, Internet Access. I cannot say, "No, you will only have access to google.com/*" without a firewall.

Re:Install a firewall

[improfane]

You are right. I didn't read my article.

The recent phone "hacking" scandal [wikimedia.org] in the UK which I cannot tell if it were server side (provider) or client side (phone side) demonstrates that it's not that hard.

It must have been server side then. Still, an Android or iPhone is not immune to server side attacks. So using one does not make you any more secure, I'd say it makes you less secure. All I did was some googling of the victims on phones, like, victim name + "phone" or "on the phone". They just happened to be using blackberries and what appeared to be smartphones. Of course correlation != causation. I wouldn't trust RMI.

Re:Install a firewall

[Eponymous+Hero]

let me get this straight.

first, you couldn't tell the difference between a phone (hardware device), and a multifunctioning computer running a phone application. then when the realization struck, you got scared. now it's your life mission to ensure that everyone who uses a portable-OS-with-phone-app is just as scared as you?

ffs just be responsible. if that's too difficult, no big deal. karma works it all out. or you win a darwin award first. w/e

Re:Install a firewall

[nschubach]

I think firewall is a bit overkill. My advice would be to just use normally. I do. I DON'T install apps from shady sources, I just use the official Market. I have a few dozen apps installed, and I clicked through the permission screen mindlessly, yes. Why? Almost every app needs network access, after some time I got bored reading through the list of permission they require. BUT - the apps I install are well established apps with overwhelmingly positive reviews (based on a large number of reviewers). That's basically it - just use common sense.

The problem is, 99% (woo, fictional stats) of the people that voted that app a 5 star app did the same thing. Nobody pays attention to what they are giving access to. They only care what the app tells them it's doing. (I'm a background switcher and I need access to your contacts so I can display them on the background and full internet access for ads!). They do not care that it's sending their contact information to a central server of spammers.

Re:Install a firewall

[Celestialwolf]

Do you happen to have any firewall app recommendations for a non-rooted phone? I've seen a firewall app I liked, but I required the phone to be rooted. I have a Samsung Galaxy S, and so far it's done just about everything I need (including the WAP feature) without rooting, and I'd rather not if I can avoid it...

Re:Install a firewall

[nschubach]

Also, a majority of the phone users are not geeks with finely tuned BS meters or the ability to tell what the access even means.

Re:Install a firewall

[TheCRAIGGERS]

An image is what, a few KB? That could easily be packaged with the original download.

If you are looking at an app that can download other wallpapers as a service, then sure, I agree with you. But if you do a search for wallpaper in the Android marketplace, most of what you see are packages with one, maybe two wallpapers- not a service. Also, I don't see an explanation of why it would need access to my bookmarks.

Regardless, I only used wallpapers as an example, and yes you can probably poke some holes on my argument by finding some apps that fit my criteria and aren't malicious. But my point was that we just need to apply some common sense here. If the app asking for more than it needs to do its job, then that should raise some warning flags in your head.

Re:Install a firewall

[Eponymous+Hero]

i wish you could easily accept that the devices being discussed are not phones. they are computers that can, among many other things, do what a phone does.

let's say you run skype on a desktop pc. technically the pc is now equivalent to a smart phone, it just can't fit in your pocket. if you used the pc primarily for using skype, wouldn't you still want to put a firewall on it?

i use my android phone more for search, maps and hockey scores than i do for making and receiving calls. the fact that it makes calls is incidental, and is merely convenient so i don't have to carry a separate phone and a pocket computer. it is primarily a computer, no matter what you use it for most. thus common sense dictates securing it in the manner appropriate to a computer, i.e. antivirus, firewalls, etc.

since you don't even use a smart phone, why should anyone listen to you rant about them? hell, even i played world of warcraft for 9 days before i went around telling everyone i think it sucks. is it too much to ask that you know what you're talking about when you give an opinion?

Re:Install a firewall

[rickb928]

Until recently, Apple users were quite proud of the relative lack of threats to their MacBooks. This past week seems to have wiped the smirk off their faces, but that will be shortlived. Apple will plug the holes and they will go back to bliss. Reactive again.

And few Linux laptop toters bother with substantial AV. Of course, most Linux distros install a firewall, but it's relatively generic and minimal, and the users also seem ready to gloat about the seeming lack of threats. And they are not entirely incorrect in this, but that's more because the attackers seems to be avoiding DHCP blocks, in favor of named hosts, though that is not 100% and as Linux gains share in the home, they will happily follow these new users and take their machines for their own. Ah yes, security by limited market share.

What I want for my Android phone is a firewall that denies apps access to SMS and phone, GPS, and camera, except by my permission, and then only when I want them to. I've uninstalled Stitcher because it ran a Bluetooth service. My podcast gizmo needed a Bluetooth service? I already got one of those, Suppose I'll get that firewall any time soon?

Re:Install a firewall

[Applekid]

Well, fine then. Each app has a developer. Write to them and find out what they want to do with your phone.

They don't write back? Don't install the app.
They write back marketing fluff? Don't install the app.
They write back something you suspect is a lie? Don't install the app.
They write back something you suspect is true but you don't want them to have the permissions? Don't install the app.

My app selection criteria revolves around what's important to me. Sounds like I just itemized your criteria. No no, my pleasure.

Ultimately, it comes down to trust. It's not limited to computing, the real world has examples, too. Do you trust the cleaning person? Do you trust the developer of a given app? Do you trust the cleaner to have a copy of your keys? Do you trust the developer to run code on your system? Do you trust the cleaner not to steal anything? Do you trust the developer to respect your data? Do you verify the cleaner isn't stealing anything with surveillance? Do you verify the developer isn't phoning home with data it doesn't need with a firewall or "wire" inspection?

If you trust no one, then the answers seem clear. Don't hire the cleaning person and don't download apps.

Re:Install a firewall

The Android security model is broken. There is a list of permissions that apps are strictly kept to... so all of the apps just ask for all of the permissions (more or less). You either say yes or don't install the app. A more sensible approach would be to allow me to deny access to various data that an app may request by feeding it fake data (i.e. if it asks for my contacts, return successfully... with an empty list).

Luckily security researchers are working on the problem. One example is TaintDroid which is a custom ROM (really not intended for end-users) which tracks what information apps actually use and where they send it. I have heard about some other projects similarly looking at the Android security problem... at least on Android it is possible: the iPhone is a closed platform, so iPhone security is a lost cause.

Re:Install a firewall

I think you're missing my point. It's a phone. You shouldn't have to install security software on something as trivial as a phone.

I think he gets the point, it's just that every single one of your argument applies equally to any other form of personal computer. Yes, it's regrettable that some PCs "need"(?) security software. Nevertheless, here we are.

And on top of that, "something as trivial as a phone" doesn't have much meaning in 2011 because if phones are "trivial" then so is any other personal computer, because phones and PCs are the same exact thing except they come in different sizes (some fit in your pocket and some are rackmount).

Something is wrong with the API and security assumptions of the device that it is insecure by default, without security software.

Apparently, in many peoples' opinion, such is the case and they're not really arguing against you on that. They're saying to install the firewall, and that might be a good idea even if something wasn't wrong with the device.

It just sounds as ridiculous as installing security software on a walky talky or a landline telephone.

Well, no, because people's expectations for those devices, is different. People don't expect those to be as flexible as personal computers. And with flexibility comes the possibility that a device may be directed to do "bad" things.

I'd like to see security enforced for every execution of an application, so when you close an application, it gives you a list of the data the application tried to access.

Cool idea.

Re:Install a firewall

[godrik]

I am a new android user. And I wondered about security as well.
You said things like "Disable their network access" or "try blocking as much of it as you can until the application stops working". But is there any system level permission that can be set per app ? Anyway to say per app yes or no for the network ? or maybe allow access to some directories but not to other ones? A lot of applications are requesting GPS localisation, is it possible to configure fake coordinates?

Re:Install a firewall

You're missing his point too, I think. He's saying that 'computer as phone' is completely absurd. Sure, it's the truth. But it's a silly state of affairs.

