Android Is Now as Safe as the Competition, Google Says (cnet.com)

← Back to Stories (view on slashdot.org)

Android Is Now as Safe as the Competition, Google Says (cnet.com)

Posted by msmash on Friday March 16, 2018 @04:00AM from the apple-to-oranges dept.

In an interview with CNET, David Kleidermacher, Google's head of security for Android, Google Play and Chrome OS, said Android is now as safe as the competition. From the interview: That's a big claim, considering that Android's main competitor is Apple's iPhone. This bold idea permeates the annual Android Security Report that Google released Thursday. "Android security made a significant leap forward in 2017 and many of our protections now lead the industry," the report says on page one. Echoing the report, Kleidermacher told CNET that Android flaws have become harder for researchers to find and that the software now protects users from malicious software so well the problems that used to leave users exposed to bad actors aren't such a big problem anymore.

116 comments

Min score:

Reason:

Sort:

How can this possibly be true? by Teckla · 2018-03-16 04:04 · Score: 4, Insightful

Given the ridiculously short amount of time Android devices get updates -- including devices from Google itself -- how can this possibly be true from a realistic viewpoint?
1. Re:How can this possibly be true? by olsmeister · 2018-03-16 04:07 · Score: 1
  
  You HAVE purchased a new phone in the last 9 months, haven't you? HAVEN'T YOU?
2. Re:How can this possibly be true? by CodeHog · 2018-03-16 04:20 · Score: 1
  
  You HAVE purchased a new phone in the last 9 weeks, haven't you? HAVEN'T YOU?
  FTFY
  
  --
  Fat, drunk, and stupid is no way to go through life, son.
3. Re:How can this possibly be true? by dbialac · 2018-03-16 04:22 · Score: 4, Insightful
  
  But is Android safe from Google? Spyware is spyware.
4. Re:How can this possibly be true? by Austerity+Empowers · 2018-03-16 04:26 · Score: 2
  
  I think you need to read into this a very narrow viewpoint. He's specifically referring to the latest OS and hacks injected from downloaded software/apps. He's not focused on any other aspect of the android ecosystem that is presently a source of concern:
  1) Devices running old software that isn't secure
  2) Devices running co-opted software from various sources (often legit sources) from vendors
  3) Devices themselves that contain or allow rogue FW to run, some which may have been placed there by the manufacturer for dubious purposes
  4) Devices that have been hacked before the user received them to run co-opted firmware.
  Their metric is essentially based on field reports, not design-in security. I've worked in a few places where we have eternal debates about "testing out bugs" versus "designing out bugs". Both are really necessary, but this article seems focused on the former.
  Google continues with a very software centric mindset, and trusts its OEMs. To me that's the biggest mistake, particularly given who a few of them are.
5. Re:How can this possibly be true? by 93+Escort+Wagon · 2018-03-16 04:33 · Score: 1
  
  Google continues with a very software centric mindset, and trusts its OEMs. To me that's the biggest mistake, particularly given who a few of them are.
  I suspect it's not trust... it's that Google doesn't particularly care about any security issues which can't be traced directly to shortcomings in Google's own software. And really, I'm not sure how much they cared even about that... until Apple started getting a lot of press related to how secure its devices are.
  
  --
  #DeleteChrome
6. Re:How can this possibly be true? by thebullshitpatrol · 2018-03-16 04:42 · Score: 4, Insightful
  
  not to mention the fact that submitting to the appstore requires 10x more effort because there are actual standards, code review, and testing to enforce.
7. Re:How can this possibly be true? by Curunir_wolf · 2018-03-16 04:44 · Score: 1
  
  3) Devices themselves that contain or allow "rogue" FW to run, some which may have been placed there by the manufacturer for dubious purposes
  You're kidding, right? If you're buying a device that doesn't allow you to run your own FW on it, you're just paying for a channel for the manufacturer to track you and sell you stuff.
  
  --
  "Somebody has to do something. It's just incredibly pathetic it has to be us."
  --- Jerry Garcia
8. Re:How can this possibly be true? by Austerity+Empowers · 2018-03-16 04:53 · Score: 1
  
  I agree, but the trick is to how to get it to allow ME to put my own firmware on (the owner), not anyone else. That's the problem that needs to be solved, but until then Apple is more secure, even if you have to trust them. I trust them more than I trust random OEMs or, especially, my cell phone supplier. But I do think there is money on the table for someone to grab.
9. Re:How can this possibly be true? by Anonymous Coward · 2018-03-16 05:01 · Score: 0
  
  Exactly, because unless you now buy the pixel your security updates are guaranteed to be behind by two or three months, and only be updated maybe two years at the most.
  Even their Android One devices that was supposed to fix that often have a disclaimer they only get updates for two years. Yeah, Lenovo/Motorola says they get updates too...every 4 months if you're lucky... insecure at any price.
10. Re:How can this possibly be true? by Anonymous Coward · 2018-03-16 05:03 · Score: 0
  
  Millions of Android phones are still vulnerable to the Broadcom hack. Yet Google says Android is as safe as iOS. Right, sure thing.
11. Re:How can this possibly be true? by whoever57 · 2018-03-16 05:07 · Score: 1, Interesting
  
  And if the Chinese own Qualcomm, any hope that cellphones are secure will be laughable.
  
