Slashdot Mirror

← Back to Stories (view on slashdot.org)

Ask Slashdot: Android Security Practices?

Posted by Soulskill on from the avoid-installing-malicious-ai dept.

Soft writes "Smartphone security recommendations seem to boil down to Windows-like practices: install an antivirus, run updates, and don't execute apps from untrusted sources. On my own computers, running Linux, I choose to only install (signed) packages from the distribution's or well-known repositories, or programs I can check and compile myself, or run them as a dedicated user — and I don't bother with an antivirus. What rules should I adopt on my soon-to-be-bought Android device? Can I use it purely with open-source apps and still make the most of it? Are Android's fine-grained permissions (accessing the network, contacts...) reliable? Can apps be trusted not to scan your files and keyboard for passwords and emails? What precautions do security-conscious Slashdotters take to keep control of their phones?"

5 of 173 comments (clear)

  1. Re:Install a firewall by improfane · · Score: 4, Insightful

    On a phone? Are you serious? Honestly I never thought you'd ever need a firewall on a phone. If we cannot trust the software running on our phones not to be able to do malicious things, something is seriously wrong with the software architecture on phones. I always thought that the Bitfrost security architecture from OLPC was a good idea. How come this style of capabilities is not in Android?

    Nokia 1661 and loving it baby. As far as I can tell, I can't put software on it!

    --
    Slashdot needs Geekcode | Can anyone recommend any good SCIFI? My tastes: Foundation, Startide Rising, CITY, Ringworld,
  2. Re:Install a firewall by i.r.id10t · · Score: 4, Insightful

    The problem isn't that it is a phone, but rather, it is a computer with phone functionality. Would you tote around a laptop w/ no firewall or AV?

    --
    Don't blame me, I voted for Kodos
  3. Re:Install a firewall by The+Dawn+Of+Time · · Score: 5, Insightful

    You're missing reality - it's not a phone, it's a computer with phone software. I know that's exactly what the post you replied to said, but apparently it went right over your head.

  4. Re:Install a firewall by improfane · · Score: 4, Insightful

    That's the potential to access. Not the actual access. That won't scare users enough.

    The software should display the data that would have been accessed with the widgets that is appropriate to the device, say a contact card or a filename and then threaten the user.

    Are you sure you want to send this information to somewebsite.com over an unscrambled channel to someone in China?

    • a list of your contacts as displayed in your contact list
    • a recent email of your naked wife (with picture rendered)
    • a map with lines between your last plotted geolocations
    • the following picture captured from your webcam

    It should be displayed like numerous bits of scrap data on the screen with a picture of a pipe and the pipe attached to a shady looking figure next to the planet earth on the other side of a cloud. The implication should be obvious.

    Would that scare you?

    --
    Slashdot needs Geekcode | Can anyone recommend any good SCIFI? My tastes: Foundation, Startide Rising, CITY, Ringworld,
  5. Re:Install a firewall by girlintraining · · Score: 4, Insightful

    I think you're missing my point. It's a phone.

    They aren't missing it, they're ignoring it. What it is called isn't the issue, it's what it can do, and whether that is what the end-user wants (or not).

    --
    #fuckbeta #iamslashdot #dicemustdie