Slashdot Mirror
Sundar Pichai: Android Designed For Openness; Security a Lower Priority
An anonymous reader writes "Earlier this week, Google Android chief Sundar Pichai spoke at the Mobile World Congress where he explained, rather bluntly, that Android is designed to be open more so than it's designed to be safe. He also added that if he were a hacker today, he too would focus most of his efforts on Android on account of its marketshare position." Related: wiredmikey writes "Boeing is launching 'Boeing Black phone,' a self-destructing Android-based smartphone that the company says has no serviceable parts, and any attempted servicing or replacing of parts would destroy the product. 'Any attempt to break open the casing of the device would trigger functions that would delete the data and software contained within the device and make the device inoperable,' the company explained. ... The device should not be confused with the new encrypted Blackphone, developed by the U.S. secure communications firm Silent Circle with Spanish manufacturer Geeksphone."
If there's a way to put it together, there's a way to take it apart. Also, it kind of sucks to have your data wiped if your phone takes a major spill and thinks you're trying to break it open.
Blackberry prioritized security over extensibility. Where did that get them?
but I digress...
If Android was made to be open, with security as a far flung after thought, wouldn't its open nature prove it to be more secure by its availablitiy to 'more eyes'? I'm not talking about the implementation here, but the nature of its existence.
That said, and with regard to that openness, hasn't the mobile security landscape changed a little in the past few years? More threats than ever now on the mobile landscape, and I would think that openness would be a much appreciated door to combat such things. With carriers not providing Android updates to the phones they're selling, I'm a little annoyed by the fact that I can't flatly update the Andriod version without 1) rooting it, and 2) worrying that it might nuke my entire phone OS and data, even if I do. Honestly, we shouldn't be at this point with mobile devices, specifically Android. The more I use it, the more I'm wondering why there are hoops to jump through when every other device in my aresenal, is click to update. My LG, just doesn't have that ability. And while I'm more than technically adept at rooting and applying the latest release, the risk almost becomes greater to do it, than not and living with the threats of the wild.
Conclusion? Either fork Android and strip out almost everything 'Google required communication', or go to my Gentoo PC and start working on my own mobile dist. Knowing every intricacy with updating Android on my phone, for risk purposes, requires hours if not days of discovery, for a device that should do maybe a dozen different tasks at any given time. Getting a dumb phone with only text and call ability is looking more and more favorable as the days progress.
And just to mention it, I'm just not gonna shell out more than $100 for a new phone. Any phone, at any given time! Ever!
I thought that the HTC One already had that market cornered.
Then why can't I use an old phone as a usb to bluetooth adapter for my old laptop? And why can't I use an old phone as a bluetooth "audio receiver" so that I don't have to buy a $200 mono speaker in order to enjoy wireless audio from my regular phone? It seems to be a combination of software restriction and no one has made the app, but the hardware should do these things just fine, so what about Android is open? Its ability to manipulate the hardware via simple abstraction? It's opened source, but it hasn't opened my phone yet.
True to their defense contractor traditions they'll probably try to destroy it by way of a drone strike.
I'd love to see how Boeing is maintaining GPL compliance with their Android based phone. Does anyone believe they won't make any modifications to the core OS? And how much will the NSA pay for a backdoor?
Seriously, this is the kind of phone that should be in our troops hands. Basically, we need secured systems that are also weather and water proof. And if Boeing builds it with western chips, then it should be fully secured.
I prefer the "u" in honour as it seems to be missing these days.
I spent a few moments RTFA and TFS distorts it badly. What he is actually saying is that unless you lock the OS down like iOS is you will never get that level of security. In other words any open system that allows the owner to run the software they want to run can never be as secure as one that only runs software Apple wants to run.
So, take your pick, run only Apple approved code (which as we saw recently isn't immune to malware anyway) or actually own your device and take some responsibility for it. Almost all malware for Android relies on the user being an idiot, and that is what this guy is saying. With power comes responsibility and all that.
