Sundar Pichai: Android Designed For Openness; Security a Lower Priority

← Back to Stories (view on slashdot.org)

Sundar Pichai: Android Designed For Openness; Security a Lower Priority

Posted by timothy on Thursday February 27, 2014 @05:59AM from the not-that-they-must-contradict dept.

An anonymous reader writes "Earlier this week, Google Android chief Sundar Pichai spoke at the Mobile World Congress where he explained, rather bluntly, that Android is designed to be open more so than it's designed to be safe. He also added that if he were a hacker today, he too would focus most of his efforts on Android on account of its marketshare position." Related: wiredmikey writes "Boeing is launching 'Boeing Black phone,' a self-destructing Android-based smartphone that the company says has no serviceable parts, and any attempted servicing or replacing of parts would destroy the product. 'Any attempt to break open the casing of the device would trigger functions that would delete the data and software contained within the device and make the device inoperable,' the company explained. ... The device should not be confused with the new encrypted Blackphone, developed by the U.S. secure communications firm Silent Circle with Spanish manufacturer Geeksphone."

117 comments

Min score:

Reason:

Sort:

Don't they know... by FuegoFuerte · 2014-02-27 06:02 · Score: 2, Insightful

If there's a way to put it together, there's a way to take it apart. Also, it kind of sucks to have your data wiped if your phone takes a major spill and thinks you're trying to break it open.
1. Re:Don't they know... by brainstem · 2014-02-27 06:11 · Score: 5, Informative
  
  RTFA. This phone is not designed to be sold to the general public. It is designed for specific security sensitive applications and use by government agencies.
2. Re:Don't they know... by rhook · 2014-02-27 06:52 · Score: 1
  
  Not if everything is fused together.
3. Re:Don't they know... by hurfy · 2014-02-27 07:33 · Score: 1
  
  So was my laptop battery at one point ;)
  Fused or not I assume it would still try and detect the pieces coming apart. One would hope it takes more than a Dremel wheel to defeat it.
4. Re:Don't they know... by FuegoFuerte · 2014-03-06 09:04 · Score: 1
  
  RMFP. I didn't say anything about who it would be sold to or who/what it was designed for, and those points are completely irrelevant to mine.
  To recap:
  1) If there's a way to put it together, there's a way to take it apart. This is true no matter who it's sold to. The defense industry tends to hire clever people, who are often clever at disassembly as well.
  2) It kind of sucks to have your data wiped if your phone takes a major spill and thinks you're trying to break it open. This is still true if you work on sooper sekrit stuphs. The suckage of a broken phone is not predicated on the usage model of the phone. There may be a good reason for that level of security, but having your data wiped from it unnecessarily would still make for a bad day.
  In summary, don't be such an ass.
5. Re:Don't they know... by hazydave · 2014-03-07 04:52 · Score: 1
  
  Most secure systems like this are assembled before applying power... that's how you put it together. When first powered up, the tamper detect mechanism is in place. And that piece of it is kept powered forever... lose power to the crypto engine, and the unit tampers. Once tampered, you have to reinstall the original software. So basically, even Boeing has no means of taking these apart without tampering them. If you had enough units to study and take apart, maybe you could, maybe not. The case itself can be a tamper trigger.
  
  --
  -Dave Haynie
Boeing making self-destructing phone? by Anonymous Coward · 2014-02-27 06:12 · Score: 0, Funny

Well, they do have lots of practice making self-destructing airplanes.
1. Re:Boeing making self-destructing phone? by lennier1 · 2014-02-27 06:34 · Score: 1
  
  True to their defense contractor traditions they'll probably try to destroy it by way of a drone strike.
So Don't Buy It by Anonymous Coward · 2014-02-27 06:14 · Score: 0

The phone isn't for you, as much as you may want it to be. For certain people, that's a risk they're willing to take.
CAPTCHA: defense
1. Re:So Don't Buy It by FuegoFuerte · 2014-03-06 08:58 · Score: 1
  
  Ooohhhh, look who knows so much...
  How do you know what industry I'm in, or what phone they'll want me to carry?
Disproportionate Malware by SuperKendall · 2014-02-27 06:14 · Score: 0, Troll

There's no way the market share on Android explains the malware for the device; Android is not 98% of the smartphone market, but it DOES have 98% of the malware.
This is exactly why for any non-technical user I cannot recommend Android. It's too dangerous for people who are not technically ept enough to properly manage security or know when something is fishy.

--
"There is more worth loving than we have strength to love." - Brian Jay Stanley
1. Re: Disproportionate Malware by Eugriped3z · 2014-02-27 06:39 · Score: 0, Troll
  
  Everything about Android IS fishy, starting with its origin and ending with Apps that are allowed 'access' to anything just because the developer asks. Access to my contact list in exchange for information on astronomy?! C'mon... Why does Google approve of such behavior?
  Apparently geeks only require security for their own personal data or that of their company and believe everyone else's is better off left wide open.
2. Re:Disproportionate Malware by Anonymous Coward · 2014-02-27 06:41 · Score: 0
  
  Most of that comes from 3rd party market places, which non-technical users don't know how to install.
3. Re:Disproportionate Malware by AmiMoJo · 2014-02-27 06:44 · Score: 4, Insightful
  
  I spent a few moments RTFA and TFS distorts it badly. What he is actually saying is that unless you lock the OS down like iOS is you will never get that level of security. In other words any open system that allows the owner to run the software they want to run can never be as secure as one that only runs software Apple wants to run.
  So, take your pick, run only Apple approved code (which as we saw recently isn't immune to malware anyway) or actually own your device and take some responsibility for it. Almost all malware for Android relies on the user being an idiot, and that is what this guy is saying. With power comes responsibility and all that.
  Also, you wouldn't expect that an OS with say 85% of the market would only get 85% of the malware. People gravitate towards the most popular systems, and you also have to consider that Android is much bigger in countries like China and India where they don't seem to have had as long as westerners to become get savvy to torjans or excessive permission requests. Many Chinese carriers put their own app stores on their devices too, and then fail to properly police them, and of course (trojan) pirate software is widespread.
  
  --
  const int one = 65536; (Silvermoon, Texture.cs)
  SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
4. Re:Disproportionate Malware by MightyYar · 2014-02-27 06:47 · Score: 1
  
  Isn't the vast majority (all?) of the malware side-loaded? That would explain the number, since you can't turn on side-loading on the i-things.
  
