BadKernel Vulnerability Affects One In 16 Android Smartphones

An anonymous reader writes from a report via Softpedia: A security bug in Google's V8 JavaScript engine is indirectly affecting around one in 16 Android devices, impacting smartphone models from all major vendors, such as LG, Samsung, Motorola, and Huawei. Despite this bug being public for more than a year, only in August 2016 have Chinese security researchers discovered that the V8 issue also affected a whole range of Android-related products where the older V8 engine versions had been deployed. Affected products included Google Chrome Mobile, Opera Mobile, apps that use the WebView component (Gmail, Facebook, Twitter, WeChat, etc.) and apps that deploy the Tencent X5.SDK (a bunch of Chinese apps). It is estimated that around one in 16 Android devices is vulnerable to this issue, nicknamed BadKernel. The flaw leads to a RCE on Android devices, allowing attackers to take full control over one's smartphone. Despite BadKernel being discovered in August 2016, because all research was only published in Chinese, most E.U. and U.S. users have no clue they might be affected. One of the best ways to protect yourself, as noted in the report, is to keep your apps and operating system updated. You can view this list via Trustlook's website to see if your device is affected. There's also a dedicated BadKernel security scanner you can download from the Play Store to check for the vulnerability.

Well

[Ol+Olsoc]

At least they have a headphone jack, so no problem.

Re:Well

Indeed, it's good to have a headphone jack. It performs its function universally well. Though some people might use Bluetooth earbuds, still having the jack means more choice and convenience for consumers all around. Despite the occasional discovery of software vulnerabilities, which exist on every platform including iOS, Android manufacturers aren't Apple and thus aren't driven by an unholy quest to fuck over and throw their customers into a bottomless pit of proprietary hell just to raise profits a bit higher.

Re:Well

[Ol+Olsoc]

Indeed, it's good to have a headphone jack. It performs its function universally well. Though some people might use Bluetooth earbuds, still having the jack means more choice and convenience for consumers all around. Despite the occasional discovery of software vulnerabilities, which exist on every platform including iOS, Android manufacturers aren't Apple and thus aren't driven by an unholy quest to fuck over and throw their customers into a bottomless pit of proprietary hell just to raise profits a bit higher.

Actually the 3.5 mm headphone jack is a failure prone device, designed years ago, and shows it. I've replaced dozens of them, and thrown away a lot more that couldn't be replaced. It's a true piece of shit that should have been replaced years ago with a substantial and professional connector.

And having both Android and iOS and OSX devices, I gotta tell ya, your Apple fucking people over meme is lacking in truth.

Re:Well

Hi Tim!

I think you have a more modern version of the old PEBKAC problem.

I have never had a headphone jack fail. Nor do I know anyone who has.

I gotta tell ya, obvious astroturfing shill is obvious.

Re:Well

False. The headphone jack is not prone to failure. That's a myth you've personally created to rationalize Apple's decision to remove such a useful port. Apple has also never claimed that the reliability of the headphone jack was ever an issue in any of their devices. In fact, you're far more likely to have a problem with the Lightning port. In the iPhone 5 series (5, 5c, and 5s), Lightning port replacement is the third most common DIY fix—right after screen and battery replacements. If headphone jacks were as unreliable as you claim, shouldn't jack replacements be in the top 3? Yet, they aren't, because in fact the headphone jack is highly reliable due to its simplistic design.

In my 40 years of experience, both personal and professional, I've only seen 1 headphone jack on a laptop, a Mac in fact, that was damaged after a DJ tripped over the cable and ripped the connector right off the motherboard. Why did an Apple customer bring their laptop to an unauthorized repair center? As many Apple users have told me themselves, its because they'll get raped in the wallet if they take their device to an Apple Service Center. Not a surprise. Apple has been screwing over customers since the Apple II. I recall a story when Apple engineered a newer Apple II model that used less ICs, thus being cheaper to manufacture. Apple users interpreted that to mean the newer revision would be cheaper to buy... which, of course, Apple being Apple, it wasn't.

