Slashdot Mirror

← Back to Stories (view on slashdot.org)

Fragmentation Leads To Android Insecurities

Posted by samzenpus on from the united-we-stand dept.

Rick Zeman writes "The Washington Post writes about how vendor fragmentation leads to security vulnerabilities and other exploits. This situation is '...making the world's most popular mobile operating system more vulnerable than its rivals to hackers, scam artists and a growing universe of malicious software' unlike Apple's iOS which they note has widely available updates several times a year. In light of many companies' Bring Your Own Device initiatives 'You have potentially millions of Androids making their way into the work space, accessing confidential documents,' said Christopher Soghoian, a former Federal Trade Commission technology expert who now works for the American Civil Liberties Union. 'It's like a really dry forest, and it's just waiting for a match.'"

5 of 318 comments (clear)

  1. Or... by MrDoh! · · Score: 5, Insightful

    iOS is a single target, get one sploit that works, you know it'll work on all of them. The recent exnyos sploit only worked on some Samsung chips. So.. hackers have more devices to attempt to hack! Though all this is a waste of time if people use non-standard app stores and/or download warez, then what do they really expect?

    --
    Waiting for an amusing sig.
    1. Re:Or... by DerekLyons · · Score: 5, Insightful

      Though all this is a waste of time if people use non-standard app stores and/or download warez, then what do they really expect?

      It's funny.... when Apple or Microsoft comes up, all the highly rated comments are about how Android lets you escape the walled garden and get your apps wherever you want from whomever you want. But let the story be about malware and security problems with Android - and all of the sudden it's the users fault for going outside the walled garden.

    2. Re:Or... by TheGratefulNet · · Score: 5, Insightful

      nexus one user, here. cm7.2 is 2.3.7

      likely, that will be all it ever runs.

      shame and pity that google designed this. they farked it up. would you tolerate a linux distro that ended just a few years after it started?

      that's how I feel. abandoned.

      I run linux hardware (x86) that is recent and I also have 10 yr old systems that are just fine (thanks) and I continue to get linux updates for them.

      but not android.

      stupid google. seriously. why do people give google a pass on shit like this? we would not put up with this on regular desk/server linux.

      --

      --
      "It is now safe to switch off your computer."
    3. Re:Or... by SuperKendall · · Score: 5, Insightful

      When given responsibility, people are expected to be responsible for themselves.

      The corollary is that it is IRRESPONSIBLE to give the masses a technology where it is IMPOSSIBLE for them to be responsible.

      If Android were just being marketed at technical users, that would be one thing. But to claim it's superior because it allows so much more freedom than most non-technical people can realistically control, and then pushing it on those same people. is borderline criminal.

      The iOS model is far superior. Technical users able to properly manage an open system are also able to fully unlock the system. But the default shipping mode is safe for people with little technical aptitude.

      --
      "There is more worth loving than we have strength to love." - Brian Jay Stanley
  2. I blame the SoC vendors and Google by Casandro · · Score: 5, Insightful

    If there was either a common hardware platform, like on the PC, where every PC is essentially compatible with every other PC, you could easily update your operating system without the manufacturer of the hardware.
    However SoC vendors don't want that, since it would mean that a device maker could easily switch from one SoC to another one. Plus they still use undocumented proprietary hardware in those SoCs, that's why you have binary device driver blobs which are hard to port.

    The other problem lies within Google. They should have mandated some sort of "BIOS" which would have allowed any operating system to see what kind of hardware there is. This wouldn't have been more than a few hundred bytes in the flash containing the bootloader. That way you could have a generic operating system image, which would read out that ROM and execute routines found in it to use the hardware and then, perhaps at a later stage, use specialized drivers... just like it's done on the PC.

    The sort of fragmentation we currently have in the Android market is simply bad, but a logical consequence from bundling hardware with the operating system. I just hope that one day the Chinese will wake up, and design a common hardware platform allowing the user to boot its own operating system from the SD-card, and even move it from device to device.