  --
  W..w..W - Willy Waterloo washes Warren Wiggins who is washing Waldo Woo.
5. Re:Disproportionate Malware by Anubis+IV · 2014-02-27 07:00 · Score: 2
  
  I'm still okay with recommending Android to non-technical users, given that most of them manage just fine on Macs and PCs that face the same primary vector for attack (i.e. the user downloading and installing a trojan).
  That said, yeah, Android is really getting a disproportionate share of the malware. More recent reports peg it at 99% of all mobile malware, and Pichai is trying to brush that away as a simple factor of market share, which is rather short-sighted. iOS currently sits around a 16% market share (and falling, due to Android outpacing iOS' rate of growth), which should be more than enough to attract malware. Especially so when you consider that iOS still attracts a comparable (some would argue better) amount of third-party support from developers making apps, as well as the fact that we still get reports like these (tl;dr: this last Christmas season, iOS users accounted for 5x more online purchases than Android users and spent roughly 2x as much on each purcase), making them potentially much more lucrative targets to developers of adware and malware.
  Yet, despite all of that, iOS malware rates aren't even being registered on any of the mobile malware reports I can find from the last quarter. I recall them being at something like 0.07% the quarter before that, with Blackberry even registering more malware than them.
6. Re:Disproportionate Malware by Anonymous Coward · 2014-02-27 07:01 · Score: 0
  
  because jailbreaking doesn't exist, right?
7. Re:Disproportionate Malware by SuperKendall · 2014-02-27 07:09 · Score: 0
  
  I'm still okay with recommending Android to non-technical users, given that most of them manage just fine on Macs and PCs that face the same primary vector for attack
  But with computers there is no really secure alternative (though I would still argue in this case Macs are more secure, since they manage updates in a way it's more likely to happen for non-technical users).
  With phones there is an alternative that we know is more secure - the iPhone. That is why I don't think it's right to steer non-technical users to a platform where they simply are not able to manage risk well.
  And it's not just downloading trojans that's the issue - it's really nasty stuff like the recent Android SMS exploit where just getting an SMS can infect you. And since so few hardware makers do updates with any frequency, there's not even a good plan for how those users could be automatically protected.
  
  --
  "There is more worth loving than we have strength to love." - Brian Jay Stanley
8. Re:Disproportionate Malware by maccodemonkey · 2014-02-27 07:13 · Score: 3, Insightful
  
  To be fair, there are issues with Android that don't have anything to do with signed code. On iOS, you can deny individual permissions (at the time they're actually exercised!) and still run an app (and modify those permissions post-install), whereas on Android it's an all or nothing sort of thing. That's more "open" but it's less "secure", and it doesn't really anything to do with app stores or code signing.
9. Re:Disproportionate Malware by SuperKendall · 2014-02-27 07:16 · Score: 1
  
  So, take your pick, run only Apple approved code (which as we saw recently isn't immune to malware anyway) or actually own your device and take some responsibility for it.
  I agree, but what I am saying is that for non-technical users they simply CANNOT take a proper level of responsibility for an Android device - they are simply not able to.
  
  --
  "There is more worth loving than we have strength to love." - Brian Jay Stanley
10. Re:Disproportionate Malware by Anonymous Coward · 2014-02-27 07:18 · Score: 0
  
  yes but it's akin to rooting not sideloading.
11. Re:Disproportionate Malware by Anonymous Coward · 2014-02-27 07:23 · Score: 0
  
  Tech crunch is full of shit on their numbers because they count ALL android phones, even the garbage stuff still running a 2.X android
  you dont listen to the morons at tech crunch, they are barely journalists.
12. Re:Disproportionate Malware by SuperKendall · 2014-02-27 07:31 · Score: 2
  
  People use those same devices when proclaiming how huge market share is - which means people still buy them. So they should be included in discussions on security.
  
  --
  "There is more worth loving than we have strength to love." - Brian Jay Stanley
13. Re:Disproportionate Malware by Anonymous Coward · 2014-02-27 08:04 · Score: 0
  
  The summary doesn't distort the article at all. For the most part, it's directly lifted from the first link.
  But the article itself is "via 9to5Mac", so it might be a little slanted.
14. Re:Disproportionate Malware by StripedCow · 2014-02-27 08:07 · Score: 1
  
  [...] any open system that allows the owner to run the software they want to run can never be as secure as one that only runs software Apple wants to run.
  So what you are saying is that none of the apps in the Apple app-store can be Turing-complete.
  
  --
  If Pandora's box is destined to be opened, *I* want to be the one to open it.
15. Re:Disproportionate Malware by Anonymous Coward · 2014-02-27 08:12 · Score: 0
  
  Also,
  
  What he is actually saying is that unless you lock the OS down like iOS is you will never get that level of security
  Is emphatically NOT what the article is stating. It specifically argues that "attributing Android's malware problem strictly to market share is a cop-out" and "it'd be nice to see Google work tirelessly to get ahead of malware rather than seemingly stating, "Well of course we have malware, we're popular!"".
  Are we reading the same article? I have no idea where you would get these impressions if you read the first link...
16. Re:Disproportionate Malware by AmiMoJo · 2014-02-27 08:14 · Score: 1
  
  Can you block internet access so that apps can't download advertising? Seems like developers of free apps would not be very happy about that. I do it on Android via a firewall, but I don't have an iOS device so I'm asking.
  
  --
  const int one = 65536; (Silvermoon, Texture.cs)
  SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
17. Re: Disproportionate Malware by maccodemonkey · 2014-02-27 08:17 · Score: 1
  
  No, on iOS internet access isn't considered a permission. Off the top of my head, the ones I remember are location, microphone, camera, and contacts. Access to pre-configured social network accounts I believe requires permission as well.
18. Re:Disproportionate Malware by Zordak · 2014-02-27 08:17 · Score: 1
  
  I don't personally use an iOS device, but my kids just turn off WiFi when playing Temple Run. Then it can't download any ads.
  
  --
  
  Today's Sesame Street was brought to you by the number e.
19. Re: Disproportionate Malware by AmiMoJo · 2014-02-27 09:04 · Score: 1
  
  Really? Apps don't have to ask for internet access, and you can't deny it to them?
  
  --
  const int one = 65536; (Silvermoon, Texture.cs)
  SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
20. Re:Disproportionate Malware by Anonymous Coward · 2014-02-27 09:04 · Score: 0
  
  Ever hear of a malware exploit (not a jailbreak) in the iOS wild? Yet to happen, AFIAK.
21. Re:Disproportionate Malware by Anonymous Coward · 2014-02-27 09:37 · Score: 0
  
  So, take your pick, run only Apple approved code (which as we saw recently isn't immune to malware anyway) or actually own your device and take some responsibility for it. Almost all malware for Android relies on the user being an idiot, and that is what this guy is saying.
  That's exactly the same as Windows on the desktop and look at the impression users have of its security. Most malware for Windows relies on the user being an idiot too, sure there are drive-by attacks on Windows but the same goes for Android as well (even iOS had a security issue that allowed it to be jailbroken by a website). Users do not want to take responsibility in that way, it is more preferable to put their trust in a company like Apple that has a vested interest in both pleasing their customers and protecting their platform.
22. Re:Disproportionate Malware by pnutjam · 2014-02-27 09:38 · Score: 1
  
  If your not side loading apps your risk is very low. Stick to Play Store.
  