Also, you wouldn't expect that an OS with say 85% of the market would only get 85% of the malware. People gravitate towards the most popular systems, and you also have to consider that Android is much bigger in countries like China and India where they don't seem to have had as long as westerners to become get savvy to torjans or excessive permission requests. Many Chinese carriers put their own app stores on their devices too, and then fail to properly police them, and of course (trojan) pirate software is widespread.
const int one = 65536; (Silvermoon, Texture.cs)
SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
Isn't the vast majority (all?) of the malware side-loaded? That would explain the number, since you can't turn on side-loading on the i-things.
W..w..W - Willy Waterloo washes Warren Wiggins who is washing Waldo Woo.
Ok, we have Google's Android chief admit that security isn't their priority and that malware makers _should_ target their users and Slashdot tacks on a "related" article about Boeing making a destructible phone which, really, has ABSOLUTELY NOTHING TO DO WITH THE FIRST SUBMISSION.
Come on! Really?
Let's make it a bit more obvious that we're all HUGE fans of Android and don't want there to be any discussion about anything vaguely negative about the OS, why don't we. Two entirely unrelated discussions in the same thread watering down the very relevant discussion about Google's admission that security for their mobile OS isn't a priority.
Holy fucking biased much?
I'm still okay with recommending Android to non-technical users, given that most of them manage just fine on Macs and PCs that face the same primary vector for attack (i.e. the user downloading and installing a trojan).
That said, yeah, Android is really getting a disproportionate share of the malware. More recent reports peg it at 99% of all mobile malware, and Pichai is trying to brush that away as a simple factor of market share, which is rather short-sighted. iOS currently sits around a 16% market share (and falling, due to Android outpacing iOS' rate of growth), which should be more than enough to attract malware. Especially so when you consider that iOS still attracts a comparable (some would argue better) amount of third-party support from developers making apps, as well as the fact that we still get reports like these (tl;dr: this last Christmas season, iOS users accounted for 5x more online purchases than Android users and spent roughly 2x as much on each purcase), making them potentially much more lucrative targets to developers of adware and malware.
Yet, despite all of that, iOS malware rates aren't even being registered on any of the mobile malware reports I can find from the last quarter. I recall them being at something like 0.07% the quarter before that, with Blackberry even registering more malware than them.
Yeah, its so open each phone tends to have issues on boot loaders and on getting root. And yet, despite that, its more open to the malware writers than to its users.
tut tut tut.
We`re all equal
The summary provided some related news, but isn't the fact that Apple just published a white paper about the security of iOS a bit more relevant to comments from Android's chief about its security than what the summary provided?
For example, consider the contrast in how the two companies approach the topic of security:
Google's Android chief: "We can not guarantee that Android is designed to be safe, the format was designed to give more freedom."
Apple's white paper: "Apple designed the iOS platform with security at its core. [...] The tight integration of hardware and software on iOS devices ensures that each component of the system is trusted, and validates the system as a whole."
The two approaches are practically polar opposites of each other, which I find horribly fascinating. As with pretty much everything, there are tradeoffs to either side. Android enjoys a load of benefits from being more open, and Apple enjoys a load of benefits from being more closed. Pick which works best for you and appreciate the differences.
To be fair, there are issues with Android that don't have anything to do with signed code. On iOS, you can deny individual permissions (at the time they're actually exercised!) and still run an app (and modify those permissions post-install), whereas on Android it's an all or nothing sort of thing. That's more "open" but it's less "secure", and it doesn't really anything to do with app stores or code signing.
So, take your pick, run only Apple approved code (which as we saw recently isn't immune to malware anyway) or actually own your device and take some responsibility for it.
I agree, but what I am saying is that for non-technical users they simply CANNOT take a proper level of responsibility for an Android device - they are simply not able to.
"There is more worth loving than we have strength to love." - Brian Jay Stanley
That the Boeing phone will give the NSA and Law enforcement the keys to the kingdom. There is no way they made a secure phone, the US government will not allow it.
Do not look at laser with remaining good eye.
Blackberry prioritized security over extensibility.
They had a built in man in the middle attack. I would argue they NEVER prioritized security, just presented a strong illusion of it.
It would be more accurate to say, Blackberry prioritized email above everything. And look where that got them... but it is not true of the iPhone or Android.
"There is more worth loving than we have strength to love." - Brian Jay Stanley
People use those same devices when proclaiming how huge market share is - which means people still buy them. So they should be included in discussions on security.
