Slashdot Mirror
Report: 99 Percent of New Mobile Threats Target Android
MojoKid writes: "Google's open source Android platform has the distinction of being the most popular mobile operating system in the world. That's great in terms of dominating the market and reaping the rewards that come with it, but it's also for that very reason that Android finds itself the target of virtually every new mobile malware threat that emerges. According to data published in F-Secure's latest Mobile Threat Report (PDF), over 99 percent of the new mobile threats it discovered in the first quarter of 2014 targeted Android users. To be fair, we're not taking about hundreds of thousands, tens of thousands, or thousands of malware threats — F-Secure detected 277 new threat families, of which 275 honed in on Android."
When Apple gets the market share that Android has, you'll see that Apple gets as many attacks as Android does.
Android is the only platform on which it is flexible enough to allow for any sort of mobile malware.
This speaks to restrictions of other application types have too.
But even with this taken into consideration, the amount of Android devices infected with mobile malware? Still next to none.
Article is essentially just flamebait.
It isn't incredibly hard to make an OS that:
During a special system boot: You can only install drivers and bootable items.
During a security boot: You can only install software to its own directory, and it can't interact with other software or system files.
There, you can't get a virus. Its up to the OS designer to decide how to share things securely. There are lots of options which can be secure to do that, and isn't worth talking about securing the very system.
It is beyond me why we have modern OSes which aren't 100% virus secure during a security boot... Especially when we're talking about Aps, something people assume should be running in a sandbox mode.
God spoke to me
It turns the red 'X' into a green check mark.
It isn't incredibly hard to make an OS that...
If it was easy, we wouldn't have so many viruses.
Deal with reality - the world as it is - rather than ideality - the world as you would like it to be.
Not even close.
Try 78% and 15%, in favor of Android.
http://www.engadget.com/2014/0...
Although everyone seems to rejoice at Blackberry's troubles their new Z/Q phones are not only the most secure on the market they are also a pleasure to use. I've had an android and used iPhone's before and they do not compare. The ease of multi-tasking, the Hub, and the generally reliable performance are a pleasure. With the latest BB OS they also run Android apps with ease. It's not 100% compatibility but I've gotten Google Navigate and others installed with one click.
There, you can't get a virus
Unless it finds a way to disguise itself as a driver or bootable item and interact with other files (which is what malware does).
This is probably worse for iOS than being insecure.
Their marketshare has fallen so far it's not worth targeting them any more.
Mod me down, my New Earth Global Warmingist friends!
Or a font.
Everyone always forgets that virus can travel in fonts too.
Android doesn't. Yes, there have been a few.
But the malware being talked about has to be installed by the user. And they are Trojan applications.
Security flaws weren't what made Windows the prime target for attacks. It was market share. So it makes sense that Android is being targeted, it has the market share (phones and tablets).
Therefore, this should come as no surprise.
All software has security flaws (bypassing software you have hardware vectors as well).
Most any app could be malicious based upon the OS features it requests access to.
Apples iOS ecosystem seems pretty secure, a big part of that is app review/rejection.
BlameBillCosby.com
fwiw, the NSA has owned all platforms, so it's not like iOS is invincible.
I strongly suspect that it has less to do with any flaws in either OS, than it does in the fact that iPhones get regular updates/patches/etc, whereas the vast majority of Android phones do not.
This is the one thing that Apple really should get props for - they go out of their way to ensure that, within reason, older iPhones get patched/updated along with the newest ones. Meanwhile, all but a relatively tiny fraction of (global) Android users buy models where neither carrier or manufacturer really give a damn if the phones they sell ever see a patch. I mean, seriously - the cheap/low-end Android phones can still be found coming out brand new with 2.2/2.3 installed on the damned things.
Until that paradigm changes, the massive majority of malware and hacks will target the obviously juicy (and mostly obsolete and/or unpatched) Android market.
Quo usque tandem abutere, Nimbus, patientia nostra?
what about regular boots that aren't special system boots or security boots. and what about privelage escalation where a virus gets access to do a special system boot?
This is probably worse for iOS than being insecure.
Their marketshare has fallen so far it's not worth targeting them any more.
Speaking as an iOS user, I'm perfectly fine with you Android users getting all of the malware love. No really... you can keep all of it... I don't want any!
It ain't inherent security so much as it is inherent refusal to patch on the part of manufacturers and carriers.
It would be like putting up a Redhat 9.1 box with all default settings, giving it a public IP addy, and plugging it in directly to the Internet - sure it was very secure for its time, but unpatched and obsolete, it'll become just another victim.
Until manufacturers and carriers realize this (and stop thinking strictly like a damned CE company), this will continue to be the state of things.
Quo usque tandem abutere, Nimbus, patientia nostra?
Even if it's not a virus it can be malware anyway.
Comic Sans, anyone?
Get free satoshi (Bitcoin) and Dogecoins
A lot of the malware exists because people can sideload apps. I would rather continue being able to sideload apps that I developed myself rather than pay Apple for the privilege of running my own code on my own device.
That's great in terms of dominating the market and reaping the rewards that come with it,
Hmm, I guess you've not seen the $ that Androids competitors bring in directly and for their developers.
All boots are security boots unless the user is changing start up programers or changing viruses. In System boot, the user knows that is his only place he can get a virus.