  --
  Cheap storage VM.
23. Re:Disproportionate Malware by cbhacking · 2014-02-27 09:46 · Score: 1
  
  You don't understand how malware works, do you? It's a market. Money, the almighty buck, is the driving force of it. Not even necessarily the *user's* money either, although genuine mobile botnets are less common than on PCs.
  When writing malware, why would you target the player with 25% marketshare if you could target the one with 70% instead? That's voluntarily giving up about 2/3 of your potential income. Even if it was much harder to exploit Android (which it really isn't), they would still be the preferred target, because the return on investment is so much higher.
  This is the same reason malware for Windows is so valuable, and exploits for that platform are more commonly weaponized than on other platforms. Malware authors are a lot less likely to invest a bunch of development time, and then risk jail time, to try and take over the #2 platform, even though a working exploit on Windows actually costs a lot more (or is alternatively harder to find) than on OS X. Of course, most malware isn't "exploits" in any proper sense anyhow, it's just Trojans. Those work equally well on all platforms, desktop and mobile. They're still illegal though, so again, not many people are going to go for anything but the biggest potential bag of money. The risk is the same anyhow...
  
  --
  There's no place I could be, since I've found Serenity...
24. Re: Disproportionate Malware by maccodemonkey · 2014-02-27 09:48 · Score: 1
  
  Really? Apps don't have to ask for internet access, and you can't deny it to them?
  No. But iOS protects any resource that would be considered something you wouldn't want uploaded (i.e. Contacts.) iOS apps are sandboxed as well which means that an app can't access files created by another app (so it's not going to be able to upload documents or settings from another app), and an app can't download a bunch of stuff to a system directory. So you can't deny an app internet access, but unless you're worried about an app running up your data bill, there isn't much reason you'd want to as anything valuable an app could send out is protected.
  If you really wanted to block individual apps or firewall, especially if you're a corporation, you could put a device under MDM management, which I believe offers some ability to firewall a device, and do other things like force a device onto a VPN where you can manage traffic. So if you have serious interest in patrolling network traffic on an iOS device you can, but it's mostly focused at IT departments.
25. Re:Disproportionate Malware by cbhacking · 2014-02-27 09:53 · Score: 1
  
  ... That is an explicit requirement of Apple's approval process, just in case you've been living under a rock for the last seven or so years. Actually, the requirement is that they can't run *arbitrary* code - you're allowed to include a (Turing-complete) game emulator in an app, so long as it can only load the game(s) included with the app - in practice it's the same thing. An app that can load arbitrary ROM images would be prohibited. So would one that includes its own JS engine (this is why Chrome on iOS actually uses the performance-crippled version of Safari's engine that is all third-party apps can access) or user-accessible scripting language.
  
  --
  There's no place I could be, since I've found Serenity...
26. Re: Disproportionate Malware by AmiMoJo · 2014-02-27 09:54 · Score: 1
  
  I had no idea it was that bad. Apps have access to personal data without permissions, things like unique device IDs and anything you enter into the app itself. They can also download advertising and collect data like how long you use the app and what you do in it. I deny most apps internet access by default unless there is a really good reason for them to have it.
  
  --
  const int one = 65536; (Silvermoon, Texture.cs)
  SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
27. Re:Disproportionate Malware by exomondo · 2014-02-27 09:55 · Score: 1
  
  it's really nasty stuff like the recent Android SMS exploit where just getting an SMS can infect you.
  Which one is that? I did see a recent SMS exploit but it relied on the user using the Facebook app, being presented a particular ad from Facebook's ad network, clicking on that ad and following it to a fake version of google play then downloading a malicious application and only then are they available to the SMS vulnerability. Perhaps you are thinking of another one but that's the only one I've seen recently.
28. Re: Disproportionate Malware by maccodemonkey · 2014-02-27 10:02 · Score: 1
  
  I had no idea it was that bad. Apps have access to personal data without permissions, things like unique device IDs and anything you enter into the app itself. They can also download advertising and collect data like how long you use the app and what you do in it. I deny most apps internet access by default unless there is a really good reason for them to have it.
  Unique device ids are not available under iOS as of... iOS 6 I think? It might have been 5.
  Apple will give you a per-app-per-install id that is only valid for your app for that specific install. You can't use it to derive personal information about the device or relate to any other app installs. It's basically a one time locally generated UUID that is saved for that app. You might be able to identify people with a push id, but that requires permissions.
  That gave the advertisers and analytics people fits when the changeover happened.
29. Re:Disproportionate Malware by cbhacking · 2014-02-27 10:03 · Score: 1
  
  Yes, actually; some malicious sites used the same exploit as the jailbreak for drive-by malware installations. The hilarious thing is that the only way to defend against it (either early, before Apple released the fix, or after they dropped support for older devices so the patch was never officially available) was to jailbreak your phone and use the elevated access to patch the vulnerability yourself.
  There were also exploits which targeted jailbroken iOS devices, since a number of the security defaults post-jailbreak were really stupid (SSH server running with a default password, for example).
  These days target iOS with malware is pretty stupid, though; why go for under 20% of the market when you can target over 70% instead? Same risk (get your ass locked away for 10 years), much bigger payout. Malware is business, nothing more. There have been plenty of POCs of iOS malware*, but most of them don't get weaponized because the risk isn't worth the reward.
  * Note: most of these POCs don't have or need root, so they aren't useful for jailbreaking.
  
  --
  There's no place I could be, since I've found Serenity...
30. Re:Disproportionate Malware by Anubis+IV · 2014-02-27 10:55 · Score: 1
  
  Depends how we define "in the wild". There was a proof-of-concept app released that took advantage of a current exploit in iOS. It was reported here on Slashdot just two days ago. There was also the ability to wirelessly jailbreak iOS devices at one point in time by simply visiting a specially-crafted web page, which could open up all sorts of other attacks, though the hole that allowed that has since been patched. Even so, tens of thousands of users jailbroke their devices that way before it was patched, and it's likely that someone else could have deployed it as a drive-by jailbreak before it was patched.
31. Re: Disproportionate Malware by Anonymous Coward · 2014-02-27 11:11 · Score: 0
  
  well you can turn off WiFi and that will disable it.
32. Re:Disproportionate Malware by Anonymous Coward · 2014-02-27 11:27 · Score: 0
  
  Do you have a source for this no exploits? because you know that if you just claim that there are none that it does not make it true.
33. Re: Disproportionate Malware by Incadenza · 2014-02-27 12:07 · Score: 1
  
  You forget access to mobile date (over the phone network). So Internet access over wi-fi isn't considered a permission, but Internet access over cellular is.
34. Re: Disproportionate Malware by Anonymous Coward · 2014-02-27 12:09 · Score: 0
  
  Cellular data for the entire phone, as well as cellular data access on a per-app basis, is available in the Settings app. Granted, this doesn't cover Wifi.
35. Re:Disproportionate Malware by SuperKendall · 2014-02-27 12:48 · Score: 1
  
  You don't understand how malware works, do you? It's a market. Money, the almighty buck, is the driving force of it.
  Then you would ABSOLUTELY target iOS preferentially.
  