Re:Well

[macs4all]

Hi Tim!

I think you have a more modern version of the old PEBKAC problem.

I have never had a headphone jack fail. Nor do I know anyone who has.

I gotta tell ya, obvious astroturfing shill is obvious.

And you obviously are the entire headphone-using population.

Re:Well

And you obviously are the entire headphone-using population.

No, he isn't, but he certainly represents the majority. This claim that headphone jacks are terribly unreliable came straight out of the Apple Users Cult, not from your boy Phil Schiller. Those of us outside the reality distortion field know the sole reason for removing the headphone jack was to promote the use of Apple's proprietary, licensed, and costly accessories. A fact that YOU, STILL, CAN'T, ACKNOWLEDGE.

Re:Well

[Ol+Olsoc]

Hi Tim!

I think you have a more modern version of the old PEBKAC problem.

I have never had a headphone jack fail. Nor do I know anyone who has.

I gotta tell ya, obvious astroturfing shill is obvious.

And you obviously are the entire headphone-using population.

Yeah, and highly useful comments Coward makes. This is like the one person in a room who brags about how he's never had a Windows 10 update break anything - always perfect! While a hundred other people have.

In the end , it means nothing.

So we're gonna have a sitdown folks. Here's the issue. Contact points. When using a tubular jack, where connections are made along the length of the Jack and connector, the contact is made by a spring metal strip, pressing against the part of the tube that corresponds to the desired connection, and a generalized non pressure contact with the "ground" or common part of the jack at the bottom. So far, its a duh thing.

The amount of pressure that can be brought to bear on the tube is based on the mass of the contact that is used, and the pivot connection that Smaller mass and less length of pivot is always a problem. As well, the torques put on the connector and jack during normal use tend to bend things a little more than might be desired fro m time to time. Does it have to be this way?

Nope - but th alternatives are pricey and larger. Let's say that I was for some reason wanting to make a 3.5 mm plug and jack. Assuming that we want to eep the form of the present plug, the jack would have some serious alterations. Instead of a single flat metal contact point, it would have an annular multiple spring loaded spherical contacts, each grouping resembling a race of ball bearings on all contact points, including the ground or common. Then you would have a reliable connector.

Even the 1/4 inch plugs used in professionalequipment are a common failure point, it can only get worse as the size decreases. But hey, some guy who has had perfect reliability but can't be botherd to post except as a coward must know better.

Re:Well

[Ol+Olsoc]

And you obviously are the entire headphone-using population.

No, he isn't, but he certainly represents the majority. This claim that headphone jacks are terribly unreliable came straight out of the Apple Users Cult, not from your boy Phil Schiller. Those of us outside the reality distortion field know the sole reason for removing the headphone jack was to promote the use of Apple's proprietary, licensed, and costly accessories. A fact that YOU, STILL, CAN'T, ACKNOWLEDGE.

I mush have a time machine, because I knew that the 3.5 mm jacks were unreliable long before the iphone was a gleam in Steve Jobs' urinal. Professionals stay away form them when they can because of that. And quit yelling.

Re:Well

[Ol+Olsoc]

False. The headphone jack is not prone to failure.

A part that isn't prone to failure? they are all prone to it, and the 3.5 mm is worse than many. Good day sir, and thanks for the laugh.

Re:Well

[macs4all]

No, he isn't, but he certainly represents the majority. This claim that headphone jacks are terribly unreliable came straight out of the Apple Users Cult, not from your boy Phil Schiller.

Anybody who HASN'T had to do the "Spinna-Spinna, Jiggle-Jiggle, Remove-Reinsert, Remove-Wipe-Reinsert" dance with a 3.5 mm jack/plug combo in an (usually unsuccessful) attempt to cure intermittent channel-cutout, should count themselves extremely lucky. In fact, 1/4" "guitar" plugs and jacks have the same problem. It's just the nature of the beast. Has been that way for DECADES. There was just wasn't anything better. And in fact, only time will tell if the Lightning an USB-C connectors fare any better in this application. But the 95% of people who have had some sort of problem with headphone jacks already know what DOESN'T stand the test of time, reliability-wise. But, just like hitting-yourself-over-the-head classes, some people just seem to enjoy the same abuse, over and over and ...