God spoke to me
Its much easier to not even try at all. Remember Windows was written before the Internet was easily accessible by the public. Why do an expensive rewrite of an OS, when you can just sell your customers computers a sneeze away from getting a virus. Hey maybe even some of them are dumb enough to buy new computers and windows products when their last one gets slow.
God spoke to me
the cheap/low-end Android phones can still be found coming out brand new with 2.2/2.3 installed on the damned things
BS
Microsoft has been caught executing code in fonts before, so what you intended to be a joke isn't one. Where I work, we think this issue: https://technet.microsoft.com/... is what shutdown our Windows servers last fall the day after we installed a font we used when generating PDF files. Fortunately, the virus writers were incompetent and crashed Windows, or we probably would have never found the exploit. All of the servers handled credit card transactions and one did ACH transactions so the problem could have put my employer out of business.
I would rather continue being able to sideload apps that I developed myself rather than pay Apple for the privilege of running my own code on my own device.
Personally I'm not that fussed about it, I can either jailbreak my device or shell out $99 (which includes the ability to publish and share my software with others) if I really want to do that. Either way it's no big deal.
Malware for Android is no different from malware for Windows or for OS X, the bulk of it is due to being able to run any code you want (where unless you wrote it you probably don't know what it does) and most people will just click through warnings about unsigned code, virtually none will ever vet any code ever. If you take the precautions to only run binaries from reputable sources or to compile from source yourself (nobody does that outside of a few geeks) from a reputable repo then you should be ok...but then again the heartbleed bug shows that isn't the case all the time either.
The flip side of that is that on iOS you place all your trust in Apple to make sure that they vet code properly, by and large they do a pretty good job of that but that isn't to say they couldn't have a major slipup (in the style of goto-fail) in the future. With the freedom to run any code comes the responsibility to vet that code (whether that is the source - as in where it came from - of the binary or the sourcecode itself) and most users are not up to that challenge or just cannot be bothered and so malware persists.
The statistics disagree: http://www.maclife.com/article...
-]Phreak Out[-
A lot of the malware exists because people can sideload apps. I would rather continue being able to pirate apps than pay for them.
Fixed that for you, and the vast majority of Slashdotters.
Then again, I consider myself part of the "white noise". I don't surf for kiddie-porn, don't download (excessively large) amounts of copyrighted video and audio content, and I already know how to manufacture explosives (thus not needing an updated version of The Anarchist's Cookbook). I'm actually a law-abiding US citizen - but I'm perfectly happy to function as white noise for those who believe (quite correctly) that governments everywhere should be kept on their toes - and allowed or even hastened to fall if they fail in this requirement.
He's probably one of those Apple fanboys who only compares iOS marketshare in the US in the quarter a new iPhone model comes out.
During a special system boot: You can only install drivers and bootable items.
During a security boot: You can only install software to its own directory, and it can't interact with other software or system files.
There, you can't get a virus.
Sure, now just don't have any errors in any of your user space code, or don't allow multiple programs to share code (all static links) -- Every program will need its own image decoding software, no two programs will interact, so the camera app won't be able to pass off an image to the QR code app which passes the data to your browser or price checking, or etc. apps, etc. So long as you keep the bits of each program in 100% (virtualized) isolation from each other, and NEVER allow outside data in to exploit them then you'll be ALMOST protected against getting viruses.
One the problems I ran into when porting my OS to ARM is that ARM only gives you a single bit of execution permission level. That means monolithic kernel only, which is just stupid. Only having user-space or kernel space means no driver-space between kernel or users, and no agent-space for plugins below user space. x86 gives me 2 bits (4 execution permission ring levels), in addition to hypervisory mode, which is essentially another bit of execution ring level. So, you have either trusted or untrusted code running in the OS, but that's daft. With at least one more layer between root and code you download and run in your browser, you could actually have hardware supported sandboxing.
Fast, Cheap, Convenient, or Secure. Pick Only Two.
The monolithic kernel design isn't designed for security, it's just the quickest and dirtiest design (read: dumbest). Compare this with 16bit DOSes unified memory space where any program can fuck with any other part of memory... Any kernel module can screw with any other part of the kernel, same problem different level. Since everyone's using the dumb monolithic kernel design the (ARM, PowerPC, MIPS, etc) hardware vendors do not give us the required additional security features in hardware (see: ARM's User Mode, Supervisor Mode [, and interrupt modes, but that's not where the bulk of your OS code is]). Restricted memory access does a lot to isolate processes, but the fact is that the way we are using software and OSs is not in line with the current hardware capabilities (which are lacking in some areas, and under utilized in others, e.g., hypervisor).
Contrary to popular belief software and hardware are inexorably linked. Features in hardware (or lack thereof) can enable, promote, prevent, or suppress certain types of program constructs, primarily those to do with security. I do not JIT compile JS into machine code and execute it in user space, that would be daft, but there you are.
Android devices do get regular updates direct from Google via Play, including security fixes. However, since Play is not available in some countries, notably China, those users are reliant on their provider (usually the mobile network operator).
So your statement that the "vast majority" don't get updates is simply wrong, particularly for people in the west and Japan/Korea, but applicable to China. Even so most malware does not rely on security flaws, it simply entices the user to install it (trojan).