  --
  "There is more worth loving than we have strength to love." - Brian Jay Stanley
36. Re:Disproportionate Malware by Anonymous Coward · 2014-02-27 14:08 · Score: 0
  
  But with computers there is no really secure alternative (though I would still argue in this case Macs are more secure, since they manage updates in a way it's more likely to happen for non-technical users).
  Oh right just like for those 20% of users that are on Snow Leopard for which they silently dropped updates, clearly they managed that real well.
37. Re:Disproportionate Malware by Anonymous Coward · 2014-02-27 14:15 · Score: 0
  
  Then you would ABSOLUTELY target iOS preferentially.
  Why? Are iOS users objectively stupider and more likely to fall for these malware scams? Since fooling the user is the most common way malware propagates.
38. Re: Disproportionate Malware by AmiMoJo · 2014-02-27 23:55 · Score: 1
  
  That's still a unique device ID, just unique per app. The developer can use it to see what you personally have done with the app by transmitting usage data stamped with this ID.
  
  --
  const int one = 65536; (Silvermoon, Texture.cs)
  SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
39. Re: Disproportionate Malware by Dog-Cow · 2014-02-28 00:38 · Score: 2
  
  Any app can do that on any device. If you don't want software on a mobile device to have access to the 'net, don't install it. It's not an inherent insecurity to have network access.
  (On iOS 7, you can disable access over cellular on a per-app basis to cut down your data usage.)
40. Re: Disproportionate Malware by AmiMoJo · 2014-02-28 06:12 · Score: 1
  
  On Android internet access is a permission apps have to ask for. If you root your device you can block apps with the permission anyway, or simply choose not to install them.
  At least by making it a permission you can tell before hand if the app is going to access the internet. It seems that on iOS there is no way to know, short of packet-sniffing your wifi and doing a lot of detective work.
  
  --
  const int one = 65536; (Silvermoon, Texture.cs)
  SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
41. Re: Disproportionate Malware by Anonymous Coward · 2014-02-28 06:26 · Score: 0
  
  Wait, this whole time you've been bitching, you failed to mention that the only way to reject Internet access per app (short of just not installing the app) is to root the device? Then saying silly stuff like "I had no idea it was that bad" with the iphone. Jeez.... can't believe I just read through this whole shaggy dog thread.
42. Re:Disproportionate Malware by hazydave · 2014-03-07 04:58 · Score: 1
  
  Non - technical users are only using Google Play, maybe Amazon, for their Android software. Of that malware, only 0.3% of it was ever on the Play Store, and in all cases quickly removed.
  Freedom is risk. With Android, you are free to stay safe, or choose more freedom in return for less safety. IOS and the others only offer safety, including safety from yourself and safety from their perceived software competitors. Maybe that's ok for some people.
  
  --
  -Dave Haynie
The market has spoken by Anonymous Coward · 2014-02-27 06:15 · Score: 2, Interesting

Blackberry prioritized security over extensibility. Where did that get them?
1. Re:The market has spoken by marcello_dl · 2014-02-27 06:33 · Score: 1
  
  Blackberry had the wrong business model, we are in the new millennium.
  Wrong business model: concentrate on the product.
  Right business model: give free or cheap stuff away and collect users' data in return.
  Oh and the new millennium sucks.
  
  --
  ---- MISSING MISCELLANEOUS DATA SEGMENT --- [sigdash] trolololol
2. Re:The market has spoken by rsborg · 2014-02-27 06:41 · Score: 0
  
  Wrong business model: concentrate on the product.
  No, Blackberry got beat there, too, by Apple. You could just as well say "frozen OJ" is "concentrating on product". What matters isn't how hard you work, but what you're working on, and whether it has appeal.
  Android being "open" and given away free to manufacturers and carriers wouldn't be worth a shit without their mimicking a successful design and adopting the iPhone look and feel. In 2006, Android devices being specced looked like a Blackberry copy, in 2008, they pivoted to become iPhone imitations.
  
  --
  Make sure everyone's vote counts: Verified Voting
Got it by Anonymous Coward · 2014-02-27 06:22 · Score: 0

"The device should not be confused with the new encrypted Blackphone" - got it. Black phone, Blackphone. No problem. Genius level work there, guys...
Bad headline by Anonymous Coward · 2014-02-27 06:24 · Score: 1

but I digress...
If Android was made to be open, with security as a far flung after thought, wouldn't its open nature prove it to be more secure by its availablitiy to 'more eyes'? I'm not talking about the implementation here, but the nature of its existence.
That said, and with regard to that openness, hasn't the mobile security landscape changed a little in the past few years? More threats than ever now on the mobile landscape, and I would think that openness would be a much appreciated door to combat such things. With carriers not providing Android updates to the phones they're selling, I'm a little annoyed by the fact that I can't flatly update the Andriod version without 1) rooting it, and 2) worrying that it might nuke my entire phone OS and data, even if I do. Honestly, we shouldn't be at this point with mobile devices, specifically Android. The more I use it, the more I'm wondering why there are hoops to jump through when every other device in my aresenal, is click to update. My LG, just doesn't have that ability. And while I'm more than technically adept at rooting and applying the latest release, the risk almost becomes greater to do it, than not and living with the threats of the wild.
Conclusion? Either fork Android and strip out almost everything 'Google required communication', or go to my Gentoo PC and start working on my own mobile dist. Knowing every intricacy with updating Android on my phone, for risk purposes, requires hours if not days of discovery, for a device that should do maybe a dozen different tasks at any given time. Getting a dumb phone with only text and call ability is looking more and more favorable as the days progress.
And just to mention it, I'm just not gonna shell out more than $100 for a new phone. Any phone, at any given time! Ever!
1. Re:Bad headline by tbuddy · 2014-02-27 06:46 · Score: 2
  
  For the small percent who does root their phone it isn't a huge concern, but considering the most popular firmware claims around 10 million installs compared to the 1 billion total Android devices there are a ton of people left in the dark. Most of the people I know who use Android devices get the free phone, the 1 phone, or get the stupid Casio "rugged" phone. All of those options are going to leave them in the dark on updates.
  
  I spend quite a bit more for my devices than $100, but that's because I hate being locked to a carrier or paying the big four carriers' fees. Paying more for my device and having a sub-$30 bill compared to the $79+ bill I'd have for a smartphone on Verizon is a no brainer to me. Even buying the ultra bestest Samsung phone at $700 outright buyout isn't a big deal when I'll save that much in half the two year contract time.
2. Re:Bad headline by Lumpy · 2014-02-27 07:21 · Score: 1
  
  There are no "many eyes" on Android The most important parts, the drivers, are closed source binary blobs in most cases. It is ungodly easy to hide crap inside those blobs.
  