It has NOTHING to do with fanboy-ism, Hater. It has EVERYTHING to do with the fact that 3.5 mm jacks, while unarguably being quite common, are simply NOT VERY RELIABLE over time. Period. It's an inherent design flaw, mostly on the "jack" (female) side, but I have never seen one that doesn't eventually (sometimes over a long time) fall prey to intermittent operation. We don't live in clean rooms, and have a tendency to occasionally exert lateral forces on the plug/cable, and both of those things make the life of a headphone jack a fairly hard one for such a small, cheap connector.

Re:Well

[macs4all]

Even the 1/4 inch plugs used in professionalequipment are a common failure point, it can only get worse as the size decreases.

As a former professional musician and sound engineer, how well I know!

What used to amuse me, is all the guitarists that would purchase expensive cables with "MIL-Spec" 1/4" plugs on them. Too bad those "military-grade" plugs were made of corrosion-prone BRASS, and had a "bulbous" tip-end that reamed-out the "non-MIL-Spec" Jacks even more, making the whole thing even MORE intermittent. And as a bonus, the layer of corrosion on the brass sometimes formed a kind of semiconductor junction, turning your guitar rig into a "wonderful" 100W AM crystal radio (usually right in the middle of a performance!) In fact, you can see this demonstrated in the "This is Spinal Tap" movie, when Spinal Tap plays a gig at an Air Force base, and Nigel's(?) guitar rig starts picking up some 2-way radio calls, causing him to throw down his guitar and stomp off stage (yes, I know that might also have been his VHF wireless rig; but the effect is the same!)

Re:Well

[Jesus_666]

It's not that 3.5 mm jacks are perfect and impossible to beat. They just happen to be good enough for most people, usually only becoming unreliable after the device has reached the end of its useful life. In terms of reliability I'd put them about on par with Micro-USB jacks; those can also easily experience forces they weren't designed to handle and will then become unreliable. I don't know how much force Lightning jacks can take.

The main beef many people have is that Apple removed the 3.5 mm jack without supplying an adequate alternative. All options Apple has offered are problematic in some way:

Lightning headphones: Few manufacturers offer these so availability and choice are severely limited. It might be straight-up impossible to obtain Lightning headphones that have all desired qualities (form factor, sound, price etc.). These headphone are also incompatible with any non-Apple device. I didn't bother researching prices but I also suspect that Lightning headphones are a bit more expensive as far as the low-end market is concerned. Also, the only port capable of charging the host device is occupied, which is impractical when - for instance - using the phone while working in an area where it's easy to keep plugged in. Does not allow the host device to be connected to a car stereo that only has a 3.5 mm input port and no Bluetooth support.

Bluetooth headphones: Usually markedly more expensive than similarly capable regular headphones. Choice is limited, especially with in-ear monitors. Limited battery life can cause reliability issues and requires additional maintenance. RF interference and spectrum congestion can affect performance. Pairing might not always work well or might be lost during operation. Use of Bluetooth headphones drains the host device's battery faster than use of wired headphones. Sound quality is dependent on which audio profiles the host device and the headphones support. Also does not allow the host device to be connected to a car stereo that only has a 3.5 mm input port and no Bluetooth support.

3.5mm headphone adapter: Having a dongle attached to the host device makes it less handy and takes up additional space in one's pocket. One might accidentally unplug the dongle while pulling the device out of the pocket. Less control over how exactly the cable is positioned in the pocket (since many people are not going to keep it dongle-up) makes it easier to accidentally kink the cable. Having one more thing to lug around means one more thing that can be lost. Again the Lightning port is occupied.

The downsides of regular 3.5 mm wired headphones are well-known: The jack is moderately fragile and may become unreliable over time. Depending on the precise dimensions of the plug and jack the plug might become easily dislodged from the jack.