As for iOS updates, while technically true that older devices like the iPhone 4 and iPad 2 get them a lot of people find that the loss of performance is crippling so choose not to upgrade. At work all company iPhone 4s are still on iOS 6 because of the poor performance of v7 and some compatibility issues (sorry I don't have details).
const int one = 65536; (Silvermoon, Texture.cs)
SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
Android has just over 50% of the US marketshare, hardly "fallen so far".
SJWs are the new boogeyman. -Me
the cheap/low-end Android phones can still be found coming out brand new with 2.2/2.3 installed on the damned things
BS
I was surprised, but you're right: when I looked at the pre-paid devices offered by several mobile providers, I didn't find any that were being sold with a pre-4.x OS version. It is no doubt still possible to buy old Android phones with old Android versions, but even cheap devices by Huawei and ZTE are now coming out with Android 4.x
Unfortunately, because manufacturers often provide very poor ongoing support for devices, a large number of devices already in the market will never be updated. In that way, I agree with the parent's parent: Apple can get props (relative to many Android device manufacturers) for providing relatively long term OS/security updates.
I install things willy nilly all the time on 5 different phones. Dozens and dozens of apps get installed and de installed regularly. I have used 10 top rated different AV scanners at various times and NONE of them have ever picked up anything.
> This is probably worse for iOS than being insecure.
> Their marketshare has fallen so far...
Ha. Apple won't care until this graph takes a sharp downward turn. They could probably drop to 10% market share and still make the most money in the industry.
Dear Slashdot: next time you want to mess with the site, add a rich-text editor for comments.
Apple is doomed.
In other news, you're an idiot.
Malware for Android is no different from malware for Windows or for OS X, the bulk of it is due to being able to run any code you want (where unless you wrote it you probably don't know what it does) and most people will just click through warnings about unsigned code, virtually none will ever vet any code ever.
Absolutely 100% incorrect. I don't think you understand android that well. Android will refuse to run unsigned apps - they MUST have a signature, though there is no certificate authority they have to go through. But, apps with differing signatures can't interfere with one another. This means that malware app A can't steal or inject information into facebook app B. However facebook app C can manipulate facebook app B if that's what the publisher who holds the keys wants it to do. You are free to alter these rules on your own if you'd like, either through rooting or putting your own signature on both APKs. Neither involves a simple warning that you have to click through; it's a rather manual process. This results in Android being inherently very secure by design.
The flip side of that is that on iOS you place all your trust in Apple to make sure that they vet code properly, by and large they do a pretty good job of that but that isn't to say they couldn't have a major slipup (in the style of goto-fail) in the future.
Wrong again; Apple already has made a major slipup. In fact they've made a few of them, the most recent being this one:
http://www.theguardian.com/tec...
And of course, that is only what's known. Apple users assume that everything they do is 100% secure once vetted by Apple, but they couldn't be more wrong. iOS has a "city wall" but no guards to maintain order inside of the gates. Anybody with any security background will tell you why this is a horrible idea, as opposed to a layered security model, which is what Android sticks to.
Generally if you live in a first world country, malware on Android isn't a problem in the slightest. Most first worlders don't sideload apps, except for pirates, power users, and developers. In third world countries, especially China, piracy is often the first choice for obtaining software rather than getting it through app stores. It's in these countries where the malware is common.
US users who buy antivirus software for Android are flat out wasting their money. Malware found on the Play store is removed from your device by play services when it is identified; so just by that alone you already have all of the malware protection you need. The only people who really need that are the ones who pirate their apps (and you can pirate safely, but it's inherently less safe to do so because you can't validate the original publisher's signature) however chances are if you already pirate your apps, you probably aren't terribly interested in paying for an antivirus app to begin with.
Nonetheless, what I said above won't stop companies like F-Secure from giving sensationalist figures like "99% of malware is aimed at android," because their product can't sell unless they're somehow able to scare their users into buying it. The same is true of ID theft services such as lifelock that don't actually do anything as well as ripoff home security services like ADT and Brinks.
The issue is further confused by the mobile ecosystem itself. In a lot of cases, whether an app is "trojan malware" or "legitimately ad-supported product" has become a question of destination rather than behavior: the former will send your phone number, email addresses and/or contact list to some strange server in the far east, the latter will send them to AdMob et al... both major platforms have the same philosophy, it's not an Android/iOS fanboy issue.
Android devices do get regular updates direct from Google via Play, including security fixes.
But are those updates limited to Google Play Services or can they patch kernel and driver vulnerabilities or say the bluetooth, input or usb packages for example?
Android will refuse to run unsigned apps - they MUST have a signature, though there is no certificate authority they have to go through.
Right well "signed by anybody" isn't that much different from a code safety perspective than unsigned code, you still have to trust who it is signed by and while they might not be able to modify existing apps we can see that from the malware examples on Android (even though I don't believe that many are particularly widely circulated) that this doesn't make much of a difference in terms of their ability to be malicious.
But, apps with differing signatures can't interfere with one another.
The protections in modern Windows and OS X offer the same thing unless you start running things as administrator, and if you have root access on any system you get pretty much free reign to do whatever you want anyway.
Wrong again; Apple already has made a major slipup.
The one you refer to was a research project, it's hardly a "major slipup" (I'm sure platform fanboys would like it portrayed that way but I don't have a religious devotion to any technology platform), in fact it had exactly zero impact on anybody, period.