  --
  Do not look at laser with remaining good eye.
3. Re:Bad headline by exomondo · 2014-02-27 10:04 · Score: 2
  
  There are no "many eyes" on Android The most important parts, the drivers, are closed source binary blobs in most cases. It is ungodly easy to hide crap inside those blobs.
  The key is to differentiate between Android and AOSP, there are many eyes on AOSP but devices don't actually ship with AOSP, as you say they ship with many binary blobs that are platform services, UI layer, stock & 3rd party applications and drivers for all the hardware. The Android Open Source Project is open but (AFAIK) there is no device that runs Android that is open.
A phone which self destructs when taken apart? by Minwee · 2014-02-27 06:28 · Score: 2

I thought that the HTC One already had that market cornered.
Nah, Android is like teh future n stuff. by Anonymous Coward · 2014-02-27 06:30 · Score: 0

Newer = better, more = better. Newer + more = more better. Fragmented semi-OSS platforms don't just have vulnerabilities, they have MORE!
It's designed to be open? by Anonymous Coward · 2014-02-27 06:32 · Score: 1

Then why can't I use an old phone as a usb to bluetooth adapter for my old laptop? And why can't I use an old phone as a bluetooth "audio receiver" so that I don't have to buy a $200 mono speaker in order to enjoy wireless audio from my regular phone? It seems to be a combination of software restriction and no one has made the app, but the hardware should do these things just fine, so what about Android is open? Its ability to manipulate the hardware via simple abstraction? It's opened source, but it hasn't opened my phone yet.
1. Re:It's designed to be open? by Lumpy · 2014-02-27 07:20 · Score: 1
  
  You must not have listened to A2DP Bluetooth audio.. you dont enjoy barely FM radio quality from them. Just plug it in, it's 20X better sounding.
  
  --
  Do not look at laser with remaining good eye.
I thought it was that other website by Anonymous Coward · 2014-02-27 06:32 · Score: 0

and they were making a Boing Boing Phone.
GPL Compliant? by RevSpaminator · 2014-02-27 06:41 · Score: 1

I'd love to see how Boeing is maintaining GPL compliance with their Android based phone. Does anyone believe they won't make any modifications to the core OS? And how much will the NSA pay for a backdoor?
1. Re: GPL Compliant? by Anonymous Coward · 2014-02-27 07:26 · Score: 0
  
  What's to say they didn't foot the bill for it so China isn't listening...
Boeing needs to sell to the DOD by WindBourne · 2014-02-27 06:41 · Score: 2, Interesting

Seriously, this is the kind of phone that should be in our troops hands. Basically, we need secured systems that are also weather and water proof. And if Boeing builds it with western chips, then it should be fully secured.

--
I prefer the "u" in honour as it seems to be missing these days.
1. Re: Boeing needs to sell to the DOD by Anonymous Coward · 2014-02-27 07:22 · Score: 0
  
  http://www.boeing.com/boeing/defense-space/ic/black/index.page
  Dual sim-card capability. Here's a link to the pdf: http://www.boeing.com/assets/pdf/defense-space/ic/black/boeing_black_smartphone_product_card.pdf
Seriously??? by Anonymous Coward · 2014-02-27 06:51 · Score: 1

Ok, we have Google's Android chief admit that security isn't their priority and that malware makers _should_ target their users and Slashdot tacks on a "related" article about Boeing making a destructible phone which, really, has ABSOLUTELY NOTHING TO DO WITH THE FIRST SUBMISSION.
Come on! Really?
Let's make it a bit more obvious that we're all HUGE fans of Android and don't want there to be any discussion about anything vaguely negative about the OS, why don't we. Two entirely unrelated discussions in the same thread watering down the very relevant discussion about Google's admission that security for their mobile OS isn't a priority.
Holy fucking biased much?
1. Re:Seriously??? by Anonymous Coward · 2014-02-27 07:32 · Score: 0
  
  Yes clearly you are biased much. But that's ok i don't care, and you may have some good points, that i would never take seriously because i'ts clear you made no attempt to RTFA or understand what he was saying. BTW it wasn't that security isn't a priority.
Some of the old DVI interfaces on TV's did this by Anonymous Coward · 2014-02-27 06:54 · Score: 0

I had an old JVC rear CRT projection TV that had an elaborate procedure you had to follow if you disassembled it (to prevent it from wiping the HDCP software when exposed to light.)
1. Re:Some of the old DVI interfaces on TV's did this by sexconker · 2014-02-27 07:14 · Score: 0
  
  I had an old JVC rear CRT projection TV that had an elaborate procedure you had to follow if you disassembled it (to prevent it from wiping the HDCP software when exposed to light.)
  That "elaborate procedure" was "turn off single light in basement".
Hmmm by AdmV0rl0n · 2014-02-27 07:09 · Score: 1

Yeah, its so open each phone tends to have issues on boot loaders and on getting root. And yet, despite that, its more open to the malware writers than to its users.
tut tut tut.

--
We`re all equal .. Just some of us are less equal than others.
Even more related news... by Anubis+IV · 2014-02-27 07:10 · Score: 3, Informative

The summary provided some related news, but isn't the fact that Apple just published a white paper about the security of iOS a bit more relevant to comments from Android's chief about its security than what the summary provided?
For example, consider the contrast in how the two companies approach the topic of security:
Google's Android chief: "We can not guarantee that Android is designed to be safe, the format was designed to give more freedom."
Apple's white paper: "Apple designed the iOS platform with security at its core. [...] The tight integration of hardware and software on iOS devices ensures that each component of the system is trusted, and validates the system as a whole."
The two approaches are practically polar opposites of each other, which I find horribly fascinating. As with pretty much everything, there are tradeoffs to either side. Android enjoys a load of benefits from being more open, and Apple enjoys a load of benefits from being more closed. Pick which works best for you and appreciate the differences.
1. Re:Even more related news... by Anonymous Coward · 2014-02-27 09:01 · Score: 0
  
  Ahh yes, because comparing a carefully sanitized white paper with some out-of-context off-the-cuff comments clearly highlights the differences between two systems.
2. Re:Even more related news... by bloodhawk · 2014-02-27 09:36 · Score: 0
  
  What Apple is saying there is basically Marketing BS. They have demonstrated time and again that security is NOT their primary concern in design.
Bet you $100.... by Lumpy · 2014-02-27 07:18 · Score: 1

That the Boeing phone will give the NSA and Law enforcement the keys to the kingdom. There is no way they made a secure phone, the US government will not allow it.