Re:Install a firewall

[jakartus]

Agreed 100%. "Something as trivial as a phone" is said earlier in the thread. But it is not a phone. It is a computer!
This is a trivial phone.
This is also a phone.
This is a computer that can make phone calls. Also can send e-mails, play games, provide navigation and mapping, record video, play video, play music etc etc etc

Re:Install a firewall

[thePowerOfGrayskull]

This. By default you are given generic information about the access an app will require before you install it. You must approve it in order to install it. You do not get any specific information about what the app will do with the info. Once you approve it you gain no further insight about what the access is used for or even when it's used.

OP is missing the point with the firewall suggestion. It is not reasonable that someone should have to go to tjose lengths to secure a device, especially a modern device more or less built on top of the last 50 years of security lessons. That kind of security should be an integral part of the platform.

I was really surprised that Android got this wrong

Re:Install a firewall

[macs4all]

Until recently, Apple users were quite proud of the relative lack of threats to their MacBooks. This past week seems to have wiped the smirk off their faces, but that will be shortlived.

Since the most recent threat was but a Trojan, it is already back off the RADAR. All the smart Mac owners already warned all the gullible ones. Problem solved. Smirk restored.

And since we're talking about mobile devices, the smirk is firmly in place as far as iOS users go, too.

Face it: Android sucks at security. Top to bottom; left to right; inside to outside.

I'm not saying that OS X or its baby-brother, iOS, is 100% impervious to attack. But in the case of iOS, at least, the "marketshare" argument falls completely apart. And since iOS and OS X share a lot of architecture, I would submit that they also share a lot of robustness, too. Eleven years and counting, and still no self-propagating OS X malware. "Marketshare" simply doesn't explain all of that. Period.

I'm honestly not trolling; just pointing out undeniable facts.

Re:Install a firewall

[Joce640k]

It's sold to people as a 'phone by 'phone companies...that makes it a 'phone to most people. However you slice it, having all those computing abilities is a bad thing for security.

Re:Install a firewall

[jonbryce]

The phone hacking scandal employed default password vulnerability on people's voicemail boxes. That was server side. The default pin to access your voicemail is 0000 and most people don't change it. I disabled my voicemail many years ago.

Re:Install a firewall

Well, his answer kinda went over your head: he's right. The situation is badly f*cked up. Google, Apple and M$ have zero incentive whatsoever to provide something that doesn't leak/steal/trace you/your informations.

It's also very bad that we live in a world where nobody gives a sh!t about privacy/security and people are so keen to buy computers to put in their pockets. The OP's point is basically that a phone should be something that can give phone calls. Not something that can be r00ted by the latest Flash/JavaScript drive-by expl0it and that should be constantly patched, crossing fingers that you patched it before the latest 0-day expl0it r00ted your ass.

I'm the uber-nerd. I'm seriously geekier than you (I won't even start). But my cellphone? A lowest-of-the-low end Nokia. I don't even know its number. All I know is: no data plan and prepaid, anonymous, SIM in it (yup, legal in my country).

I use my cellphone to give, you know, phone calls. Besides that, my *COMPUTER* is hooked to a 24" and honestly I'm considering buying something a bit bigger.

Re:Install a firewall

[bryan1945]

I have some Nokia xxxx phone. I can install software on it, but it's a real pain in the ass (I did it to turn off the Web, GPS and PTT buttons.). Like you said- it's a damn phone. Unlike most /.ers, I don't want a phone/computer/lawnmower. I want to call my wife, not trade stocks while watching a baseball game and playing Angry Birds on a phone.

Re:Install a firewall

[alostpacket]

It should be noted that one of the reccommended ways for devs to employ LVL DRM is to offload the returned response to the dev's own trusted server. This would require internet access. This is done because LVL is trivial to break alone and trusting the client is always insecure.

Anyways, not to sound too spammy or promotional, but for beginners to Android I've written a guide and app that they can use as a pocket reference for the permissions and something they can give to family/friends who might be less than tech savy.

The guide is posted here: How to be safe, avoid viruses, and find trusted apps -- A guide for those new to Android

And the app is here: PocketPermissions

*Please excuse some of the typos as I'm not the best writer/editor and am in the process of cleaning up the guides now. However it should be a good beginner's guide -- somewhere to start understanding permissions and security before jumping into rooting and ROMs

Re:Install a firewall

[TheCRAIGGERS]

Also, a majority of the phone users are not geeks with finely tuned BS meters or the ability to tell what the access even means.

True. But this is 'Ask Slashdot'. This isn't some soccer mom trying to figure out her new "Android iPhone", this is (presumably) an at-least fairly tech-savvy geek asking his or her peers what they recommend. We're not talking about the majority of phone users here.

Re:Install a firewall

The problem isn't that it is a phone, but rather, it is a computer with phone functionality. Would you tote around a laptop w/ no firewall or AV?

Yes, actually, I do it all the time.

A firewall is a useful tool but is not completely necessary if you know what software you're running. Antivirus is just a waste of resources.

Re:Install a firewall

> Then, try blocking as much of it as you can until the application stops working.
> You've now found the minimum amount of access that app needs to function.

Nope. You just blocked something that it can't work without.
To find the minimum amount I suggest whitelisting instead of blacklisting.

Security on Android

Only thing I can think of is to read details on the app, for example why would a notepad app need access to the internet or my contacts.
Another thing is to install only apps from Google or "Good known sources".

Re:Security on Android

[nschubach]

Well, the notepad app could say it needed the Internet access for ads and the contact information for the quick contact paste feature.

Re:Security on Android

[rickb928]

AKNotepad syncs to catch.com. It's a feature. So it uses Internet access.

And it's in the Market.

There is no substitute for you actually knowing what the app does, and evaluating the permissions to see if they are appropriate, in your view, to what the app states is its feature set.

You were saying?

A smart phone is just a computer.

[Kenja]

A smart phone is a computer like any other and should be treated as such. Trust mobile apps as much as you would trust desktop applications. Do not install unknown software from unfamiliar sources and in general be as vigilant as you are with your Windows, Linux, OS X system. If you are paranoid enough, there are firewall and app activity scanners out there. But perhaps you dont trust them either. In which case, write your own apps. Its not hard for even the inexperienced with the app-builder tools.

Re:A smart phone is just a computer.

There is some truth in this assertion at the technical level, meanwhile, as a consumer device, it is not a computer. And this is exactly why Android is not much better than a glorified (late) Windows Mobile. The current Android implementation is prone to security breaches and disasters and time will prove it.
In the other hand, the Apple and mostly teh WP7 design, atlhough more restrictive, are by far better suited for a consumer audience. Again here, time will prove that WP7 and its very isolated sandboxes and API access is the way to go for broad audiences markets.
Should people care about viruses and identity theft on phones? No, they should not.
Should a platform restrict operations in favor of security for such an audience? Yes, it should.

Re:A smart phone is just a computer.

[tepples]

Should a platform restrict operations in favor of security for such an audience? Yes, it should.

But why should a platform restrict running even "Hello World"?

Re:A smart phone is just a computer.

[pixelpusher220]

There is some truth in this assertion at the technical level, meanwhile, as a consumer device, it is not a computer.

How does it's intended use have any bearing on what it *actually* is?

Re:A smart phone is just a computer.

[peawormsworth]

A smart phone is a computer like any other and should be treated as such.

Agreed, smart phone = computer. Viruses are a good indicator that you can install software that gets the full use out of the hardware you purchased. I really hate when a manufacture attempts to "protect" me from using devices in ways that they didn't already envision. Like by limiting applications I can/can't install. Because this "protection" can be used as a means to protect their alternate revenue streams. And frankly, I don't expect any one company to ever be big enough to keep-up with all the software I may want to install. Kinda like the way Linux is beating Microsoft in speed of application development and virus protection at the same time. Point is... "protection" obviously doesn't work and currently only serves to reduce functionality and increase costs. GET RID OF IT!

Re:A smart phone is just a computer.

[clang_jangle]

Should people care about viruses and identity theft on phones? No, they should not. Should a platform restrict operations in favor of security for such an audience? Yes, it should.

Except that there tends to be an inversely proportional relationship between "power and flexibility" and "lockdown", so it comes down to individual choice. Yes, the average techphobic user will not do as well with Android as with an iPhone. BTW WP7 is too new to call, but the history of utterly screwing users over on any kind of data service deal (sidekick, playforsure, etc) should give anyone with any sense visions of great red flags...