And of course, that is only what's known. Apple users assume that everything they do is 100% secure once vetted by Apple, but they couldn't be more wrong.
No i don't think that's true at all, I guess I'm an Apple user (amongst Windows, Android and Gentoo) and I pointed out that whilst they are very good they are not perfect, which is the same as Google with the Play Store.
Generally if you live in a first world country, malware on Android isn't a problem in the slightest.
Obviously if you restrict yourself to the Google Play store it is very much the same thing as using an iOS device which is restricted to the Apple App Store. But that negates the biggest advantage of Android.
Neither is inherently more secure, it comes down to flexibility and if you provide the freedom to do whatever the user wants and they take it then - just like on desktop systems - the user needs to take on additional responsibility, which they usually aren't capable of or willing to do. You will only get more safety for the userbase if they take on that responsibility and act on it or you restrict them. The nice thing is we - as users - have the choice :)
Android has just over 50% of the US marketshare, hardly "fallen so far".
I suppose that 60% counts as "just over 50%" if you hold your tongue right.
href=http://www.androidauthority.com/android-up-8-us-market-374932/
When all you have is a hammer, every problem starts to look like a thumb.
Strictly speaking, you forgot that it's $99 per year
Yes that's true.
and you forgot the cost of the mac you need to build the app.
I already had one.
You can build an android app on nearly any platform.
So of course you need to have a PC of some sort, if you want to run arbitrary code and you already have a PC but it isn't a Mac and you don't want to buy a Mac and don't know somebody that could build the binary for you on their Mac then obviously buy an Android device, the options are all there. I'm not advocating for one over the other but clearly if the cost is too much for you then by all means go for Android.
If all you want to do is tinker with android, the cost is zero - the one-time fee only applies when you want to publish the app.
This is all nice in theory but if it were actually a legitimate issue then I would think we should see a LOT of innovation on Android relative to iOS simply because of the supposed hurdles to develop for iOS. Assuming this cost is such a significant barrier to entry we should be seeing some negative effect, where is it?
I often see this barrier to entry issue paraded as a disadvantage of iOS so it should be seen as an advantage to Android but are the benefits actually anything more than theoretical?
> This is probably worse for iOS than being insecure.
> Their marketshare has fallen so far...
Ha. Apple won't care until this graph takes a sharp downward turn.
The '12 drop looks pretty sharp to me, and flat since then.
They could probably drop to 10% market share and still make the most money in the industry.
How, by selling products for ten times the going price? Seems like a recipe for 0% market share to me.
When all you have is a hammer, every problem starts to look like a thumb.
By that argument all computing devices should be locked down and not allowed to be general purpose.
So what you are saying is that NO platforms should exist that are locked down, so that non-technical users can be fucked every day all so that you can more easily install animated wallpaper.
Why is not NOT OK to have a real choice, where people can choose a more open Android or a platform that ships with defaults that are vastly better for 98% of people that will own mobile devices?
"There is more worth loving than we have strength to love." - Brian Jay Stanley
> This is probably worse for iOS than being insecure. > Their marketshare has fallen so far...
Ha. Apple won't care until this graph takes a sharp downward turn.
The '12 drop looks pretty sharp to me, and flat since then.
They could probably drop to 10% market share and still make the most money in the industry.
How, by selling products for ten times the going price? Seems like a recipe for 0% market share to me.
Nice theory - so why isn't their market share 0% yet? And frankly: making negative profit (as all Android makers but Samsung do) seems to be a much better recipe for 0% market share.
Of course news about a fake are Fake News.
This is the key point in this discussion, as it reveals the FUD from TFA. Note that TFA says "99 Percent of New Mobile Threats Target Android", but does not disclose the number of devices infected.
Right, I would be surprised if the percentage of Android devices infected is much different to the number of iOS devices infected, a little higher given the ability to install apps outside the official channel but probably not by much.
> The '12 drop looks pretty sharp to me, and flat since then.
Tip: READ THE NUMBERS. That "drop" was from about 70% to about 62%. It's not like they went from 90 to 10. And as you said, it then leveled out. As in, did not continue to fall.
>> They could probably drop to 10% market share
>> and still make the most money in the industry.
> How, by selling products for ten times the going price?
No -- by letting everyone else win the race to the bottom. If you look into the data behind the graph, you'll see that the percentages of Samsung plus Apple total over 100% because other players in the industry are losing money. Apple won't sell products at a loss.
Dear Slashdot: next time you want to mess with the site, add a rich-text editor for comments.
I use Windows Phone and get 0% malware. The 1% goes to IOS.
Windows is indeed getting better. ;)
Live your life each day as if it was your last.
Well I can share this with you: I look forward to the day that that Apple has 10% share and failing to match its competitors' prices is an efficient way to get there. I hope they keep it up.
When all you have is a hammer, every problem starts to look like a thumb.
For every 1 iPhone, there are 6 android phones. That is all the further you need to read into what this article is seeming to imply.
Its up to the OS designer to decide how to share things securely. There are lots of options which can be secure to do that
Could you explain how that's done? Because as far as I can tell, Android already runs in "security boot" mode where each publisher's apps run in a separate user account and can share data only through the Intent mechanism.
BS
O RLY?