The 3.5 mm jack's problems are mainly of a reliability nature. The other options' problems are often about convenience and the inability to do things that used to be possible. There's the main beef: Apple's alternatives are all inconvenient to acquire and/or use or require workarounds to do things that used to be easy to do (such as plugging the device into a car stereo's aux port while powering the device from the cigarette lighter port). Unlike when Apple ditched the floppy drive for USB sticks or ADB for USB HID the change comes with a noticeable reduction in capability and ease of use. That is something worth complaining about in my opinion.

Re:Well

[Ol+Olsoc]

The main beef many people have is that Apple removed the 3.5 mm jack without supplying an adequate alternative. All options Apple has offered are problematic in some way:

Which iPhone do you have?

Re:Well

[Jesus_666]

Not me but a close friend. He has a 6s, which will be replaced with another 6s if it dies because the 7 is not appealing to him. The lack of a headphone jack is one of the more important factors there.

I'm mainly interested because a) other manufacturers might decide to follow Motorola's example now that Apple did and b) I'd like my headphones to remain compatible between all of my devices, including ones too old to support Bluetooth.

Ahhh yes

[wbr1]

A slashvertisment for a 'security' app that ostensibly tests for a vulnerability, whilst simultaneously asking for every permission my phone has. No thanks. And have a mode finger while you're here.

Re:Ahhh yes

Indeed, and on their site "Trustlook" (never heard of them) claim that "AV-Test" gives them the OK.
Funny, on the "AV-test" site, they're not even in the list of (about 25) tested products...

https://www.av-test.org/en/antivirus/mobile-devices/
 

For the common person

For the common person, who relies on his carrier to publish updates; this is pointless. Even to that extent, if you jailbreak your device to patch it yourself, if you use said device in a managed-corporate environment, then it gets flagged as being non-compliant by MDMs and your device will no longer have access to corporate resources; if said policy is enforced.

Best ways, huh?

[Bob+the+Super+Hamste]

One of the best ways to protect yourself, as noted in the report, is to keep your apps and operating system updated.

So how many of the devices listed are basically unsupported since initial sale and will never be update?.

I really wonder if things like this should be treated as manufacturing defects and since carriers and phone vendors don't seem to want to support these devices people should start bringing them back and getting them replaced for free as they are obviously defective.

I don't know warranty law but maybe someone one could chime in who has some idea as it would seem that if these issues aren't fixed then the customer is due a replacement or refund because their device does have a manufacturing or design defect.

Re:Best ways, huh?

Well, name the manufacturer as a willing part on every civil action related to losses due to hacking.

Re:Best ways, huh?

[Aaden42]

The devices were never warrantied as being secure. They're sold as telephones. As long as they still make calls, they're not defective. There's no way you'll get phone makers or cell carriers to make good on these without a law telling them they have to. And you can rest assured they'd pass the cost of any such law directly on to consumers.

Buyers need to vote with their wallets. You're not just buying a dumb telephone. You're buying an always-on, always-connected computer that you're going to store some of the most private things about your life on. Pay attention to the hardware maker's upgrade record as well as your carrier's and choose accordingly.

For most users, that probably means either spending the extra on a Nexus device or going Apple or saving the money up front and knowing that you're buying a dead end device that will almost certainly fail to get some critical security update before its reasonable useful life has passed. At that point, your choices are live with the risks of the vulnerability or spend more money to replace the device.

Re:Best ways, huh?

[Gr8Apes]

You're not just buying a dumb telephone. You're buying an always-on, always-connected computer that you're going to store some of the most private things about your life on.

This part I disagree with with - I am just buying a dumb phone, SMS messenger and web browser. Really. That's all anyone really needs, despite the plethora of apps all about, claiming to make life easier. Now the mail app makes things easier with local storage, as does the chat app of choice. As for storing the most private things about your life, why? Why would you essentially leave the keys to your life on a very portable and easily lost or stolen device?

I agree with much of what you say otherwise.

Re:Best ways, huh?