Permissions aren't 'fine grained'

[c0d3g33k]

The problem with Android is that the permissions aren't in fact "fine grained" (though they might seem so to the 'TL;DR' generation). They are relatively course-grained with respect to what modern applications might require. Any non-trivial app will require permissions from the available pool that can be abused by malicious developers. The user has to fall back on trust when installing any non-trivial app.

Android needs something more like a sandbox environment for each application and a reasonable system where the user is asked for permission before accessing sensitive information.

Android permissions == FAIL, at least from a personal privacy and security perspective.

Re:Permissions aren't 'fine grained'

[ShavedOrangutan]

Every app requires full permissions, for no useful reason. Why a stopwatch wants access to my calls and read/write on the SD card, I don't know, and the choices are to either accept it or don't use the app. This is seriously broken. I don't even look in the Android Market anymore because it's just too much risk to install anything. It's actually worse than Windows, where at least I know where the software is coming from.

Re:Permissions aren't 'fine grained'

The problem with Android is that the permissions aren't in fact "fine grained" (though they might seem so to the 'TL;DR' generation). They are relatively course-grained with respect to what modern applications might require. Any non-trivial app will require permissions from the available pool that can be abused by malicious developers. The user has to fall back on trust when installing any non-trivial app.

Android needs something more like a sandbox environment for each application and a reasonable system where the user is asked for permission before accessing sensitive information.

Android permissions == FAIL, at least from a personal privacy and security perspective.

So, what you're really saying is... you should get a blackberry instead of android.

Re:Permissions aren't 'fine grained'

[afex]

plus, at least with windows you can deny it on the firewall and the app will still run. with android, (like you said), you can either submit or you don't get the app : (

Re:Permissions aren't 'fine grained'

[c0d3g33k]

No. What I was saying is that Android permissions aren't all that fine-grained and are seriously broken if protecting the user is the goal. What I didn't say is that they should be redesigned if personal security and personal privacy are a priority. I'm saying that now.

You, on the other hand seem to be implying that Blackberry is better for some unspecified reason. Since you obviously don't live in a Middle-eastern country where Blackberry caved and allowed personal communications of BB users to be monitored. So what was your point again?

Security is only valid if it's completely in the hands of the users at the endpoints of the desired communication, not the middleman who is managing it all while saying "trust me - you're completely secure, honestly".

To me, Android is much more secure than Blackberry, because at least I can root my android device and set up my own communications channel that has at least a chance of being secure. Don't really see that as an option for the dark fruit.

Re:Permissions aren't 'fine grained'

[Reapman]

EVERY App? I doubt this, in fact as an App Developer I know this isn't true. Adding permissions to your app is something you opt in - if a developer is so lazy he opts in every single perimssion then I wouldn't trust that app.

I've decided against installing apps that require permissions I don't want, and have quite a few apps that I've trusted onto my phone.

Google is providing you the ability to, at least, get an idea as to what your getting into. Something like the iPhone doesn't give this, and I'm not sure if Blackberry does or not. Could it be improved? VERY. Is it better then nothing? VERY.

How is this broken? Because an App Developer has some crazy permissions? I'd call that working - you know what it's asking for and you choose not to install it. How is it better then Windows? Do you know if your Windows Stop Watch app is talking to your Contacts stored in Outlook or Thunderbird?

Re:Permissions aren't 'fine grained'

[c0d3g33k]

Any non-trivial app requires permissions to one or more of the following:

- Your location (coarse or fine grained)
- Full network capabilities
- Call status
- Your personal contacts
- Account information

And the big kahuna:

- Your SD card

Putatively for storage of application data, settings etc. But as far as I know, there is no mechanism to prevent an app from accessing ANY other information on the SD card once granted access. And just about every app requires read/write access to the SD card. Let the data-mining begin - high fives all around. I honestly have no idea why sane people do things like personal banking from their Android devices.

Apps should be limited to only their own sandboxed storage on the SD card or world-readable data. Everything else should require explicit permission from the user.

Re:Permissions aren't 'fine grained'

[hedwards]

One of the problems is that some ad software that free apps use seems to need to spy on people in order to work. You can opt not to install that software but the marketplace lacks transparency when it comes to what the app is actually doing with that permission. And I'm not aware of any way of keeping an eye on apps to make sure that they aren't doing anything nefarious with the permissions. Trust but verify ought to be the way with apps that you've decided to trust.

Additionally, some functionality like placing phone calls from within an app is either all or none, the platform doesn't provide a middle ground for apps which might from time to time have a legitimate reason to place calls.

Re:Permissions aren't 'fine grained'

[nabsltd]

Why a stopwatch wants access to my calls and read/write on the SD card, I don't know,

Many apps that need access to "phone calls" are doing so to be good resource users, and to follow some Android UI conventions.

Knowing if you are talking on the phone or not allows the app to change its behavior to not bother you, use less CPU cycles, etc. And, this sort of thing is why there are so many complaints about the overly-broad permission groups on Android...you can't know the "in-call state" without being given permission to "phone calls".

Re:Permissions aren't 'fine grained'

You, on the other hand seem to be implying that Blackberry is better for some unspecified reason. Since you obviously don't live in a Middle-eastern country where Blackberry caved and allowed personal communications of BB users to be monitored. So what was your point again?

That the blackberry platform allows very fine grained control of what applications can do:

- what computers the app can connect to
- what protocols the app can use to connect
- whether the app can access email, address book, sms, calendar, etc.
- whether the app can use usb, bluetooth, wifi, phone, location data, communicate with other apps, etc.

And they can all be enforced server-side to protect users from their own mistakes.

Security is only valid if it's completely in the hands of the users at the endpoints of the desired communication, not the middleman who is managing it all while saying "trust me - you're completely secure, honestly".

The blackberry platform has been audited from end-to-end by many, many people.

And with a blackberry enterprise server (BES), the encryption/decryption keys are only located in two places: on the device itself, and on the BES. RIM doesn't have the keys, neither does the wireless carrier.

Re:Permissions aren't 'fine grained'

[ShavedOrangutan]

I made a Hello World with the Android Eclipse SDK and it requires Storage and Phone Calls permissions during installation. I didn't even ask for that!

It's great that these permissions are presented to the user during installation, but there should be an option to say "NO" to individual permissions. If an app wants to make phone calls and I don't think there is any reason for that, I should be able to say no and it should still work.

And if an app needs SD storage to function, that's just fine but it should not be able to read my photos, emails, music, etc.

Anyways, I won't install anything anymore. The security model is broken.

Re:Permissions aren't 'fine grained'

[im_thatoneguy]

Well not only that but you can never be fine grained enough for the user to understand.

If your app saves data to the cloud then it needs the ability to "Copy files to remote servers".

That's either a trojan or the app operating correctly. No way to tell without per-file transaction confirmations. "I'm about to move a temp.dat to the cloud. Ok?" And even then. "Wait, what's in temp.dat?" And so on and so forth.

The only difference between a malicious network aware application and a good one is what data is being transferred.

It's like a webcam app. "This app will access your camera and transmit video across the internet."

Perfect!

But there is no way to secure that video so that they couldn't also store a copy on their servers and post it to voyeuristic sites. The only security in such a situation would be a physical tag over your camera lens.

Phones are designed to transmit and share your data. They're essentially designed to be exploited.

Re:Permissions aren't 'fine grained'

[GP1911]

There is a mechanism. Every app has its own UID. They can use standard UNIX permissions.

Re:Permissions aren't 'fine grained'

[GP1911]

Oh, nevermind. I forgot it uses vfat.

Re:Permissions aren't 'fine grained'

[Reapman]

Not to sound cruel but I think your doing it wrong. I made a Hello World app that didn't require to do that - just because you wrote the app wrong and don't know how to modify the manifest XML file to set the permissions you need isn't Android's fault.

Not going to install anything anymore? So I assume you don't install applications on your computer either? Did you check if the last program you installed wanted to see your contacts in Outlook / favorite email program? Did you check if it would access iPhoto / Picasa albums? Did you check if it would write to your hard drive?

So what mobile OS do you consider having a superior per app permission listing system in place? Or would you rather just not see anything and assume that your handset maker is protecting you?