LG Optimus Black /Video Recorder w/2MP Front-Facing Camera
ANDROID 2.3
4" Touch Screen
Virtual QWERTY Keyboard
5 MP Camera
3G/Wi-Fi® Connectivity
[...] "
That took all of five seconds of looking, there's a lot more in there, and I didn't even touch Cricket, TracFone, Straight Talk, Virgin Prepaid, Boost...
Quo usque tandem abutere, Nimbus, patientia nostra?
Is there an application for iOS comparable to WiFi-Where for Android? I haven't been able to find one since all the Wi-Fi utilities were pulled from the App Store when Apple decided to keep its network configuration API private.
How presumptuous of you to assume that cheesybagel is not a hobbyist developer, even if "the vast majority of Slashdotters" are not.
Obviously if you restrict yourself to the Google Play store it is very much the same thing as using an iOS device which is restricted to the Apple App Store. But that negates the biggest advantage of Android.
Say you restrict yourself to Google Play Store, Amazon Appstore, Humble Bundle, F-Droid, and applications you compiled yourself. Is the advantage still negated? In my opinion, the advantage of Android's "Unknown sources" and "adb install" model is 1. compiling apps yourself without having to replace your desktop computer and pay a recurrring fee, and 2. ability of third-party app stores to build a reputation for quality control.
So of course you need to have a PC of some sort
The only PC you need for AIDE is an Android tablet; pair your keyboard and start coding. There's no way Apple will port a subset of Xcode to iPad in the foreseeable future.
Application developers care about installed base, and the biggest part of the rate of change in installed base is "Share of units".
Say you restrict yourself to Google Play Store, Amazon Appstore, Humble Bundle, F-Droid, and applications you compiled yourself. Is the advantage still negated?
I question the value of that advantage, are many people really doing that or is it a select few geeks? Humble Bundle is available on Google Play, F-Droid is explicitly FOSS (and the source inspection process doesn't seem particularly rigorous, more like a verify yourself type approach, so a very small niche) and obviously applications you compiled yourself is a very small niche.
1. compiling apps yourself without having to replace your desktop computer and pay a recurrring fee
Again, you bring cost into it. If cost truly were legitimate barrier to entry then I would suspect would be seeing significantly more, innovative and higher quality applications on Android than other more restrictive platforms but that doesn't seem to be the case.
2. ability of third-party app stores to build a reputation for quality control.
Again, nice in theory but not converted to a widely-used advantage in practice.
If these elements are indeed significantly advantageous we should see innovation in application development on Android far surpassing that of iOS but that doesn't appear to be the case. There's nothing particularly ground-breaking separating them.
Right well "signed by anybody" isn't that much different from a code safety perspective than unsigned code, you still have to trust who it is signed by and while they might not be able to modify existing apps we can see that from the malware examples on Android (even though I don't believe that many are particularly widely circulated) that this doesn't make much of a difference in terms of their ability to be malicious.
It very much does, actually. Your phone stores a keyring of known publishers for your apps. If you try to patch an app that has a different certificate, you'll be made well aware that something is off.
The one you refer to was a research project, it's hardly a "major slipup" (I'm sure platform fanboys would like it portrayed that way but I don't have a religious devotion to any technology platform), in fact it had exactly zero impact on anybody, period.
How about this one then:
http://www.wired.com/2012/07/f...
Of course, the iOS one was found only after the Android app of the same name was discovered. Nobody would have checked otherwise and it would have still been in the wild by now. And that wasn't the first either:
http://nakedsecurity.sophos.co...
In fact in all three of these incidents, Apple never discovered any of them. If there is any other real malware in the wild, the authors aren't going to tell Apple about it first of all, and second of all, no independent security researchers outside of Apple are allowed to vet them (except for jailbroken users.) Unless the malware author makes a major screwup like creating an Android malware app of the same name, (or making it blatantly obvious to the end user) it'll never be found.
No i don't think that's true at all, I guess I'm an Apple user (amongst Windows, Android and Gentoo) and I pointed out that whilst they are very good they are not perfect, which is the same as Google with the Play Store.
If you don't think apple users commonly go around spouting that "Macs don't get viruses," then I've got a bridge to sell you. Fuck, Apple even had a commercial effectively making a similar claim.
Obviously if you restrict yourself to the Google Play store it is very much the same thing as using an iOS device which is restricted to the Apple App Store. But that negates the biggest advantage of Android.
That's just the thing: You don't HAVE to do so. For most users, it's a pretty good idea, and they do exactly that. However for people like me, I'll get apps such as adfree, or like how I patched the Kindle app myself to show ebook PIDs so I could dedrm my own kindle ebooks. Try that on an ipad. In fact I'll answer for you because I already own one: It can't be done.
Neither is inherently more secure, it comes down to flexibility and if you provide the freedom to do whatever the user wants and they take it then - just like on desktop systems - the user needs to take on additional responsibility, which they usually aren't capable of or willing to do.
Other than sticking to the play store, right? On the contrary, there really is no good standard app source on Windows or OSX unless you want a good selection of mostly crappy ones.
F-Droid is explicitly FOSS (and the source inspection process doesn't seem particularly rigorous, more like a verify yourself type approach, so a very small niche)
I must not be understanding something. How are apps under a free software license necessarily "a very small niche"?
Humble Bundle is available on Google Play
I don't see how they get away with that given the non-compete (section 4.5) but whatever.