If I were to purchase a Maytag dryer from Sears and know the warranty is good for one year. If after a year a defect is found whereby there is a possibility of fire, what are my legal remedies? What are the obligations and responsibilities of Maytag and Sears?

Re:Best ways, huh?

I can't update my apps. Right now I have about 10 apps that need updating but each one of them wants a whole bunch more permissions. It is getting stupid - I don't think a weather app needs access to my identity or my contact list. Why can't we get a decent OS and proper applications for these powerful smart-phones? I would pay money for that.

Re:Best ways, huh?

[Aaden42]

Primarily because it's the most secured device I can buy as a consumer. It's also the one that's with me at all times. My phone is my exocortex. The part of my brain that actually works right, more often than not. If there's an arbitrary detail of modern life than has no value to me other than when engaging in certain bureaucratic ablutions, you can bet my phone remembers it better than I do.

And sure I could LIVE without the other stuff my phone does. My heart would keep beating, and I'd keep breathing. But quality of life is a thing. The myriad additional functions my phone provides enables me to do a dozen little things during the course of my day that I'd have to either not do or put off doing something else later. The time and brain workingstate savings of being able to scratch those things off immediately or perhaps a minute or two later when I have a moment rather than trying to remember to do them later (or skipping them entirely) are the little things that make life more than just hunt & gather, eat & sleep.

There are lots of modern conveniences we could live without, but you're only punishing yourself (and making lots of people regard you as some kind of odd Luddite or ascetic) if you stubbornly refuse to take advantage of them.

Re:Best ways, huh?

[macs4all]

I can't update my apps. Right now I have about 10 apps that need updating but each one of them wants a whole bunch more permissions. It is getting stupid - I don't think a weather app needs access to my identity or my contact list. Why can't we get a decent OS and proper applications for these powerful smart-phones? I would pay money for that.

Buy an iPhone, and gain control over your Apps. Seriously, that shit just doesn't happen on iOS.

Re:Best ways, huh?

[steveg]

Personally, I'm buying a portable computer that fits in my pocket. That I can use it for phone calls or SMS is mildly convenient, but not ultimately vital.

As far as "most private things" go, there is some of that (but not a ton) and that's mostly encrypted. At least as far as what *I* put on there. What the phone gathers about me is a whole other thing.

Re:Best ways, huh?

Why can't we get a decent OS and proper applications for these powerful smart-phones?

Has it occurred to you that you are in the wrong ecosystem?

Re:Best ways, huh?

[Gr8Apes]

So if the phone part is so not vital, why not just remove the cellular portion of the phone (ie, yank the sim)? Wait, it IS important that you can effectively call/message and access the web.

Re:Best ways, huh?

[Gr8Apes]

Truth be told - a paper list is faster and generally more convenient than a phone list, unless you can type it in on a computer and send it to you phone (in which case it's a simple consuming device) I still hold that "the most private things about your life" being on your phone is truly an odd thing to say, believe, or do.

Re:Best ways, huh?

[Aaden42]

I find paper lists far more cumbersome. They get lost or left at home. They can't be edited easily. My handwriting is dreadful. Can't write while moving or doing other things, etc. Siri can take a note no matter what I'm doing. The note is available on my phone, tablet, laptop, and two desktops near enough to instantly. I can delete it when done or revise it if necessary. I can share lists with family members, and we can all check off things as we do them or add more as we think of them. None of those are features I'd die without, but they certainly make a lot of life's activities run more smooway .

Clearly we use our phones differently, but I'd describe mine as indispensable to the way I prefer to live my life. The security of the data on it is very important to me.

Re:Best ways, huh?

[Gr8Apes]

Siri can take a note no matter what I'm doing. The note is available on my phone, tablet, laptop, and two desktops near enough to instantly.

...The security of the data on it is very important to me.

You use Siri and iCloud. I'd say security is secondary to you at most, and that's being very loose with the term 'security'. You were correct to drop "privacy" from your statement entirely, because you've given that up entirely.

Re:Best ways, huh?

[steveg]

Access the *Internet*. That's part of what being a computer is. I didn't say being connected wasn't vital, I said being a phone wasn't vital.