If you don't like the way an app works - contact the app developer or use a competitors.

Re:Permissions aren't 'fine grained'

[c0d3g33k]

And they can all be enforced server-side to protect users from their own mistakes.

Very nice for multinational corporations who want to protect their trade secrets and monitor employee communications and can afford a BES. Not so nice for an individual who wants a personal device that respects their security and privacy. How does a private BB user enforce server-side permissions exactly? I don't recall seeing a free BES offered with my Blackberry mobile plan.

Your arguments are irrelevant to the current discussion and obsolete since RIM made concessions to allow monitoring of communications in repressive countries. Come back and discuss this again when private citizens can realistically and securely benefit from the advantages you espouse. Until then, you're entirely missing the point.

Re:Permissions aren't 'fine grained'

[improfane]

I think getting the users to understand and not just accept mindlessly (like Windows UAC and Facebook Applications) is the hardest part. It's a social problem. The permission message must be clear and almost threatening. It should show the data that is being displayed. I replied to someone else about this with the same view as you :-).

Re:Permissions aren't 'fine grained'

[ShavedOrangutan]

The default permissions for an empty app should be none.

As an example, I just picked "Blast Monkeys" from the Android Market. Requires Full Network Access and Phone Calls. "Paper Toss" needs Network, Location, and Phone. "Stupid Zombies", Network and Phone. These apps do not need these features and I do not trust the developer to have this access. Thus, I do not use the products.

Same with the desktop PC. If the application isn't open source or come from someone I can hold accountable, it does not get installed.

Re:Permissions aren't 'fine grained'

Very nice for multinational corporations who want to protect their trade secrets and monitor employee communications and can afford a BES. Not so nice for an individual who wants a personal device that respects their security and privacy. How does a private BB user enforce server-side permissions exactly? I don't recall seeing a free BES offered with my Blackberry mobile plan.

Want a free BES? Click right here. You don't get the full suite of auditing (for example, you can't keep track of all your users' SMS), but you get all the important features. No licensing or additional costs from RIM. No additional costs from your mobile carrier aside from the basic blackberry data plan. But the BES is only used to apply application permissions to the device (and make them mandatory if desired).

Even without a BES, individual users can go to Options - Advanced Options, Applications, scroll to find the application, and Edit Permissions. You can also edit the Default Permissions.

Your arguments are irrelevant to the current discussion and obsolete since RIM made concessions to allow monitoring of communications in repressive countries.

Not really. You're asking about application security: what third-party applications can do to YOUR phone. Protection from government (benevolent or otherwise) is a different question. As seen in recent months, repressive dictatorships are more than happy to beat their citizens, jail them, or just plain shoot them. http://xkcd.com/538/

Come back and discuss this again when private citizens can realistically and securely benefit from the advantages you espouse. Until then, you're entirely missing the point.

Once again, you asked about third-party application controls, which blackberry does very well.

The "concessions" made by RIM require a long explanation since there are many services provided under the blackberry name.

1. It's a cell phone. All the existing vulnerabilities/govt controls for tapping phone calls still exist.

2. It sends SMS. All the existing vulnerabilities/govt controls still exist.

3. Blackberry messenger. BBM is encrypted, but only with 3DES. The reason BBM works with all blackberries is that by default they all share the same 3DES key, and it is well known in the security community. Even without the key, brute-forcing 3DES isn't that hard for a government. Even RIM's own documentation refers to BBM as scrambled and not encrypted. This information could be tapped by RIM and handed over to governments, but a government could easily do this without RIM's cooperation.

4. Web browsing through the mobile carrier. This is the "WAP browser" on your blackberry. All the existing vulnerabilities/govt controls still exist.

5. Web browsing through RIM. This is the "internet browser" on your blackberry. The data is encrypted with AES to/from RIM (RIM has a copy of the encryption keys), and then goes from RIM to the internet at large. This information could be tapped by RIM and handed over to governments.

6. BIS (blackberry internet service) email. This is what you use for email if you don't have a BES. The data is encrypted with AES to/from RIM (RIM has a copy of the encryption keys), and then goes to the internet at large. This information could be tapped by RIM and handed over to governments.

And now, the crown jewels:

7. Web browsing through the BES. This is the "blackberry browser" on your blackberry. The data is encrypted with AES to/from the BES. RIM does NOT have the encryption keys, and couldn't hand over the plaintext even if they wanted to.

8. BES (blackberry enterprise server) email. The data is encrypted with AES to/from the BES. RIM does NOT have the encryption keys, and couldn't hand over the plaintext even if they wanted to.

Now, here's what RIM probably did: assist governments by handing over plaintext for #3, #5, and #6.

RIM is not able to provide #7 or #8.

Re:Permissions aren't 'fine grained'

[AmbushBug]

...you can't know the "in-call state" without being given permission to "phone calls".

I don't think this is true. The permissions for phone state are called "Read phone state and identity" and they don't allow you make phone calls, as far as I know. That said, the internet access permission is too coarse - its basically all or nothing. It would be nice if apps had to list the domains they are going to connect to or something...

Re:Permissions aren't 'fine grained'

[rickb928]

stopwatch might want access to phone state so it can choose how to alert you to an alarm, a common feature in stopwatches. Or just to decide how to give you the 'tick tock' - speaker, earpiece, or phone audio... It might want to play nice and not beep all over your call in progress, or scare your callers.

Read/write to SD to save results of timings? Some people like saving the results of timing their software load times, or epic 5k run.

Perhaps you need to write your own stopwatch.apk that just.does.stopwatch.stuff?

Re:Permissions aren't 'fine grained'

[rickb928]

"One of the problems is that ALL ad software that free apps use "

There, let's get it right, ok? So far, ALL ad methods I've seen need to talk to their overlords to serve up what they think I will respond to. they act in futility, but I'm not going to tell them that.

Re:Permissions aren't 'fine grained'

[Reapman]

The default permissions ARE empty. As your seemingly not aware of how permissions work in Android, you need to add each permission to your applications Manifest XML. If you don't want a permission in there you don't put it in. By default none of my applications had any permissions since I would have had to add them at some point. Every permission in them I added.

I can write code that creates an infinite loop - is that the OS's fault? No, it's my fault for writing lousy code. If your code asks for permissions it doesn't need, that's not Googles fault - that's YOURS. Google doesn't FORCE you to use any permissions when you write an app.

Re:Permissions aren't 'fine grained'

[Zumbs]

- Your SD card

Putatively for storage of application data, settings etc.

There are other options for storing application settings and data that does not require access to SD cards. Internal Storage is one. Unless the app needs to save a lot of data, there is no reason to require access to the SD card.

Re:Permissions aren't 'fine grained'

[Zumbs]

Whenever the focus of an activity is changed, an event is called that can be used by the application to change its behavior. If an application use multiple activities, all you have to do is to keep track of which of the activities of the application have focus, and set the behavior of the application correspondingly. For a lot of applications this is enough to play nice, and there is no explicit need to get access to call state.

Re:Permissions aren't 'fine grained'

Actually, you can. You are describing the problem that TaintDroid was written to address (warning: just a research prototype, not intended for end-users). It uses information flow (taint) tracking to determine if information leaving the phone came from a sensitive source like the camera.

Unfortunately, it is important to note that sound information flow tracking is more or less impossible without hardware support, so a program could be intentionally written against TaintDroid to leak information without TaintDroid noticing, but such methods would necessarily be slow and could likely be made slow enough to make leaking an entire image impracticable.

Re:Permissions aren't 'fine grained'

[ShavedOrangutan]

I never said it forces anything. Follow their tutorial:

http://developer.android.com/resources/tutorials/hello-world.html

In the end, you'll have an app that requires Storage and Phone Calls permissions.

Obviously the default manifest is not empty.

Re:Permissions aren't 'fine grained'

[clang_jangle]

Since you obviously don't live in a Middle-eastern country where Blackberry caved and allowed personal communications of BB users to be monitored. So what was your point again?

That is profoundly ignorant. Yes, RIM caved -- unlike Google, Apple, and everyone else who didn't have to cave because they never withheld the private data governments demand. Look it up, since you won't believe me and then stop the FUD.