If cost truly were legitimate barrier to entry
Cost isn't much of a barrier to entry to established firms in the most developed countries because the tools and license for one year cost less than a week's salary for a programmer in a developed country. But it is a barrier for students, part-time developers, and developers in less developed countries that have a lower overall wage level. It causes there to be a smaller proportion of $0 apps on iOS because developers feel they have to recover the cost of entry. (That and Google's early failure to deploy Wallet quickly enough.)
Shelling out another $100 just to be able to install apps without going though the app store is one of the most fucked up things ever. You realize you don't really own any iDevice right? Why should I pay a few hundred bucks for a phone then need to get daddy Jobs OK to install something on it?
Me: It's mine, I bought it now let me put anything I want on it. I don't care if you throw a few warnings in my face before install just let me do what I want with it.
Apple: Sorry, we can't let you.
And isn't the 1 time fee to Google like $25?
99% of malware targeted Android. Neat, but it doesn't really mean anything.
What percentage of mobile malware infections did Android account for? What is the infection rate for those devices? How serious have most breaches been? These are all more meaningful security metrics than "number of times targeted". In particular the rate is extremely telling: if there are, say, 100 infections per 100,000 for Android, and 85 per 100,000 for iOS, that is certainly troubling for Android, but hardly damning.
Try not to take me more seriously than I take myself.
Info from GSMArena -
LG Optimus Black P970
Announced 2011, January
Status Available. Released 2011, May
You're talking about a 3 year old phone that retailers are still trying to clear old stock of.
:. Ultimate Control Dedicated/VM Servers
This "99%" statistic for Android comes up every now and then, and what makes up for most of it, is the hazy third-party app repositories. If you stay in the selection of Google Play, you will mostly have your ass covered.
Android is as secure as an umbrella made of lace blocks the rain.
This is my umbrella you insensitive clod
They can patch drivers and services, or mitigate the problems.
const int one = 65536; (Silvermoon, Texture.cs)
SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
So that means about 3 new malware samples came from the official store based on their sample. Also keep in mind that the android situation was sampled by their anti malware app which is installed on the phone while the IOS thread was discovered by an external security analyser and submitted to them so there is a certain skew based on methods/platform spread that should be factored in when looking at the numbers.
Probably more to do with how they define malware.
Really has there been any actual malware on either platform which actually exploits some security flaw? I mean we know there are the occasional security flaws, but has any malware actually targeted the flaw?
So far all the "malware" I've seen has identified itself, typically by installing some dodgy copy of some software from a 3rd party store, or sideloading a dodgy copy, and then blindly clicking accept instead of wondering why your copy of Angry Birds requests access to send SMSes.
And its one of the only attack vectors because you turn off a significant portion of security in order to side load.
Side load, and re-enable your app loading security back to play store only to significantly improve security on your device.
The other way is to root it and install a adblocking hosts file. a LOT of the crap is coming as ad payloads.
Do not look at laser with remaining good eye.
Please tell me what apps you sideload that are must haves that you cant get on the play store. because everyone I know that is huge fans of side-loading are simply pirates that are too cheap to actually pay for their software. I would love to find this source of apps that are must have but not available on the play store.
I have yet to find a software repository of legitimate and great apps for side loading. the only time I use it is for my own junk I compile for dinking around with arduinos.
Do not look at laser with remaining good eye.
I agree with you on the fact that "all but tiny fraction of Android users buy models where neither carrier or manufacturer really GIVE A DAMN..."
I have an older Huawei Android model I bud borrowed to me indefinitely, and that thing, apart from running 2.x, never gets the important updates because neither Huawei nor Google care. There is no way for me to patch anything on this brick unless sanctioned by either Google or Huawei, or unless I get my hands dirty, which I don't have time for in this case.
This is Windows era all over again. Apple does it right, it's not perfect, but its a solution.
Take into account all the multitude of customization pretty much every phone vendor does with Android, and you can be sure there are exploits targetting it. It's a rats nest of open holes. But, that's what you get for slapping together an "open" platform BEHIND a closed platform. I mean, does any of you have the might to actually patch the source code for your phone AND upload it to your phone to take effect? The cake is a lie.
Shiny new Android 4.x on brand new fancy models from top of the line manufacturers like Samsung are being waved in front of you with all their gimmicks and toy features and you all but forget the apparently important things immediately, while 99% of Android users run software no professional in the right mind would consider remotely secure. Or you just don't care, which makes the point moot, IMHO.
Please tell me what apps you sideload that are must haves that you cant get on the play store. because everyone I know that is huge fans of side-loading are simply pirates that are too cheap to actually pay for their software. I would love to find this source of apps that are must have but not available on the play store.
I have yet to find a software repository of legitimate and great apps for side loading. the only time I use it is for my own junk I compile for dinking around with arduinos.
Well, first, as you answered yourself, "my own junk I compile" is enough for me, and the reason I switched from iOS to Android. Beyond that, in my limited experience, there's an excellent SNES emulator (Snes9x EX+) which, when I first got it, was available directly from the developer but not on the Play Store. (He's since been able to get it into the play store, so that is not longer a great example. Other than the fact that iOS won't allow you to use emulators at all). Those may be minor examples, but they're just the ones I could think of based on my own anecdotal use.
Wouldn't you be much better off running that on a desktop OS?