"There is more worth loving than we have strength to love." - Brian Jay Stanley
The link you posted is a side-loading exploit, albeit one that begins with instructions when you click on an ad. You have to download the app and then sideload it.
W..w..W - Willy Waterloo washes Warren Wiggins who is washing Waldo Woo.
I don't think that was the 'open' they were talking about.
How long have the editors been bots? ...as if we haven't suspected....
The phone isn't for you
What worries me is that if this is successful, certain control-freak mobile phone, tablet, and video game hardware manufacturers are likely to point to this as a success story and attempt to make this the standard for devices sold to home users.
Access to my contact list in exchange for information on astronomy?!
That's why Android has a system-wide Back button. If you disagree with the permissions that an application requests, tap Back instead of Install, and take it up with the application's publisher.
[...] any open system that allows the owner to run the software they want to run can never be as secure as one that only runs software Apple wants to run.
So what you are saying is that none of the apps in the Apple app-store can be Turing-complete.
If Pandora's box is destined to be opened, *I* want to be the one to open it.
Can you block internet access so that apps can't download advertising? Seems like developers of free apps would not be very happy about that. I do it on Android via a firewall, but I don't have an iOS device so I'm asking.
const int one = 65536; (Silvermoon, Texture.cs)
SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
No, on iOS internet access isn't considered a permission. Off the top of my head, the ones I remember are location, microphone, camera, and contacts. Access to pre-configured social network accounts I believe requires permission as well.
I don't personally use an iOS device, but my kids just turn off WiFi when playing Temple Run. Then it can't download any ads.
Today's Sesame Street was brought to you by the number e.
Since when was security mutually exclusive with openness?
It's pretty obvious that Google has refused to give users the optional security permissions that they would like to have control of.
It's daft that you have to root your phone in order to be able to increase the security.
And just because Apple have (A) good security and (B) a crazy degree of control freakery, doesn't mean that everyone else with good security needs to be a control freak too which is some in these threads are insinuating.
Waterfox - a Firefox fork with legacy extension support, security updates and better privacy by default.
Really? Apps don't have to ask for internet access, and you can't deny it to them?
const int one = 65536; (Silvermoon, Texture.cs)
SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
... what a joke.
How hard would it be for a competitor to come forward with a marketing campaign like, "This phone won't commit suicide if it falls off the bed"?
Given that both Sony and Microsoft made a business decision to adapt Nintendo's the lockout chip business model for their set-top gaming computers, I'm guessing manufacturers of other entertainment devices would be eager to imitate one another's repair lockout measures if it thinks the measure will help them seek more rents.
If your not side loading apps your risk is very low. Stick to Play Store.
Cheap storage VM.
Instead *you* should be able to disable the camera, or disallow access to your GPS for any given app.
The developer always has the opportunity to make the activity close itself if you don't grant it the right permissions. (In fact, this is what applications do by default in modded ROMs and in Android 4.3 with App Ops because they don't catch SecurityException.) So again, the beef is between you and the developer. You could always get applications from F-Droid, where all applications are distributed under a free software license. Then you can load an application's source code into Android SDK and compile out the feature that you insist on not using.
[Weather application developers] don't need to know where I've been, but I still like to get the forecast on my phone.
If you insist on keying each location into a weather service, you don't need a dedicated application at all. All you need to do is point your web browser at weather.gov.
You don't understand how malware works, do you? It's a market. Money, the almighty buck, is the driving force of it. Not even necessarily the *user's* money either, although genuine mobile botnets are less common than on PCs.
When writing malware, why would you target the player with 25% marketshare if you could target the one with 70% instead? That's voluntarily giving up about 2/3 of your potential income. Even if it was much harder to exploit Android (which it really isn't), they would still be the preferred target, because the return on investment is so much higher.
This is the same reason malware for Windows is so valuable, and exploits for that platform are more commonly weaponized than on other platforms. Malware authors are a lot less likely to invest a bunch of development time, and then risk jail time, to try and take over the #2 platform, even though a working exploit on Windows actually costs a lot more (or is alternatively harder to find) than on OS X. Of course, most malware isn't "exploits" in any proper sense anyhow, it's just Trojans. Those work equally well on all platforms, desktop and mobile. They're still illegal though, so again, not many people are going to go for anything but the biggest potential bag of money. The risk is the same anyhow...