Re:Permissions aren't 'fine grained'

[Reapman]

I did create a new project, 100% fresh, using Eclipse. No permissions are in there by default. Even if you WERE right I have no idea what your trying to prove - sorry. The Android OS is not based on a single tutorial. Android allows you to see what permissions any application needs - something I'm not aware of ANY other OS doing. It's NOT perfect, I'd love to have more fine grained control, but to call it insecure and you won't install ANY SINGLE applications on your phone, well, that's your problem then isn't it, sure isn't mine or Googles.

Re:Permissions aren't 'fine grained'

Regarding the stopwatch, i found one that only has permissions to stop the phone from turning off.

It's called stopwatch and timer by sportstracklive.com

Seems to work okay for me.

Re:Permissions aren't 'fine grained'

AGREED!

Android permissions are totally useless in their current form. You get told when you go to install an application that it needs access to the internet and your personal data. You can either choose to install or not. Thats not fine grained at all. In fact, after you install 5 applications you will almost never look at the list of permissions except to occasionally ask 'why does that wallpaper need access to my contacts and internet?'. oh well, install.....

Re:Permissions aren't 'fine grained'

[dragonturtle69]

Every app requires full permissions, for no useful reason. Why a stopwatch wants access to my calls and read/write on the SD card, I don't know, and the choices are to either accept it or don't use the app. This is seriously broken. I don't even look in the Android Market anymore because it's just too much risk to install anything. It's actually worse than Windows, where at least I know where the software is coming from.

Are you serious? Any monkey could write a shareware clock application, that harvests whatever data and then sends it wherever, and your PC OS wouldn't do anything to notify you.

Pandora was recently rejected by me, because it wanted to use my contact list. You do have a choice besides being owned.

Which stopwatch application anyway?

Re:Permissions aren't 'fine grained'

Blackberry is the ONLY smart phone I know of that handles this correctly. You can set fine-grained permissions for each and every app. You don't have to automatically accept all permissions, or not use the app. You can decide what it is and is not allowed to do.

In regard to security, my old Blackberry Curve 8330 was far more respectable than my new Samsung Epic '4g' with Android 2.2. The permissions issue is the very reason I plan to go back to Blackberry and abandon Android. I'll be damned before I'll get an iPhone.

Re:Permissions aren't 'fine grained'

[hedwards]

That's not true, there are degrees, some need to do that to serve ads, others don't. Some require tracking the individual by GPS and other means and others don't.

Re:Permissions aren't 'fine grained'

[macs4all]

Android needs something more like a sandbox environment for each application and a reasonable system where the user is asked for permission before accessing sensitive information.

You have just described the iOS security model. But I assume you knew that.

Re:Permissions aren't 'fine grained'

Knowing if you are talking on the phone or not allows the app to change its behavior to not bother you, use less CPU cycles, etc.

This would seem like a good reason, but this is not the way Android actually works in practice. All of this is managed by the lifecycle of Activities. And worse comes to worst, even a background Service can get shut down if the system gets low on resources.

Re:Permissions aren't 'fine grained'

[YoopDaDum]

Agreed, but I really don't like the fact that getting the phone state and getting your identity are grouped together. I don't mind that an app get to the phone state to play nice if needed (although there should be other mean). But I don't want an app to get to the identity information (SIM id, or IMSI, and phone id or IMEI), as it allows tracking users too. We make a fuss about tracking on the web, and make it too easy to Android app to do such tracking themselves. Why are both grouped together? This seems arbitrary and sloppy.

Re:Permissions aren't 'fine grained'

I've been wading through the sea of "what the f*ck" app permissions as well. There is a massive flood of developers trying to cash in on ignorance, IMO. Search the app market from a browser instead, use google-fu to narrow your searches.

Re:Permissions aren't 'fine grained'

[rickb928]

Let me get this straight; some ad software doesn't need to contact the ad servers?

Lookout

[Rary]

At the very least, install Lookout.

GeoLocation

[softWare3ngineer]

Turn off GeoLocation.

Multiple devices

[rwa2]

I have one relatively cheap Android smartphone (HTC Slide), which I pretty much install a minimum of useful apps upon.

My second device is a Viewsonic G-Tablet (running TnT-Lite v4), which is a cheap (~$320 these days) but high-spec device. I use it for "playing" with apps and flash sites (some of them shady). Its main purpose is to let me to play with high-end apps and games while keeping me from doing anything too dangerous with my phone :-P

Custom OS updates come out for the latter quite often, so I'm usually flattening it and reinstalling it relatively often anyway. So as long as the malware isn't breaking into my gmail account, I'm mostly OK :-P

Driod slogan v1.1

[starglider29a]

"When there's no limit to what Droid gets, there's no limit to what Droid does^H^H^H^H can do to you."

Take these for what they are worth...

[mlts]

Take these for what they are worth, but here are my security practices:

1: Install DroidWall and use that to lock down everything except the apps you do want going out.

2: Use TouchDown or a discrete app for secure Exchange email. This allows you to keep contacts separate from the rest of the device, and the app can keep the contacts encrypted. If it is work E-mail, it is good to keep it separated anyway.

3: Consider a PIN protecting app for #2 above, as well as your terminal, settings, and su app.

4: Use Titanium Backup with the encryption feature and store on Dropbox. If you look at TB, you will find that the way it does encryption using RSA keys is pretty well designed, so storing backups of apps on DB can be done securely.

5: Get a utility (I use WaveSecure out of habit, but there are others) that will lock the phone if the SIM card is changed, airplane mode is put on, and even allow one to remotely wipe the device and SD card. I'd like a utility that would give the ability to wipe the device and SD card if the phone has not seen Net access in "x" amount of time, similar to what BlackberryOS provides.

6: Look at reviews before buying apps.

7: Look at what the app asks for security permissions. If a notepad app wants access to your contacts, phone, SMS, or perhaps even pops up the su dialog, get rid of it ASAP.

8: If you use nandroid, consider some type of file encryption. This sucks when restoring a ROM image, but there are ways around that (decrypting the image while the SD card is mounted via USB, using a temporary ROM image with no data for decrypting, etc.)

9: Use AdBlock with Dolphin Browser. Ad rotation services are a noted source of malware.

10: Use known ROMs. The ROM ecosystem has been astoundingly clean for now, but it is only a matter of time before blackhats start adding their own "functionality" and putting ROMs on xda-developers and other sites.

11: Consider PIN protecting your SIM card. This way, when you do a remote erase, the thief might have a clean phone, but won't have free access to bandwidth, SMS, or calling capabilities.

12: Consider a "stuffbak" sticker. If the phone is found, at least there is a small chance it might get back to you, as opposed to 0 chance without it.

13: Keep backups. This way, if you do lose your phone, you can get another Android phone, fire up Titanium Backup, log onto DropBox, type in your decryption key, and restore your apps with their saved data.

14: Bug Google for them to put volume encryption (LUKS) into Android, so it can be used on the SD cards.

Re:Take these for what they are worth...

[vbraga]

11: Consider PIN protecting your SIM card. This way, when you do a remote erase, the thief might have a clean phone, but won't have free access to bandwidth, SMS, or calling capabilities.

Can't you just call your carrier and report a theft? At least where I live this means the phone services (calling, and so on) are blocked by the carrier. He can't also just switch the SIM card, since the carrier blocks the cell phone "serial number" (IMEI?). He can put another carrier SIM card, if the phone is unlocked.

Re:Take these for what they are worth...

[c0d3g33k]

All good advice, except I don't think Dropbox is an absolute requirement, since you can store the same data on a personal computer or thumbdrive. Unless you live in an area where random search-and-seizures occur with regularity. But then your screwed in many other ways, so your phone security is trivial in comparison.

If there's anything that demands more suspicion than the mobile ecosystem, it's the cloud. Keep your most sensitive personal information away from there. Seriously.

Re:Take these for what they are worth...

[elPetak]

#13... dropbox? really? that's a security practice?

Re:Take these for what they are worth...

[Anonymous+Psychopath]

If the file is strongly encrypted, who cares where it is? Brute-force is always a possibility, I suppose, but I doubt anyone wants your phone data badly enough to do that sort of thing. And if they do, don't use Dropbox.

Re:Take these for what they are worth...