If I'm contributing to a collaborative database of hotspots, it's far more convenient to log seen SSIDs and their locations with a 4" device than with a 11-17" device. I can put the former in my pocket and hop on my bike; I'd have to secure the latter to the rear rack somehow.
If you're maintaining someone else's Wi-Fi network, why don't you bring your laptop with you?
Why should it require a laptop? That would mean someone who gets called to help troubleshoot the wireless network of a friend or relative relative in town would have to 1. buy a laptop if he doesn't already own one, and 2. carry it there.
Nope, not it at all. Also misleading title really.
iPhone has a walled garden. Unless you jail break you *cannot* install anything from outside of that.
Android is not. If you only install from "accepted" sources such as say "Google Play" or "Samsung" for example, you are no more exposed than the iPhone.
*However: Android does allow the user the flexibility to install from other (see any) sources as they see fit. In order to do so, they have to disable a default feature that prevents them from doings so, which then displays a warning message that basically says "we advise strongly against this, and you do so at your own risk, do you really want to do this?".
So anyone that gets owned by a virus in this manner has no one to blame but themselves. So it may be factually correct that 99% of viruses are made for the Android OS, it is likely they are only banking on the stupidity of users to actively enable themselves to become infected. Apple just assumes all their users are stupid (probably for good reason) and just doesn't allow for any of that. Personally I like having the flexibility. I have only done it once, it then only from a reputable company (Adobe) to try an old version of Flash that was no longer officially supported. I am comfortable assessing and assuming risk. If you are not, then simply do not do it... or by an iPhone.
An average Android app makes 5 times less money per download than an iOS app.
I can think of two possibilities for why Android apps are more likely to be $0. One was an expectation of free apps arising from early attempts to reach Android Market (now Google Play Store) users in countries where Google had not yet deployed Checkout (now Wallet). Another is that perhaps fewer small-time Android developers feel the need to recoup the minuscule costs of starting out with Android development, compared to iOS which costs $650 (if your primary computer happens to be something other than a Mac) plus $99 per year. True, this cost is a rounding error to a full-time developer at an established company, but it isn't to a hobbyist.
Money per download isn't the whole story. As the Forbes article points out: "there is much work to be done to increase monetization of free apps. And that may be the next growth opportunity for any developer as it presents an opportunity that is substantially larger than the existing one." While trying to project their brands in countries whose Android Market had no payment method, Android application developers learned to use other revenue sources such as advertising. Are there statistics on paid downloads plus ads for Android compared to paid downloads plus ads for iOS?
So in other words, you can still get brand new Android phones with 2.3. Meanwhile, you can't get a new iPhone with anything but iOS 7.
the cheap/low-end Android phones can still be found coming out brand new with 2.2/2.3 installed on the damned things
That phone was not "found coming out brand-new with 2.2/2.3 installed" still. It came out in 2011. You may be able to buy it from a retailer new, but they are just selling old stock. EOD. Stop twisting GP's words.
:. Ultimate Control Dedicated/VM Servers
Also, using a smartphone as a Wi-Fi diagnostics tool is pretty niche.
It's a niche that Apple has made a business decision not to serve, and it's not the only such niche.
it has all the basic functionalities a smartphone needs
Until your functionality needs end up growing to encompassing one of the forbidden categories.
The "can still be found" part should tell you that is talking about phones still being sold, not being launched. You are the one twisting words there.
"... can still be found coming out ..."
Common, you're grasping at straws here. Clearly this phrase was meant to state the phone released, not phone available for sale.
BTW, you can still find places that sell the 3GS brand-new-in-box, so no, you can also buy new iOS devices that doesn't support the latest iOS version.
:. Ultimate Control Dedicated/VM Servers
I must not be understanding something. How are apps under a free software license necessarily "a very small niche"?
I don't know *why* they are, but in general they are. Developer tools under free software licenses are usually highly popular, consumer applications not so much.
Cost isn't much of a barrier to entry to established firms in the most developed countries because the tools and license for one year cost less than a week's salary for a programmer in a developed country. But it is a barrier for students, part-time developers, and developers in less developed countries that have a lower overall wage level. It causes there to be a smaller proportion of $0 apps on iOS because developers feel they have to recover the cost of entry. (That and Google's early failure to deploy Wallet quickly enough.)
Again, based on the available app catalogs it doesn't appear to be a barrier to entry. Devs who genuinely have a good idea evidently invest in Apple's platform (to the extent of developer tools) just as they do Android, and the great thing is if you have a Mac you can develop for both.
Shelling out another $100 just to be able to install apps without going though the app store is one of the most fucked up things ever. You realize you don't really own any iDevice right? Why should I pay a few hundred bucks for a phone then need to get daddy Jobs OK to install something on it?
So don't then. Nobody is forcing you to, if you don't want to pay that then get Android instead.
Yeah after I thought about it remembered it runs as a privileged process so it should be able to patch just about anything, although given Android is open and various OEMs provide drivers and make modifications to Android I would say trying to update anything outside of Google Play that is subject to manufacturer or user modification is probably not very wise.
In fact in all three of these incidents, Apple never discovered any of them.
Right but developers found vulnerabilities in the OS and they were fixed, I didn't say or imply that anything is totally secure or that the Apple App Store is any more secure than Google Play but given the incredibly low amount of malware found in either store (real-world examples are in the single digit figures) they are about as secure as you could expect them to be.