There's no place I could be, since I've found Serenity...
Really? Apps don't have to ask for internet access, and you can't deny it to them?
No. But iOS protects any resource that would be considered something you wouldn't want uploaded (i.e. Contacts.) iOS apps are sandboxed as well which means that an app can't access files created by another app (so it's not going to be able to upload documents or settings from another app), and an app can't download a bunch of stuff to a system directory. So you can't deny an app internet access, but unless you're worried about an app running up your data bill, there isn't much reason you'd want to as anything valuable an app could send out is protected.
If you really wanted to block individual apps or firewall, especially if you're a corporation, you could put a device under MDM management, which I believe offers some ability to firewall a device, and do other things like force a device onto a VPN where you can manage traffic. So if you have serious interest in patrolling network traffic on an iOS device you can, but it's mostly focused at IT departments.
It's the cell network carriers that force the manufactures to lock down the devices.
Fortunately, T-Mobile USA and the prepaid MVNOs have managed to pressure AT&T into offering plans priced without a hardware subsidy. When the phone is sold separately, what stops the manufacturers from selling unlocked phones in the U.S. market that work on AT&T, T-Mobile, or any of their MVNOs?
... That is an explicit requirement of Apple's approval process, just in case you've been living under a rock for the last seven or so years. Actually, the requirement is that they can't run *arbitrary* code - you're allowed to include a (Turing-complete) game emulator in an app, so long as it can only load the game(s) included with the app - in practice it's the same thing. An app that can load arbitrary ROM images would be prohibited. So would one that includes its own JS engine (this is why Chrome on iOS actually uses the performance-crippled version of Safari's engine that is all third-party apps can access) or user-accessible scripting language.
There's no place I could be, since I've found Serenity...
I had no idea it was that bad. Apps have access to personal data without permissions, things like unique device IDs and anything you enter into the app itself. They can also download advertising and collect data like how long you use the app and what you do in it. I deny most apps internet access by default unless there is a really good reason for them to have it.
const int one = 65536; (Silvermoon, Texture.cs)
SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
it's really nasty stuff like the recent Android SMS exploit where just getting an SMS can infect you.
Which one is that? I did see a recent SMS exploit but it relied on the user using the Facebook app, being presented a particular ad from Facebook's ad network, clicking on that ad and following it to a fake version of google play then downloading a malicious application and only then are they available to the SMS vulnerability. Perhaps you are thinking of another one but that's the only one I've seen recently.
I had no idea it was that bad. Apps have access to personal data without permissions, things like unique device IDs and anything you enter into the app itself. They can also download advertising and collect data like how long you use the app and what you do in it. I deny most apps internet access by default unless there is a really good reason for them to have it.
Unique device ids are not available under iOS as of... iOS 6 I think? It might have been 5.
Apple will give you a per-app-per-install id that is only valid for your app for that specific install. You can't use it to derive personal information about the device or relate to any other app installs. It's basically a one time locally generated UUID that is saved for that app. You might be able to identify people with a push id, but that requires permissions.
That gave the advertisers and analytics people fits when the changeover happened.
Yes, actually; some malicious sites used the same exploit as the jailbreak for drive-by malware installations. The hilarious thing is that the only way to defend against it (either early, before Apple released the fix, or after they dropped support for older devices so the patch was never officially available) was to jailbreak your phone and use the elevated access to patch the vulnerability yourself.
There were also exploits which targeted jailbroken iOS devices, since a number of the security defaults post-jailbreak were really stupid (SSH server running with a default password, for example).
These days target iOS with malware is pretty stupid, though; why go for under 20% of the market when you can target over 70% instead? Same risk (get your ass locked away for 10 years), much bigger payout. Malware is business, nothing more. There have been plenty of POCs of iOS malware*, but most of them don't get weaponized because the risk isn't worth the reward.
* Note: most of these POCs don't have or need root, so they aren't useful for jailbreaking.
There's no place I could be, since I've found Serenity...