[tepples]

It is when you encrypt the backup file before sending it to Dropbox.

Re:Take these for what they are worth...

10: Use known ROMs. The ROM ecosystem has been astoundingly clean for now, but it is only a matter of time before blackhats start adding their own "functionality" and putting ROMs on xda-developers and other sites.

Clean? says Who?

the maximum we can give is the benefit of doubt. As nothing has surfaced yet to prove the ROMs are corrupt.

Re:Take these for what they are worth...

How does one call their carrier if their phone has been stolen? Is the thief supposed to lend you the phone back for just a second?

Re:Take these for what they are worth...

I have two more: Permissions denied from the busybox dev and prey for when I lose my phone.

Re:Take these for what they are worth...

Touchdown is a buggy, bloated monster. It's like running a copy of Windows Mobile 5 within your Android phone. It's slow, it crashes and loses all of its data every week or two, and you have to literally uninstall and reinstall it once every month or two in order to keep it working.

If you try to rely on it to receive critical work mails, you'll find yourself checking every hour or so to make sure it hasn't lost its database. The app's developer has given up on trying to fix this, btw, they claim that it's entirely Google's fault and there's no conceivable way to implement a workaround.

Re:Take these for what they are worth...

[mlts]

If you have good front end encryption [1] with a solid implementation, it shouldn't matter if you store your files on a public FTP server. DB has been discussed about security, but this is mitigated almost completely by proper encryption.

Of course, this doesn't prevent big names from either using a (theoretical weakness) in the algorithm, or resort to rubber hose decryption, but if done right with encryption, and a suitably long passphrase (TC states 20+ characters), storing data on the cloud can be made relatively secure.

[1]: Solid algorithms (AES, RSA), done in a proper fashion (NOT ECB), with a salt, proper HMAC, etc.

Re:Take these for what they are worth...

[rickb928]

"7: Look at what the app asks for security permissions. If a notepad app wants access to your contacts, phone, SMS, or perhaps even pops up the su dialog, get rid of it ASAP."

So, I gather you will avoid AKNotepad, even though it declared the requested permision for an actual feature?

Re:Take these for what they are worth...

[mlts]

The Cyanogen people have a lot to lose if their ROMs are found to be corrupt. Same with a lot of other top tier ROM "cooks". However, it wouldn't take much for someone to upload a bongoed ROM. That is why its good to see if someone updates a ROM and what people think of the package. Of course, this isn't a 100% guide, but better than nothing.

As always, you can just root the phone without changing ROMs.

Re:Take these for what they are worth...

If the file is strongly encrypted, who cares where it is?

Someone who needs the file to be available, instead of getting DoSed whenever this third party goes out of business or has an outage.

Re:Take these for what they are worth...

[DigitalCrackPipe]

In regards to #7, what is the SU dialog? My app got a few comments about requesting SU or trying to get root access, but it doesn't. Nor do the permissions allow anything like that. I'm really interested to know what exactly they are talking about, so I can track down the source of the problem. I suspect that it only applies to rooted devices, but I'd like to verify.

Re:Take these for what they are worth...

[mlts]

It only applies to rooted devices. The su mechanism consists of two items:

The binary, natively compiled from ARM.

The app, which is a Dalvik VM.

When a program invokes the su binary, it checks to see if the app is allowed or denied access without prompting, if denied, just denies it, moves on. If neither denied or allowed is listed, it prompts the user to allow or deny the app, as well as save the decision. If the user allows it, or if the app is listed as being allowed without prompting, the program gets access as UID 0.

Some apps (like the 1.0 Blizzard Authenticator) try to su to root to determine if the phone is rooted, and print out a warning message or even stop working. Other apps might ask for root for legit reasons (a file manager, or a terminal emulator), still other apps will ask for root for nefarious purposes.

I am not sure the best way to test where in your code the su dialog is popping up... perhaps root a test Android device and set breakpoints?

Re:Take these for what they are worth...

[jonwil]

Find a friend or workmate and borrow their phone for the call.
Go into a carrier store and report it (and get a new SIM card and possibly a new phone at the same time).
Find another phone somewhere you can use.

Re:Take these for what they are worth...

Yup. This (parent) is pretty much why I don't have a droid, iphone, or whatever. I just want something to call people and receive calls. Simply don't need or want the rest. Being "social" on a phone is NOT being social. Good grief.

Re:Take these for what they are worth...

Nice list

if you see a droid powered drone coming your way

security may be rapidly diminishing, unless it's one of the citizen issue droid powered drones. security is in the forecast? mild accompanied by disarmament. the good news is just piling up for us now

Always run AV on everything!

I don't have an Android device, but I do know you shouldn't run any computer (including smart phones) without basic security software (like anti-virus).

THAT INCLUDES LINUX. IT IS NOT IMMUNE.

Check out ClamAV for your Linux machines.

Re:Always run AV on everything!

[cos(0)]

AV is a resource-intensive crutch for those who don't know how to correctly manage their systems.

Re:Always run AV on everything!

[improfane]

I bet I could install malware on your computer if you sat me in front of a logged in user.

I won't touch the hardware, just use it.

Re:Always run AV on everything!

[cos(0)]

On a computer with latest Windows Updates? I'd pay to see it.

Plenty of free solutions

[rickzor]

I use Lookout Security (virus scanner + location tracker) for my personal security, and for the paid version it also allows you to see in a compact view what personal information and permissions your apps are using. There are plenty of other free antivirus, firewall and security apps for Android. If you want to root your device (like jailbreaking an iPhone) you may also install firmware which encrypts the entire device automatically (MIUI etc) and allows infinite self modification of the system. When you install an app from the market it will tell you which permissions it needs, and android will stick to that. The only downside is (to my knowledge) you cannot install an app without giving it all the permissions it requires.
As a general rule of thumb, only use trusted sources to install apps from (Android Market) as almost all malicious apps are found in 3rd party markets

Check out the android market and do a few searches for what you need. Google hosts the whole market at http://market.android.com/

For security ...

I embed the 4 laws of robotics in all my androids.

Not all devices come with Android Market

[tepples]

Check out the android market and do a few searches for what you need.

Unless your device didn't come with Android Market. A lot of Android-powered devices, especially Wi-Fi-only devices, run the AOSP version of Android instead of the OHA version. AOSP Android-powered tablets tend to come with AppsLib, and the user can install the APKs for SlideME Application Manager and Amazon Appstore, but Google doesn't officially offer Android Market for download as an APK.

Re:Not all devices come with Android Market

[rickzor]

Good point. There is also Appbrain.com, which is a mirror of the android app store where you can download apps directly from the website or with the Appbrain .APK for android devices. Either that, or you can root any device and install the gapps package (all google apps including market) although the ease of that varies across devices.

fork the droid

[anwyn]

We need to put standard GNU/Linux on our pads and phones. Not some OS only kludge with Linux OS but proprietary app space. Down with stores! Up with free repositories! Google can not use patents to block this because Google is member of OIN! And if Google left OIN it would be hit by the proprietary vampires!

What kind of weird environment is it when you can not run native apps on your own hardware? Only some bad imitation of Java applets!

If Google tried trivialization, they would find manufactures already know how to make the hardware, and why not sell 2 versions a GNU/Linux version and a prison version!

RE:Android

[JohnVanVliet]

i am just surprised that SELinux kernel is not used

this is a perfect fit for it .

Android security

A restraining bolt, like the Jawas used.

Sounds like windows

[thetoadwarrior]

Seriously, anti-virus for your mobile? I think I will go with iphone once I'm done with my Android phone even if I have to pay out the ass I'm not running fucking anti-virus on my phone.

Re:Sounds like windows

[prgrmr]

if you download mp3's to your phone (via amazon, google, or anything else) you'll want an anti-virus scan of them. If you share wallpaper, ring tones, photos, or anything else with anyone else, you'll want to scan that stuff to. If you connect your phone to your desktop, laptop, tablet, or anything else--whether that other device and an anti-virus program on it or not--you'll want to know that your phone is clean. And don't assume that an iphone is the answer. If may not be the target of a virus (yet) but it is certainly capable of being a vector.

Re:Sounds like windows

[thetoadwarrior]

Any electronic device that connects to a network in theory is but Android does seem to be becoming the dregs of mobile phones pretty quickly.