I added the "is connected" criterion to my definition of "useful computer" somewhere around 1989. Even though "uses telephone technology" is part of what makes that work, the "is a phone" part isn't all that important.

I'm not saying that I don't use the phone as a phone. But it's not why I have it. If I had to choose between a portable phone without computer functions or a portable computer without phone functions (and could only have one) I'd probably make do with email.

There are folks on Slashdot that, after asking me to get off their lawn, seem very proud of their dumb phones. "It's a phone, dammit, that's what's important." And that's fine. Just not for me.

My Nextbit Robin isn't on the list

[the_humeister]

I guess my phone is safe.

Re:My Nextbit Robin isn't on the list

[mlw4428]

Yes, nothing says security like sending your data up to a third party's cloud.

Sigh.

[ledow]

"Install this piece of random software to see if you're safe from this vulnerability that affects a ton of devices."

Yeah, right. It's precisely that mentality that causes more problems in the first place.

The list is just about worthless

[coolmoe2]

My phone and tablet were both listed so I installed the app and ran the check and neither one was vulnerable to this bug. I don't think the list they have includes vendor OTA updates so its more less based on the software the devices had when they were stock. So my take away is don't put too much faith in that list by itself. You are better to do the check and then remove the app.

Re:The list is just about worthless

[Nemyst]

I don't know about you, but I don't think I'd trust the results of a security app made by a company I've never heard of before.

Re:The list is just about worthless

> so I installed the app and ran the check [...]

Ha! Now you're p0wned!

Re:The list is just about worthless

As far as I know, Google Chrome is no longer separate from the internal browser on Android 5+. Do you have Android 5+?

What is BadKernel?

I read TFA and did a bit of Googling, but nowhere did I find any link to an actual technical description of the flaw. I'm interested to see how a kernel bug and a JIT bug work together here.

Re:What is BadKernel?

https://bugs.chromium.org/p/chromium/issues/detail?id=604033

Re:What is BadKernel?

This is all I could find. this
this
this
this
this
There are no technical details. I worked with Chinese coders and none of them write technical reports. Security flaws are like written stories for them. So don't expect a detailed blog post with source code snippets. It's just how the Chinese do it.

Re:What is BadKernel?

someone who is not AC pls upvote parent for the USEFUL link!

Must have misread something

operating system update

Wait. I thought this was an Android bug.

useable to root myself?

[Herve5]

Could this bug be used, not to do devilish things, but to help me rooting my devices in a simple way, so that afterwards I could at least install the firewalls I already have on my old Fairphone*?
(*) that came pre-rooted by default, contrary to the new ones

Re: useable to root myself?

Yes.

Updates, on Android? Good luck with that.

"One of the best ways to protect yourself, as noted in the report, is to keep your apps and operating system updated."

That sounds great but when your vendor ships the phone with an already out of date OS and never releases any updates or patches after the sale, and your phone has little support in the jailbreak community... what are you to do?

Re:Updates, on Android? Good luck with that.

[GTRacer]

I have a Note 3 running CM11 because reasons. But the newest I can get is 12 and I can't be arsed to go through the hours of reinstalling my apps (even with Titanium it takes a while because...). I use XPrivacy to control permissions so hopefully anything that tries to own me through an app-based vector alerts me. If it's Chrome into the OS itself, well, I guess I'm buggered.

Headphone jack only failure in seven years

[drnb]

I have never had a headphone jack fail. Nor do I know anyone who has.

I have. I am not claiming the following failure is common. I'm merely debunking the notion that the headphone jack is immune from problems. My personal experience is that it is the one and only thing that has failed for me in seven years.

I've occasionally dropped my phone, maybe once or twice a year over the last seven years. I only suffered damage once about five years ago. The headphone jack would no longer correctly detect when the earbuds were plugged in. Occasionally there would be a false positive where the phone erroneously thought the earbuds were plugged in and the phone would disable the speaker. I had to power down the phone to correct this. It was necessary to take this corrective action about once or twice a day. A day where this did not occur was rare. The problem was mechanical. If I shook the phone and listened very carefully I could hear something loose rattling. Fortunately this happened about three months before I became eligible for an upgrade.