Depends how we define "in the wild". There was a proof-of-concept app released that took advantage of a current exploit in iOS. It was reported here on Slashdot just two days ago. There was also the ability to wirelessly jailbreak iOS devices at one point in time by simply visiting a specially-crafted web page, which could open up all sorts of other attacks, though the hole that allowed that has since been patched. Even so, tens of thousands of users jailbroke their devices that way before it was patched, and it's likely that someone else could have deployed it as a drive-by jailbreak before it was patched.
You forget access to mobile date (over the phone network). So Internet access over wi-fi isn't considered a permission, but Internet access over cellular is.
You don't understand how malware works, do you? It's a market. Money, the almighty buck, is the driving force of it.
Then you would ABSOLUTELY target iOS preferentially.
"There is more worth loving than we have strength to love." - Brian Jay Stanley
Here's what Sundar Pichai actually said minus the selective editing from that 'iOnApple' hack at NetworkWorld.
[quote]
Sorry, the premise of the question is because Android is open, it has more security issues? Respectfully, I’m not sure that’s a correct premise of the question. Open platforms historically undergo a lot of scrutiny, but there are a lot of advantages to having an open source platform from a security standpoint. I would argue that it’s the best way for a platform to be secure, because every researcher in the world can inspect it, every developer in the world can inspect it, and I think that contributes a lot to Android security.
Android was built to be very, very secure. The thing that you’re seeing is because Android is an open platform, many people can ship Android in many different ways and so there are some partners when they ship devices, they have an older version of Android. And sure you can have a security vulnerability there, but that doesn’t mean Android isn’t secure. We go to great lengths–the depth of work in Android to make it secure; the depth of work done by Google PlayGoogle Play automatically scans and verifies thousands of applications for malware. We track data on this. It’s state of the art in terms of what we do. What you see across the ecosystempeople will ship good phones and keep them updatedyou will have some phones that will not be updated. That’s where we see issues. Not Android at a fundamental level.
[/quote]
For how long does Apple ask to confirm permissions when they are requested? Wasn't it like Apple users didn't even know what an app can and can not access?
And there goes false safety feeling. Remember the Dolphin browser "calling home" to report sites visited by the users?
1) It affected both Android and iOS
2) It was discovered by Andorid users, (and Android is indeed more open)
I don't see any serious issues with Android asking user to confirm permissions, when they are actually exercised by the app. That whole article sounds more like a unfortunate marketing message by Android chief.
That's still a unique device ID, just unique per app. The developer can use it to see what you personally have done with the app by transmitting usage data stamped with this ID.
const int one = 65536; (Silvermoon, Texture.cs)
SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
Any app can do that on any device. If you don't want software on a mobile device to have access to the 'net, don't install it. It's not an inherent insecurity to have network access.
(On iOS 7, you can disable access over cellular on a per-app basis to cut down your data usage.)
On Android internet access is a permission apps have to ask for. If you root your device you can block apps with the permission anyway, or simply choose not to install them.
At least by making it a permission you can tell before hand if the app is going to access the internet. It seems that on iOS there is no way to know, short of packet-sniffing your wifi and doing a lot of detective work.
const int one = 65536; (Silvermoon, Texture.cs)
SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
fake oakley fake oakleys fake oakley sunglasses fake oakley online fake oakley sale fake oakley for sale Brand New Oakley Juliet Oakley 2014 Limited Oakley Active Oakley Asian Fit Oakley Brand New Bit Boss Oakley Crankcase Oakley Deringer Oakley Dispatch Oakley Flak Jacket Oakley Frogskins Oakley Fuel Cell Oakley Gascan Oakley Hijinx Oakley Holbrook Oakley Jawbone Oakley Lifestyle Oakley Limited Editions Oakley Photochromic Oakley Plaintiff Oakley Polarized Hijinx Oakley Pro M Frame Oakley Radar Oakley Radar Path Oakley Special Editions Oakley Star Of Oakley Womens Oakley X Squared
Ooohhhh, look who knows so much...
How do you know what industry I'm in, or what phone they'll want me to carry?
Non - technical users are only using Google Play, maybe Amazon, for their Android software. Of that malware, only 0.3% of it was ever on the Play Store, and in all cases quickly removed.
Freedom is risk. With Android, you are free to stay safe, or choose more freedom in return for less safety. IOS and the others only offer safety, including safety from yourself and safety from their perceived software competitors. Maybe that's ok for some people.
-Dave Haynie