--
Do not look at laser with remaining good eye.
1. Re:Bet you $100.... by lagomorpha2 · 2014-02-27 07:41 · Score: 1
  
  That the Boeing phone will give the NSA and Law enforcement the keys to the kingdom. There is no way they made a secure phone, the US government will not allow it.
  ...unless they only sell the phone to NSA approved government employees.
2. Re:Bet you $100.... by tlhIngan · 2014-02-27 08:58 · Score: 1
  
  That the Boeing phone will give the NSA and Law enforcement the keys to the kingdom. There is no way they made a secure phone, the US government will not allow it.
  ...unless they only sell the phone to NSA approved government employees.
  Given Boeing doesn't make phones normally, the only reason it exists is because we're talking about Boeing the defense contractor, and not Boeing the plane manufacturer.
  The phone will most likely only be sold to government for government use only. In which case, well, it doesn't matter if the NSA has all the keys because well, it's all government. It'll be issued to government employees (and the military), and basically owned by the US government.
  Civilians most likely won't be able to get their hands on it, so those who complain about privacy being compromised well, they're going to be used by people who agreed to it anyways.
3. Re:Bet you $100.... by Anonymous Coward · 2014-02-27 10:14 · Score: 0
  
  Devil's advocate:
  Define "secure".
  For me, the NSA is way low on my list of people I'm worried about. However, this phone does protect data if it gets lost or taken in a mugging [1], which is a lot higher on my threat list. I also fear China a lot more than the US... At least the NSA won't destroy an industry like China has been known to do, similar to how the US solar industry was obliterated by predatory practices (hacking companies to gain the mask files, then flooding panels cheaper than the cost of the rare earths it takes to make the panels.)
  [1]: Only reason that mugging occurrences went down in the first place was the move to credit cards by most people, so an assault would have to be coupled with CC fraud in order to score any money. Now that thieves know they can get a fat wad of meth from someone by taking their phone, they are going back up. Welcome back to NYC in the 1970s.
4. Re:Bet you $100.... by lagomorpha2 · 2014-02-27 10:42 · Score: 1
  
  "the only reason it exists is because we're talking about Boeing the defense contractor, and not Boeing the plane manufacturer."
  Well either that or Boeing has decided to produce the first cellphone with retractable wings and turbofan engines. Likely? No but a man can dream.
Not vast majority by SuperKendall · 2014-02-27 07:19 · Score: 0

There is malware in Google Play.
There are also exploits like the recent SMS attack on Android via Facebook ads.
You don't need to side-load to be compromised on Android, and most non-technical people have very few options for updating devices if there are security patches in newer Android versions.

--
"There is more worth loving than we have strength to love." - Brian Jay Stanley
1. Re:Not vast majority by MightyYar · 2014-02-27 07:37 · Score: 3, Informative
  
  The link you posted is a side-loading exploit, albeit one that begins with instructions when you click on an ad. You have to download the app and then sideload it.
  
  --
  W..w..W - Willy Waterloo washes Warren Wiggins who is washing Waldo Woo.
Built in MITM attack "security"? by SuperKendall · 2014-02-27 07:24 · Score: 2

Blackberry prioritized security over extensibility.
They had a built in man in the middle attack. I would argue they NEVER prioritized security, just presented a strong illusion of it.
It would be more accurate to say, Blackberry prioritized email above everything. And look where that got them... but it is not true of the iPhone or Android.

--
"There is more worth loving than we have strength to love." - Brian Jay Stanley
Fail to see the related part by hurfy · 2014-02-27 07:43 · Score: 1

I don't think that was the 'open' they were talking about.
How long have the editors been bots? ...as if we haven't suspected....
Slippery slope by tepples · 2014-02-27 07:50 · Score: 1

The phone isn't for you
What worries me is that if this is successful, certain control-freak mobile phone, tablet, and video game hardware manufacturers are likely to point to this as a success story and attempt to make this the standard for devices sold to home users.
1. Re:Slippery slope by gnick · 2014-02-27 09:07 · Score: 1
  
  ...attempt to make this the standard for devices sold to home users.
  How hard would it be for a competitor to come forward with a marketing campaign like, "This phone won't commit suicide if it falls off the bed"? It seems like that would draw a bigger customer base than "This phone will self-destruct."
  
  --
  He's getting rather old, but he's a good mouse.
2. Re:Slippery slope by Krojack · 2014-02-27 09:33 · Score: 1
  
  When it comes to phones and tablets, I don't believe the manufactures really want to lock down the devices. Several offer tools from their websites to unlock bootloaders. It's the cell network carriers that force the manufactures to lock down the devices.
Tap Back by tepples · 2014-02-27 07:51 · Score: 2

Access to my contact list in exchange for information on astronomy?!

That's why Android has a system-wide Back button. If you disagree with the permissions that an application requests, tap Back instead of Install, and take it up with the application's publisher.
1. Re:Tap Back by rsborg · 2014-02-27 08:24 · Score: 4, Insightful
  
  Access to my contact list in exchange for information on astronomy?!
  That's why Android has a system-wide Back button. If you disagree with the permissions that an application requests, tap Back instead of Install, and take it up with the application's publisher.
  And that kind of attitude is why Android's privacy model is flawed. This puts the control of your options at the whim of the developer. Instead *you* should be able to disable the camera, or disallow access to your GPS for any given app. If I find out after the fact that I don't want an app to have access to that information, I shouldn't have to uninstall the whole app. Example: weather apps almost always (reasonably) ask for my location info. I deny them, because, I have all my locations already entered. They don't need to know where I've been, but I still like to get the forecast on my phone.
  
  --
  Make sure everyone's vote counts: Verified Voting
2. Re: Tap Back by ShieldW0lf · 2014-02-27 08:40 · Score: 1
  
  Contrasted with what, Apple?
  Here's a hypothesis: Most malware is written by groups associated with the US government and their allies, the UK and Israel.
  It's easier to just call Apple because they completely own anyone who buys their products already and Apple will do what they want.
  Android isn't secure, true, but at least it isn't always owned the moment you get it, though Google does try.
  Thus, the malware targets the devices that are most secure, from the perspective of those on the attack.
  Add in some foreign governments and the odd purely mercenary criminal group, and there's your malware scene.
  Just a hypothesis...
  
  --
  -1 Uncomfortable Truth
3. Re:Tap Back by Krojack · 2014-02-27 09:41 · Score: 1
  
  On top of that, at least you get to see what that app wants access to before installing it. Last time I used my iPad it wouldn't show me anything before installing something.
4. Re: Tap Back by rsborg · 2014-02-27 10:24 · Score: 1
  
  Contrasted with what, Apple?
  I gave actual examples of why I find Apple's privacy model better than Google's. Can you rebut that, or are you just going to go on about "Apple owning the user".
  
  Android isn't secure, true, but at least it isn't always owned the moment you get it, though Google does try.
  Thus, the malware targets the devices that are most secure, from the perspective of those on the attack.
  This just shows have zero understanding of basic economics. The lower hanging fruit is always the best bet unless you can justify that the more difficult is indeed far more profitable. And guess what - iPhone users are more valuable to advertisers and developers [1]... yet have only 1% of the malware. Nice try at sophistry.
  [1] https://digiday.com/platforms/...
  
  --
  Make sure everyone's vote counts: Verified Voting
5. Re: Tap Back by ShieldW0lf · 2014-02-27 11:55 · Score: 1
  
  If you sign up with Apple, they have complete control over your device from the hardware to the software, they know who you are, and they'll tell the authorities anything they ask.
  If you buy an Android phone, there is no one entity that has control like Apple does.
  Your position is based around the motive of the "hackers" being economic. If they're just scammers trying to steal money, then yeah, Apple is probably more secure.
  I believe the motive of the majority of malware does not come from such people, is not economically motivated, but is rather written by government agencies.
  No one is really that interested in stealing your identity for money. It's just fear-mongering.
  