Re:Headphone jack only failure in seven years

I'm merely debunking the notion that the headphone jack is immune from problems.

No one was making that claim. He simply said he hasn't had a problem with a headphone jack or know anyone who has, implying that the problem is quite rare, which it is. I'm on my 3rd smartphone now. I've never had a headphone jack problem and I plug and unplug my headphones daily. I've had buttons quit working, though. Yet I would never go so far as to say, "Well, the buttons are not reliable, remove them in lieu of new technology!" Instead, I would say, "Let's make buttons more reliable." If you feel that headphones jacks are a problem, perhaps that problem is that the particular jacks you've been using were of low quality.

Re:Headphone jack only failure in seven years

I am not claiming the following failure is common.

If you feel that headphones jacks are a problem, perhaps that problem is that the particular jacks you've been using were of low quality.

Did you read the sentence above, or did it confuse you?

Re:Headphone jack only failure in seven years

[Ol+Olsoc]

I'm merely debunking the notion that the headphone jack is immune from problems.

No one was making that claim. He simply said he hasn't had a problem with a headphone jack or know anyone who has, implying that the problem is quite rare, which it is.

Yeah, rare as Windows 10 updates breaking things. I can't produce the proof of all of those I've replaced over the years because I never knew I'd have to justify it to cowards, but the 3.5 mm adapter is a cheap little thing, and prone to failure. Just because you haven't had one, or that all the guys in your DnD club haven't does not mean a thing. Its like a 1/4 inch plug and jack, but more prone because it is smaller, and cannot have the contacts supply enough pressure to be reliable. On my professional audio equipment, its all XLR and 1/4 inch, and there's a reason the 3.5 mm isn't there - it isn't very reliable. Jacks are a major failure mode on everything they are on, and the smaller, the worse. Don't believe me? Don't care. do your own research.

New phones shipping with older versions of Android

[drnb]

If I were to purchase a Maytag dryer from Sears and know the warranty is good for one year.

New phones are shipping with older versions of Android. "New" as in unused, not as in a recent design.

I can get a new prepaid Samsung Galaxy S5 running Android 4.4 KitKat at Walmart for $150. It will not receive any updates to a newer version of Android. Some Android phones are vulnerable and have no upgrade path when they are new in the box, its not merely a problem of old used phones no longer being supported.

Re:New phones shipping with older versions of Andr

[GTRacer]

An S5? Not an ON5? I *just* went phone shopping and settled on a refurbed S5 for $120 shipped. All the Galaxy phones I saw in stores and online at that price were ON5s. I'd have gladly bought from WalMart at $150!

Sorry, S4 was $150, S5 was $300

[drnb]

My bad, that was a Galaxy S4 at $150, 4.2 Jellybean and not upgradable. Their S5 was $300, 4.4 KitKat and not upgradable.

I apologize for the confusion.

Re:Sorry, S4 was $150, S5 was $300

[GTRacer]

Thanks for the clarification! So far, our refurbed S5s are working OK... *knocks on wood*

BadKernel Research Source Data

[clarkd]

I work for Trustlook, so I am somewhat familiar with the company. :^) Trustlook is a venture-funded Silicon Valley startup specializing in Android security. The company has an Android app in the Play store with over 18M users, plus a RESTful cloud SDK to enable virus scan capability in any Android app. We also have an analytic tool that allows you to peek inside any Android app (skyeye.trustlook.com). Finally, at the end of 2016, we will become the default security engine of every new phone for a top 3 phone maker, so we are not a fly-by-night company. But enough about Trustlook. We have spent about a month collecting data from our user base to perform this research. Unlike many flimsy data studies out there, this one is based on 45K responses. Since Slashdot readers are naturally skeptical and highly inquisitive, we are making the detail report available here (goo.gl/9TBD8A). Judge for yourself if the research findings are worthy of our time. Cheers, - Clark Dong