Use common sense.

[alt236_ftw]

Use common sense:

1. Don't root unless you REALLY need to.
2. If you are rooted, don't give root rights to an application unless you know what it is supposed to do AND you trust it to do just that.
3. Install a firewall.
4. Don't install applications from vendors you don't trust, or know little about.
5. Read the reviews of an application. See what people complain about.
6. Don't install applications which ask for rights that make little sense in context (a calculator which asks for access to the network and contacts for example).
7. If unsure about some permissions, check the developer's website to see if there is a good explanation. If not, contact the developer directly and ask.
8. If you suddenly find an app for free which you thought it was pay-only, check to see if it is cloned. If so, don't install it as it might be tampered.
9. Check if the developer of an application matches who you know it should be. If not don't install it as it might be tampered.
10. Personally I don't install or use an application which handles credit-card or bank account information directly/indirectly. This includes Paypal/Amazon and eBay. The reason for that is that I don't know how the information is stored on the phone, how it is transferred to the servers or if the authentication system is broken and can be hijacked (like the problem Google had the other day). Unfortunately I'm stuck with Google checkout, but I a secondary cash card.

Steps 8 and 9 would have saved quite a few people from grief in the last malware outbreak.

If you are so inclined (and rooted), you can also AdFree to block ad and some malware sites. This will also cause developers to lose income though.

The permission system works well but only if there is no root exploit involved. Once an app gets root rights it can do just about anything. For example, it can download a precompiled linux executable which will send all application info from your phone to a remote server. This will include contacts/application and preferences (point 10 above).

Re:Use common sense.

[nschubach]

Use common sense:

5. Read the reviews of an application. See what people complain about.
6. Don't install applications which ask for rights that make little sense in context (a calculator which asks for access to the network and contacts for example).
7. If unsure about some permissions, check the developer's website to see if there is a good explanation. If not, contact the developer directly and ask.
8. If you suddenly find an app for free which you thought it was pay-only, check to see if it is cloned. If so, don't install it as it might be tampered.
9. Check if the developer of an application matches who you know it should be. If not don't install it as it might be tampered.

I can see 5, and 6... that makes sense for most people. But the rest of these make having an app store pointless. If you need to go outside the phone environment to find out why someone asked for a particular permission.

Re:Use common sense.

[alt236_ftw]

Regarding point 7, it would be nice if Google forced developers to justify the use of each permission with a quick blurb.
And about contacting, its the same as on eBay: If you want to know something not on the description, you do ask the seller don't you?
Also, there is a usually a link to the dev's website (along with his email) on the Market entry so the Market offers you a way to do it.

Regarding 8 and 9, you don't have to go out of the Market environment.
Simply searching the app by name will usually do the trick: If you see DocumentsToGo by random_person for $0 with 100 downloads and DocumentsToGo by Dataviz for $9.99 (or whatever it costs now) with >250.000, which one do you think is legit?

The Android Market its the same as any other market place. The seller will put up a generic, generally customer attracting advertisement for a product, but if you want more info you have to ask. Unless everyone just buys cars/boats/PCs/Phones only based on a TV ad without asking for any clarifications?

What good is compiling here?

[G3ckoG33k]

Soft wrote: "On my own computers, running Linux, I choose to only install (signed) packages from the distribution's or well-known repositories, or programs I can check and compile myself, or run them as a dedicated user — and I don't bother with an antivirus."

Seriously, what good are programs you can check and compile yourself?! If the program with 25,000 lines of contain a piece of "virus", how would you know?!

Re:What good is compiling here?

[SMOKEING]

> Seriously, what good are programs you can check and compile yourself?!

When source is open, it's not so much for end users to inspect it (although they very well might), but for them to rest assured that *others did*, and verified it's clean.  That's the whole bloody point of any Linux distribution.

Re:What good is compiling here?

[G3ckoG33k]

Thanks! True, I forgot that there are "others" too. :)

It sounds to me like you already know the answer..

[gravis777]

install an antivirus, run updates, and don't execute apps from untrusted sources.

That pretty much takes care of a majority of your issues. Read other user reviews. If you feel the Android Marketplace is too laxed, try the Amazon marketplace. And if you decide to root your phone, pay attention to which apps you are giving root permission to. I mean, you are a Linux user after all, you should understand simple security.

Oh, and I suggest that if you are going to buy an Android phone, check and see if its supported by CM7 - http://www.cyanogenmod.com/ Talk about a lifesaver - my Android phone ran like CRAP until I found this goody. You should realize as well that there are several projects to port CM7 to other phones that are not part of the official tree yet - my phone is not on this list, and the first ports for cm6 / cm7 happened just a couple of months ago. If you are using an unstable build, make sure you read the notes, and MAKE SURE you do a backup of the factory rom before you start installing your own stuff.

Android Security Practices

[privateerlabs]

1. Use caution when installing software! Remember that the Android market place does not vouch for the security/integrity of the apps. To my knowledge, minimal analysis is performed on apps, but nothing that provides any real security guarantee to the mobile user. There is no guarantee that the app you are installing is not malicious in nature, or chuck full of software vulnerabilities. Many of the legitimate apps in the marketplace are rapidly developed by individuals with little or no secure coding background. Also I highly recommend you only install apps from publishers you trust and make sure you read the user comments. If the app has a few thousand reviews and rates at 4 stars this would often indicate added legitimacy.

2. When installing apps be cautious of the permissions requested. The READ_PHONE_STATE permission permits access to sensitive device specific values that would normally be an invasion of privacy to supply. The problem arises when developers use a function called GetDeviceId() to get a unique ID for the mobile device that is later used for user account correlation on third-party services. The correct way to do this is to use Settings.Secure.ANDROID_ID. Google has a blog describing this issue in depth:
http://ask.slashdot.org/story/11/05/20/188228/Ask-Slashdot-Android-Security-Practices
Be very cautious with apps that ask to read/write SMS messages, read/write contacts, and place calls. Malware frequently uses these to pilfer unsuspecting users.

3. Careful when jail breaking your phone. If you jailbreak your phone you are opening yourself up to more serious compromise. Ask yourself, if all you have to do is run "su" from a jail broken command shell, why can't a malicious app do the same and run as root? SuperUser.apk is a popular alternative to traditional dirty jail breaking. It attempts to guarantee that the user is active in the Android UI by prompting the user without a dialog asking if the privilege elevation should be allowed. Remember that you are allowing that particular app to escalate privilege from now on. If you allow "sh" to escalate to root then an app may be able to simply run the shell "sh" and then escalate from there.

4. Firewalls are an option and will add another layer to the phone security, especially when connected to Wi-Fi access. Currently there aren't many remote attacks to listening services on the Android phone, but I wouldn't be surprised if we start seeing them with more frequency as more hackers started riding the wave.

5. Disable services you are not currently using. For example; if you are not using Wi-Fi, then disable it until you need it. Same goes for Bluetooth.

6. Remove unused apps. Many apps expose themselves to compromise by examining incoming text messages, integrating with mime/file types, etc. Go through your installed app lists and remove anything you don't use.

7. Android security products are starting to appear on the market (shameless plug). Rather than blindly recommend ours I would rather recommend you search the Android Market for "security", "antivirus", "malware", and the similar criterion. Read the reviews and find something that will scan your apps prior to install.

-Riley Hassell
CEO,Founder | Privateer Labs
email: riley@privateerlabs.net
Website: http://www.privateerlabs.net/

Re:Android Security Practices

[geekoid]

Thanks mom.

Re:Android Security Practices

[privateerlabs]

Thanks mom.

You're welcome dear.

Re:Android Security Practices

[arnodf]

It would be best if you could just chose on install and later on which permissions you want to allow and which not. This would force developers to use only the permissions the application really needs as most people will simply disable the dodgy ones. But we live in reality unfortunately so that will never happen since geolocation for example is required by the in-app ads and they generate money so they cannot afford to have users disable that permission. (and yes of course you can disable wifi and gps location services but I expect that if you've used that before than the ads get a cached location which should suffice for this purpose)

Re:Android Security Practices

"Android Security"
http://puppykhan.livejournal.com/6574.html

+6, Hypertroll

That ridiculous list above for firewalls, PIN protectors, etc is exactly what will cause Android to eventually lose the mobile OS war. It's already behind in the US for tablets+phones, and waaaay behind overseas. Typical consumers can't be bothered with goofy shit like that.