  --
  The real "Libtards" are the Libertarians!
12. Re:How can this possibly be true? by wardrich86 · 2018-03-16 05:15 · Score: 1
  
  My Galaxy S5 is running Oreo... Just because the manufacturers and carriers drop the ball doesn't mean the homebrew community isn't there.
13. Re:How can this possibly be true? by wardrich86 · 2018-03-16 05:15 · Score: 1
  
  Run AOSP, don't install Gapps.
14. Re:How can this possibly be true? by whoever57 · 2018-03-16 05:21 · Score: 2
  
  .. it's that Google doesn't particularly care about any security issues which can't be traced directly to shortcomings in Google's own software
  How long did Google provide updates for Nexus phones? Nowhere near long enough.
  
  --
  The real "Libtards" are the Libertarians!
15. Re:How can this possibly be true? by pnutjam · 2018-03-16 05:29 · Score: 1
  
  I have a Verizon s5, this thing seems to be locked up tight and I can't get my own OS on it.
  
  --
  Cheap storage VM.
16. Re:How can this possibly be true? by Anonymous Coward · 2018-03-16 05:44 · Score: 0
  
  I'm still using a 2014 phone. It's fine.
17. Re:How can this possibly be true? by Curunir_wolf · 2018-03-16 05:53 · Score: 1
  
  Wait... you don't trust Huawei?
  
  --
  "Somebody has to do something. It's just incredibly pathetic it has to be us."
  --- Jerry Garcia
18. Re:How can this possibly be true? by Anonymous Coward · 2018-03-16 06:03 · Score: 0
  
  Are you sure? I haven't heard of Verizon before, but there are community Android distributions for many, many phones, including some very obscure brands.
19. Re: How can this possibly be true? by Anonymous Coward · 2018-03-16 06:24 · Score: 0
  
  is than an iPhone x?
20. Re: How can this possibly be true? by Anonymous Coward · 2018-03-16 06:27 · Score: 0
  
  Right, your stupid ugly bullshit out-ass apps are being rigorously tested by monkeys.
21. Re:How can this possibly be true? by Anonymous Coward · 2018-03-16 06:29 · Score: 0
  
  How many users of no-longer-supported phones go through that effort? I bet even 25% would be a very generous estimate.
22. Re:How can this possibly be true? by wardrich86 · 2018-03-16 06:47 · Score: 1
  
  Yeah, whenever I hear about shitty ass phones in the US, it's always the ones sold by Verizon. I'd go with a different carrier if you can... one that at least gives the slightest hint that the give a fuck about their customers.
23. Re:How can this possibly be true? by AmiMoJo · 2018-03-16 07:00 · Score: 2
  
  Android devices get updates pretty much forever because they come via Play Services. Doesn't really matter if the vendor doesn't update the kernel.
  Google fixed the lack of vendor today's by making it not matter.
  
  --
  const int one = 65536; (Silvermoon, Texture.cs)
  SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
24. Re:How can this possibly be true? by thegarbz · 2018-03-16 07:26 · Score: 1
  
  Given the ridiculously short amount of time Android devices get updates
  What kind of updates? Most phones get security updates just fine and for quite a long period of time. Combine that with the very few exploits that actually abuse any security bugs instead focusing mostly on the previously primitive permissions system of the past, I fail to see how that's even relevant.
25. Re:How can this possibly be true? by thegarbz · 2018-03-16 07:28 · Score: 3, Insightful
  
  But is Android safe from Google? Spyware is spyware.
  So? I don't need it to be safe from Google. They have shown to be trustworthy with my data. Google has yet to ransomware me, max out my credit card, steal my identity or do anything else with the ludicrous amount of data they have on me other than serve me ads.
26. Re:How can this possibly be true? by thegarbz · 2018-03-16 07:29 · Score: 2
  
  not to mention the fact that submitting to the appstore requires 10x more effort because there are actual standards, code review, and testing to enforce.
  Lol that's a good one. You use that in your stand-up routine often? No sorry I jest. There are standards. The standard is that Apple will only accept software that doesn't immediately threaten their bottom line, whereas Google seems comfortable to let those slip through.
27. Re:How can this possibly be true? by Anonymous Coward · 2018-03-16 07:59 · Score: 0, Insightful
  
  No, you just don't know how it can be misused. Examples:
  1) They were happy to hand over your data to the NSA. Hell, only Yahoo appealed the FISA warrant.
  2) Putting your data in 3rd party hands allows LEOs to get the information without you knowing there's an investigation going on about you.
  3) Just yesterday there was an article here about the CLOUD Act.
28. Re:How can this possibly be true? by fluffernutter · 2018-03-16 08:21 · Score: 1
  
  Those standards project Apple, not Apple users.
  