If you don't think apple users commonly go around spouting that "Macs don't get viruses," then I've got a bridge to sell you. Fuck, Apple even had a commercial effectively making a similar claim.
Well the fact is I'm an apple user (or are you counting them as users that use nothing but apple?) and I have never said anything of the sort, I know quite a lot of people with MacBooks and iMacs that are well aware of the fact that OS X is simply a smaller target and even in that case there still has been malware in the wild for them. Apple's commercial didn't say that at all, it may have been a little disingenuous in its claim given that Macs are not PCs (in the context in which they were discussing them, which is that they are Windows systems) so obviously they cannot run Windows PC software - including malware - natively.
That's just the thing: You don't HAVE to do so. For most users, it's a pretty good idea, and they do exactly that. However for people like me, I'll get apps such as adfree, or like how I patched the Kindle app myself to show ebook PIDs so I could dedrm my own kindle ebooks.
Great, good for you. But obviously the ability to cut off developers' revenue streams with adblockers is going to have a negative effect in the long run.
Actually there's another issue here - Android's security model asks for all the apps permissions before you even get to install it. Whereas on iOS, permissions are asked for by the OS when the app attempts to access the protected APIs. iOS's model is far superior, since for one thing you get a feel for what the app wants the permissions for, and for another you can decline without un-installing the app.
So if a rogue game app were to suddenly ask for permission to access your contacts, you would be able to say 'no'. On Android, you get asked up front and (almost) everyone just says 'yes'. Doesn't work.
Right but developers found vulnerabilities in the OS and they were fixed, I didn't say or imply that anything is totally secure or that the Apple App Store is any more secure than Google Play but given the incredibly low amount of malware found in either store (real-world examples are in the single digit figures) they are about as secure as you could expect them to be.
No, actually in two of those cases there was no vulnerability to be fixed. The problem was that apple allowed apps through that did things the end user probably wouldn't want them to do. In one case, it read from your contact list and sent SMS messages to premium services. Both of those operations are permitted, and in fact there are API functions that even help you do them.
Well the fact is I'm an apple user (or are you counting them as users that use nothing but apple?) and I have never said anything of the sort,
I don't recall saying 100% of apple users. But it doesn't matter, when apple themselves make claims to that effect, then you can count on a lot of their customers repeating those claims.
https://www.youtube.com/watch?...
Sure, your average techie can read between the lines, but you're average joe or hipster cannot. The implication apple makes in that commercial is a very strong one.
Great, good for you. But obviously the ability to cut off developers' revenue streams with adblockers is going to have a negative effect in the long run.
Actually most of the apps I have don't show ads to begin with. The main reason I install adfree is also for the web browser; it does a hosts file based block list, which I think is very effective. I don't mind ads, I just hate the really flashy big ads. DNS based blocking mainly hits those and rarely ever the text based ads. Not only that but it reduces bandwidth consumption by a fair amount.
Clearly this phrase was meant to state the phone released
The fact that it's immediately obvious that that would not be true should be a hint that that was not what was meant.
Like how it was immediately obvious to you that one couldn't get a brand-new iphone with anything other than iOS 7? And that turned out not to be true as I pointed out there are still places selling the 3GS?
:. Ultimate Control Dedicated/VM Servers
I don't see the point of programming on a smartphone.
That item is probably more relevant to the iPad than to the iPhone.
A month seems like a reasonable minimum period for a subscription.
If a Blockbuster store (back when it still existed) couldn't offer movies and console games for rental for periods shorter than a month, how could it keep enough stock in front of customers to stay in business?
forceful proselytization
I'm having trouble understanding what you mean by forceful.
In short, none of these look like things I'd do on a mobile device.
From the page: "Fans of these iProducts defend Apple's practices, claiming that almost nobody demands the functionality that the Guidelines ban. Even if this is true of each individual item, there are still a lot of people who want one or more items on the list as a whole." Someone might start by choosing iOS, thinking the same way you do, and then his needs grow to include forbidden functionality. That would require buying an Android tablet and a tethering plan to connect the Android tablet to the Internet.
I'm just speaking from the average consumer's point of view.
The problem here is the word "consumer". If a device is capable only of "consumption", or viewing works created by others, it encourages people to remain "consumers" as opposed to hobbyist authors.
Apple requires anyone who wants to run self-signed software on an iPod touch, iPhone, or iPad to pay a recurring fee of $99 per year for the iOS Developer Program.
No, actually in two of those cases there was no vulnerability to be fixed.
And in the other one the vulnerability was fixed, like I said you rely on the app store vetting those applications before they are allowed on the store and neither Apple's nor Google's are any more secure than eachother and unless you want to do it yourself for every application and you actually think you have the ability and time to fully understand every application and every line of code in them then you are going to have to trust somebody and for the most part Apple and Google do a good job.
I don't recall saying 100% of apple users.
Well you said 'apple users' so who are you referring to?
But it doesn't matter, when apple themselves make claims to that effect, then you can count on a lot of their customers repeating those claims.
They didn't make that claim.
Sure, your average techie can read between the lines, but you're average joe or hipster cannot. The implication apple makes in that commercial is a very strong one.
Like I said, it seems somewhat disingenuous but it is certainly valid that they do not get PC viruses and given the amount of malware out there targeted at Windows I can certainly see why they would want to point out that their platform isn't susceptible to those.