Write your own apps

[bl8n8r]

Seriously. The android SDK is free, Eclipse is free. There's no monetary risk involved to experiement and see if you like doing it.

I screwed around with it for a month off-and-on doing all the tutorial programs on developer.android.com and by the time I was done, it made a lot more sense. I made extensive use of stackoverflow.com too. Good resource there.

If developing isn't for you, there are indeed open source style apps out there. A little bit of googling can find out if they are legit, or if the source is indeed available.

simple

[geekoid]

seek out and kill Sarah Connor

CyanogenMod

Get CyanogenMod and use it as your main OS - not all phones are supported, so check it out before you buy a phone: http://www.cyanogenmod.com/devices

Some phones are not on that list, but are usable - for example, the beta of CM for the Motorola Defy is the sixth-most-installed version of CM...

Why CM? No carrier bloatware/malware layered on top of Android ... even the 'pure google' Nexus S cannot really make this claim. Personally, I have found some of the most egregious privacy issues with carrier apps, not third party apps...

Turn it off.

...and you will be safe for sure.

Never run AV on anything

Anti-virus doesn't count as "basic security software." "Basic security software" is software that prevents (or at least makes the user aware of) activities which are not whitelisted.

AV software doesn't do that. It's a scam. No OS needs it, not even Windows. By the time your AV software detects something, it has already let a hundred successful attacks through. You need to deal with the real problems if there is ever any possibility that AV software might ever notice anything. Until the user is confident that AV software would be 100% pointless, they're not done locking down the machine at a very basic level.

Use HOSTS to block ANDROID malwares

Here is how (very easy to do):

---

ANDROID OS allows for the usage of custom HOSTS files, & that's how you stop this botnet from communicating "back to mama" (it's C&C botnet servers):

DO THE FOLLOWING (after obtaining a good reputable solid HOSTS file, like mvps' -> http://www.mvps.org/winhelp2002/hosts.htm )

---

1.) Get ahold of the "Android Debugging Bridge" (ADB) & install it

2.) Mount your system mountpoint as READ + WRITE (as powerful of priveleges as you need is this)

3.) Using the PULL command, copy the file over from your PC (or even on your ANDROID if its there already) using PULL & overwrite the etc. folder's copy of HOSTS

---

DONE!

APK

P.S.=> Yes, it's THAT simple... &, it works/helps - Of course, your HOSTS file will need to have the domain/hosts name of the C&C servers, & that you have to obtain for this to work vs. this threat + others! I've posted this here before & it did alright, being "modded up" +1 INSIGHTFUL:

http://mobile.slashdot.org/comments.pl?sid=1930156&cid=34713952

... ap

Security apps just placebo?

[Willbur]

This may be betraying my ignorance, but I thought that the basic security model behind android held that one app couldn't see another app's code or private data. The sdcard is general storage, so all apps with sdcard permissions can see everything on the card, but mostly what is stored on the sdcard is not security critical anyway. Another caveat is that if you've rooted your phone then you're adult enough to look after yourself.

So, how is a virus scanner supposed to work? It will never be able to see any of the other apps. Similarly with a firewall - it wont be able to see when another app connects to the net. The only way it could work would be to break out of the standard security systems.

This suggests to me that most of these 'security apps' are scams (not counting stuff for rooted phones -- but rooting is itself a security risk. e.g. With most of the rooting mechanisms, if you hook a usb cable to a rooted phone then you get a root shell without any password protection - mmmmm security).

The 'security apps' that I could see working are:
    - Apps that monitor the SIM ID so that they know when another SIM is inserted.
    - Apps that allow remote phone tracking.

It is possible to detect some changes in phone state and quickly try and correct things, or at least alert the user to the issue. This is how the apps that add password screens/PINs to the front of other apps work - they detect the other app being brought to the front and quickly overlay their pin screen over the top. But this seems weak for general protection.

So, what specific protection do people think they're getting from these security programs? Which of the (non-root) programs more than a placebo, and how do they work?

Re:Security apps just placebo?

Any application can read anything in the installed APK folder without permission (or possibly the SD-Card permission). Take a look at "ES File Explorer" / non-root backup applications / application sharing (eg. AppAware) -- they don't specifically ask for "access to apk folders" =P. Unless the APK in encrypted (done by developer), the APKs themselves are accessible to be copied. I actually do this in case the developer ever does a bait-and-switch. =)

The data located inside databases and the running memory space of applications should be sandboxed; this is the application isolation that you're referring to.

My Android security measure

[Phil+Urich]

Maemo.

...but no, seriously, using as open-source of an OS as possible is the way I go, and having plenty of data (about what programs are running, about the networking data, etc).Knowing what your system is doing is the first and most important line of defence (contrast it against all those people whose Windows boxes are "running so slow...guess it's time to upgrade", we've all met those folks).

That being said, if you're on a far less free-as-in-speech OS (you freedom-hater!), you can indeed still try and use open-source software. For Android (my emergency backup smartphone is an Android device...yes, I have an emergency backup smartphone, I'm posting on Slashdot is that really a surprise?) I always check F-Droid first when I'm looking for an app to do something. It's much smaller than the Android Market (obviously) but it's a good first place to check, and I like the interface more than the Market personally. That may largely be because it's more a Repository than a Market/Store and, being a Linux user, I'm more comfortable with that, but that's another reason to recommend too anyone with a similar background.

Re:My Android security measure

[Phil+Urich]

Arghhhh I wrote "too" instead of "to" at the end there. Proof that no matter how secure your phone may be, it's never going to be secure against typos.

This web site is superb

I dont know what to say. This web site is superb. Thats not actually a seriously huge statement, but its all I could come up with immediately after reading this. You realize much about this issue. Cheap Jewelry

I guess I'm an idiot

[Stone2065]

I have been running an Android based phone since my first one (a G1, which I still have, but it's been relegated to being a part time GPS unit), and you know... there have been a ton of programs that I've seen on the market, and when I hit "install", and if I didn't like what permissions it wanted, or it didn't make sense (why the fuck would a calulator need my fine location?), then guess what? I did without it, and found one that did the same or similar thing WITHOUT the weird permissions. Every once in a while, I get weirdness, or software conflicts that I can't resolve, and since I'm NOT rooted (not knocking it, just not for me), I hit "factory reset", and poof... just like it came out of the box. Honestly, I agree with the earlier poster that said, if you are not a responsible technology user, well then quit using technology. You are just another carrier of bugs/viruses. If you don't think so, why not run your AV? Oh, yeh, you didn't think you needed one... I'm done with my rant.

Re:I guess I'm an idiot

[Stone2065]

Oh, and PS... I installed that firewall that was mentioned earlier. Nice, simple UI, so we'll see what happens with it.

All Trolling Aside...

[macs4all]

Where's the "Marketshare" argument now, regarding iOS vs. Android, as far as "security" goes?

Honestly, I don't think that anyone (or nearly anyone) runs any kind of A/V on iOS devices; and yet...

So, can anyone please address this question like an adult; or is that too much to ask on Slashdot these days?

Use appWatchdog to check individal app security

[ahoog]

We examine mobile app security using forensics and post the results free on our appWatchdog page:

http://viaforensics.com/appwatchdog/

In a few weeks, we will have an "appWatchdog app" available for Android which will scan installed apps and advise which store your personal data insecurely. This is good practice in case of a lost phone or remote exploit which can gain access to /data/data.

Blackberry does

[sys_mast]

Parent asked if blackberry offers granular permission access, which it does. It looks to be a few layers more detailed than android, or maybe it just looks like that since it shows all security options wi something like permit/deny, which I like more than androids permit list.

I also like the blackberry since II can have an app and give it less permissions than it calls for, and just loose that function. I know of no way to to that in android and, to put words in the parents mouth, that is what you are looking for. A way to have an app and not give it requested permissions.

Re:Blackberry does

[Reapman]

If that's the case, kudo's to Blackberry! Hopefully Android will implement some of that - as I said Android could use some improvement and that sounds like an improvement.