  --
  -1 Uncomfortable Truth
6. Re: Tap Back by Anonymous Coward · 2014-02-27 13:45 · Score: 0
  
  If you sign up with Apple, they have complete control over your device from the hardware to the software
  In what way?
  
  they know who you are
  Of course they do, you told them...duh. Just like when you sign up for a google account.
  
  and they'll tell the authorities anything they ask.
  Citation? I dont think there is any company that will just tell the "authorities" (which also is a completely ambiguous term) anything they ask.
  
  If you buy an Android phone, there is no one entity that has control like Apple does.
  How do you know that? Do you have an Android phone that is 100% open? Because last time I checked pretty much every single Android phone ships with binary blobs.
  
  I believe the motive of the majority of malware does not come from such people, is not economically motivated, but is rather written by government agencies.
  And do you have any evidence to support that? Why would they even need malware when they can just contact the platform vendors (like you claim they can) or just intercept communications along the way? Which malware do you believe was created by government agencies?
Disingenuous by MrL0G1C · 2014-02-27 08:29 · Score: 4, Insightful

Since when was security mutually exclusive with openness?
It's pretty obvious that Google has refused to give users the optional security permissions that they would like to have control of.
It's daft that you have to root your phone in order to be able to increase the security.
And just because Apple have (A) good security and (B) a crazy degree of control freakery, doesn't mean that everyone else with good security needs to be a control freak too which is some in these threads are insinuating.

--
Waterfox - a Firefox fork with legacy extension support, security updates and better privacy by default.
Android is Open? by hi-endian · 2014-02-27 09:22 · Score: 1

... what a joke.
1. Re:Android is Open? by Anonymous Coward · 2014-02-27 09:32 · Score: 0
  
  It's open source. What more do you want? (I mean that question literally, not metaphorically - what more DO you want?)
2. Re:Android is Open? by hi-endian · 2014-02-27 10:00 · Score: 1
  
  I would agree that it *was* open-source, but these days it's open in name only. Google has been chipping away at its openness for years, making it almost useless/impossible to fork.
  
  I'll be the first to admit that my knowledge of this topic is almost completely second-hand, so if I'm talking out of my ass, please correct me. However this article sums up fairly well my understanding of the current situation:
  
  http://arstechnica.com/information-technology/2014/02/neither-microsoft-nokia-nor-anyone-else-should-fork-android-its-unforkable/
  
  The article is largely about Microsoft's relationship to Android (or lack thereof), but talks quite a bit about the current state of Android's "openness."
3. Re:Android is Open? by hi-endian · 2014-02-27 10:14 · Score: 2
  
  ... and in the interest of "balance," (again, as I have little firsthand knowledge, it is difficult for me to ascertain how balanced this actually is) here's a rebuttal from an employee at Google:
  
  http://arstechnica.com/information-technology/2014/02/neither-microsoft-nokia-nor-anyone-else-should-fork-android-its-unforkable/?comments=1&post=26199423
  
  (via Reddit)
Monkey see, monkey lockdown by tepples · 2014-02-27 09:33 · Score: 1

How hard would it be for a competitor to come forward with a marketing campaign like, "This phone won't commit suicide if it falls off the bed"?
Given that both Sony and Microsoft made a business decision to adapt Nintendo's the lockout chip business model for their set-top gaming computers, I'm guessing manufacturers of other entertainment devices would be eager to imitate one another's repair lockout measures if it thinks the measure will help them seek more rents.
You might not even need an app by tepples · 2014-02-27 09:39 · Score: 1

Instead *you* should be able to disable the camera, or disallow access to your GPS for any given app.
The developer always has the opportunity to make the activity close itself if you don't grant it the right permissions. (In fact, this is what applications do by default in modded ROMs and in Android 4.3 with App Ops because they don't catch SecurityException.) So again, the beef is between you and the developer. You could always get applications from F-Droid, where all applications are distributed under a free software license. Then you can load an application's source code into Android SDK and compile out the feature that you insist on not using.

[Weather application developers] don't need to know where I've been, but I still like to get the forecast on my phone.
If you insist on keying each location into a weather service, you don't need a dedicated application at all. All you need to do is point your web browser at weather.gov.
1. Re:You might not even need an app by rsborg · 2014-02-27 12:34 · Score: 2
  
  The developer always has the opportunity to make the activity close itself if you don't grant it the right permissions. (In fact, this is what applications do by default in modded ROMs and in Android 4.3 with App Ops because they don't catch SecurityException.) So again, the beef is between you and the developer. You could always get applications from F-Droid, where all applications are distributed under a free software license. Then you can load an application's source code into Android SDK and compile out the feature that you insist on not using.
  No my beef is with Google/Android's weakness at letting users control their apps, I'll keep using my iPhone, thanks. While you look down on iOS users, you feel free to jump through all those wonderful hoops to lick the developer's boots or maybe I'll look down at you instead for simply rolling over and taking what the developers offer instead of taking control of your own device.
  
  --
  Make sure everyone's vote counts: Verified Voting
2. Re:You might not even need an app by tepples · 2014-02-27 13:30 · Score: 1
  
  Let me guess: you bought the Mac and the $99 per year certificate so that you can actually control your phone.
3. Re:You might not even need an app by Anonymous Coward · 2014-02-27 13:58 · Score: 0
  
  You could always get applications from F-Droid, where all applications are distributed under a free software license. Then you can load an application's source code into Android SDK and compile out the feature that you insist on not using.
  But not everybody has a desktop pc or laptop on which they could do this. How should such a person go about resolving the issue in that case?
4. Re:You might not even need an app by tepples · 2014-02-28 02:51 · Score: 1
  
  But not everybody has a desktop pc or laptop on which they could do this.
  Scroogled.com lists new 10" Windows laptops for $250 as competitors to the Chromebook.
5. Re:You might not even need an app by Anonymous Coward · 2014-02-28 11:17 · Score: 0
  
  But there are many people who will have bought an Android device as their primary computer and may not be able to afford an additional computer.
6. Re:You might not even need an app by tepples · 2014-03-01 04:20 · Score: 1
  
  This discussion can go in any of three ways. Feel free to reply to any or all of them:
  First, someone who owns an Android tablet and a Bluetooth keyboard can use AIDE. I haven't used AIDE, so I can't tell how easy it would be to load the project file of a free Android app, but AIDE is supposed to allow development of Android applications directly on an Android device.
  Second, you're describing the niche case of someone who bought a tablet running a so-called mobile operating system as a primary computing device, but he insists on using a particular app while distrusting its privacy policy. Why would such a person have bought such a tablet in the first place as opposed to a PC?
  Third, someone who owns an Android tablet and no PC can sell the Android tablet and use the money to buy a PC. I've asked about a situation like this before in comments to other Slashdot stories, using the example of a high school student who takes a programming class but cannot complete the homework because the only computer to which he has regular access is a tablet running a so-called mobile operating system, which he received as a gift. Replies in more than one story have recommended selling the tablet.
7. Re:You might not even need an app by swillden · 2014-03-01 07:31 · Score: 1
  
  No my beef is with Google/Android's weakness at letting users control their apps, I'll keep using my iPhone, thanks.
  Because Apple/iOS gives you such strong control over your apps?
  
  --
  Note to ACs: I usually delete AC replies without reading them. If you want to talk to me, log in.
T-Mobile: the uncarrier by tepples · 2014-02-27 09:48 · Score: 1

It's the cell network carriers that force the manufactures to lock down the devices.
Fortunately, T-Mobile USA and the prepaid MVNOs have managed to pressure AT&T into offering plans priced without a hardware subsidy. When the phone is sold separately, what stops the manufacturers from selling unlocked phones in the U.S. market that work on AT&T, T-Mobile, or any of their MVNOs?
What Sundar actually said... by TrueSpeed · 2014-02-27 16:22 · Score: 3, Informative

Here's what Sundar Pichai actually said minus the selective editing from that 'iOnApple' hack at NetworkWorld.
[quote]
Sorry, the premise of the question is because Android is open, it has more security issues? Respectfully, I’m not sure that’s a correct premise of the question. Open platforms historically undergo a lot of scrutiny, but there are a lot of advantages to having an open source platform from a security standpoint. I would argue that it’s the best way for a platform to be secure, because every researcher in the world can inspect it, every developer in the world can inspect it, and I think that contributes a lot to Android security.
Android was built to be very, very secure. The thing that you’re seeing is because Android is an open platform, many people can ship Android in many different ways and so there are some partners when they ship devices, they have an older version of Android. And sure you can have a security vulnerability there, but that doesn’t mean Android isn’t secure. We go to great lengths–the depth of work in Android to make it secure; the depth of work done by Google PlayGoogle Play automatically scans and verifies thousands of applications for malware. We track data on this. It’s state of the art in terms of what we do. What you see across the ecosystempeople will ship good phones and keep them updatedyou will have some phones that will not be updated. That’s where we see issues. Not Android at a fundamental level.
[/quote]
You should take it with a grain of salt though by Kartu · 2014-02-27 22:02 · Score: 1

For how long does Apple ask to confirm permissions when they are requested? Wasn't it like Apple users didn't even know what an app can and can not access?
And there goes false safety feeling. Remember the Dolphin browser "calling home" to report sites visited by the users?
1) It affected both Android and iOS
2) It was discovered by Andorid users, (and Android is indeed more open)
I don't see any serious issues with Android asking user to confirm permissions, when they are actually exercised by the app. That whole article sounds more like a unfortunate marketing message by Android chief.
1. Re:You should take it with a grain of salt though by Anubis+IV · 2014-02-28 07:24 · Score: 1
  
  Are you talking about the in-app purchases that kids were making after their parents entered the password for an initial purchase? A couple of years ago, the default behavior was that you'd be prompted for your password on your first purchase, but you wouldn't be requested to re-enter your password for 15 minutes if you made additional purchases. This effectively created a 15 minute window in which additional purchases could be made. Parents tried to claim that the OS-level modal dialog box that always popped up with the exact dollar amount being spent and a request to confirm that the user was really sure they wanted to spend that money still didn't make it clear enough that real money was being spent, and that children were abusing the 15 minute window. Apple refunded everyone involved and changed the default behavior with the next point release to always request a password, thus closing the window. It was an overblown issue for a couple of months and has been a dead issue for years now, other than the occasional parent who changes the default setting back to 15 minutes and then makes a public stink by trying to blame Apple when their bad parenting comes back to bite them.
  Otherwise, in iOS, apps that want to use various permissions (e.g. mic, camera, location, access to contacts, access to pictures, push notifications, etc.) need to request that permission from the OS, which prompts the user to provide that permission. Users are then able to manage those permissions for any app at any time from within the OS' settings. They can also disallow specific apps from using cell data, doing background updates, and a number of other things that might affect their data usage or battery life.
  As for calling home, iOS protects the data on the device (e.g. pictures, contacts, etc.) from use by apps without explicit user permission, but it does not prevent apps from sending data (e.g. a URL) that the user provides them, nor should it. To do so would be to require a prompt for any form of server contact, and it's generally not clear to the OS what a particular piece of data that originated in the app might represent. I mean, I have apps that do searches server-side, so they obviously need your search term, and other apps I have send high scores I made or the changes I made to a cloud-based file, but how is the OS supposed to know that those are valid and that sending URLs in this particular case isn't (mind you, I had to send the URL as part of a DNS lookup at some point, which is clearly valid), given that both were provided to the app directly via the user's input?
  When you get down to it, the Dolphin issue doesn't highlight a difference between iOS and Android at all, since the issue was not something that even should be addressed by the OS. And the more likely reason it was discovered on Android is because it is orders of magnitude more popular there. An iOS user could have just as easily run Wireshark to get that information, but there was little reason to do so, given that it's not nearly as popular.
  
  I don't see any serious issues with Android asking user to confirm permissions, when they are actually exercised by the app.
  Neither do I. The same is true in iOS as well, which does that too. The difference here is that Apple also does a lot more on top of that. For instance, their tight integration of hardware and software allow them to do stuff like the Secure Enclave used by TouchID, which, by most accounts, seems to be miles beyond what Samsung is be doing to secure biometric data with the Galaxy S5's fingerprint scanner. There's also the fact that all iPhones since the 3GS have included hardware-level encryption, which is only possible because they control the hardware like they do, and hasn't really been seen on Android phones to date. And the way that they've locked down the app ecosystem makes it significantly harder for malware to sneak in. Not impossible, of course, but harder, since it acts as an additional barrier to entry, though that also comes with
Yes by Anonymous Coward · 2014-02-28 23:32 · Score: 0

Any phone produced by Boeing would come pre-p0wned by the NSA. And this phone has no user serviceable parts making it impossible to determine how the NSA back doored it. So you can only use this phone if you're happy with the NSA seeing all your data.
fake oakley by cheapok · 2014-03-01 18:46 · Score: 1

fake oakley fake oakleys fake oakley sunglasses fake oakley online fake oakley sale fake oakley for sale Brand New Oakley Juliet Oakley 2014 Limited Oakley Active Oakley Asian Fit Oakley Brand New Bit Boss Oakley Crankcase Oakley Deringer Oakley Dispatch Oakley Flak Jacket Oakley Frogskins Oakley Fuel Cell Oakley Gascan Oakley Hijinx Oakley Holbrook Oakley Jawbone Oakley Lifestyle Oakley Limited Editions Oakley Photochromic Oakley Plaintiff Oakley Polarized Hijinx Oakley Pro M Frame Oakley Radar Oakley Radar Path Oakley Special Editions Oakley Star Of Oakley Womens Oakley X Squared