  --
  Laws are rules for the court, but merely a bottom bar to hit for life. Think beyond laws in your actions always.
29. Re:How can this possibly be true? by ArmoredDragon · 2018-03-16 08:39 · Score: 2
  
  Or you can just not log in to a Google account, then it doesn't send anything to Google. For apps you'll need fdroid and/or Amazon (which is mostly crap since Amazon's whitelisted security model means few developers update their apps.) If you try to run a Google app and it asks you to login, you can either delete or disable the app (it never runs, just sits there on your phone's storage with all user data and updates deleted, and you have to go through several menus just to find an icon for it) and get an alternative.
  Some apps aren't entirely dormant though, for example some other apps require Google maps installed to work, and all they do is hook into its API. Either way, the Google apps don't send stuff to Google without an active account. Apps from fdroid and Amazon don't rely on any Google apps being present, so they'd never be used at all.
  If you suffer from paranoid-schizophrenia and/or autism, then use AOSP is your only option, and it's usually buggy because dinners. Also, your choice of newer phones is very limited, with the best phones being Google branded phones, and absolutely no phones with Verizon or AT&T branding (my only guess for this is that they can treat you as a captive audience by preventing you from removing spammy carrier apps, blocking certain apps from being installed, and disabling some of Android's built in features.)
30. Re:How can this possibly be true? by ArmoredDragon · 2018-03-16 08:41 · Score: 1
  
  s/dinners/drivers
31. Re:How can this possibly be true? by Anonymous Coward · 2018-03-16 08:47 · Score: 0
  
  Or just buy your phone directly rather than through a mobile network operator. Sim-only plans are usually cheaper and offer more flexibility anyway.
32. Re:How can this possibly be true? by MachineShedFred · 2018-03-16 08:50 · Score: 1
  
  "It's not our problem if OEMs don't update their ROMs with our latest and most secure versions!" - that's what you could expect Google to say in response, seemingly unaware that some of their own damn hardware doesn't get updates either.
  If they can't even be bothered to update their own shit, how could you ever expect LG, HTC, Lenovo, Samsung, Huawei, et. al. to ?
  
  --
  Slashdot still doesnâ(TM)t support Unicode after it was added to the HTML standard in 1997.
33. Re:How can this possibly be true? by lenovosupport001 · 2018-03-16 09:06 · Score: 1
  
  Given the ridiculously short amount of time, Android devices get updates -- including devices from Google itself -- how can this possibly be true from a realistic viewpoint? https://newzealand.babasupport...
  
  --
  thank you for visiting us...Lenovo technical support
34. Re: How can this possibly be true? by Anonymous Coward · 2018-03-16 09:39 · Score: 0
  
  Did you really need to make a pointless dig at autistics there?
35. Re: How can this possibly be true? by Anonymous Coward · 2018-03-16 09:41 · Score: 0
  
  I trust Huawei as much as I trust FoxCon, the manufacturers of iPhones...
36. Re:How can this possibly be true? by LynnwoodRooster · 2018-03-16 09:55 · Score: 1
  
  My 2+ year old Note 5 got an update about 3 weeks ago. I guess you buy phones from bargain-bin carriers?
  
  --
  Browsing at +1 - no ACs, I ignore their posts. So refreshing!
37. Re: How can this possibly be true? by jnork · 2018-03-16 10:18 · Score: 1
  
  Indeed. Waiting to hear what autism has to do with this.
  
  --
  Cleverly disguised as a responsible adult.
38. Re:How can this possibly be true? by mikeiver1 · 2018-03-16 10:32 · Score: 1
  
  Well given the present state of "News" and the facts and not so facts one must question the validity of this statement from them. I mean seriously, Microsoft has made the same kind of statement in the past counter to the facts. I believe that Apple tries this crap as well. Lest be honest here, the OS's and firmware now running in these devices now days are so fucking complicated that there is literally no way that the term secure can be applied with any reasonable expectation of it being fact. For fucks sake, even the processors from Intel and AMD have hard coded holes that can't be effectively patched in their microcode. It is safe to assume that the same issues exist in ARM and MIPS as well. Nothing is secure!
39. Re:How can this possibly be true? by Teckla · 2018-03-16 11:39 · Score: 2
  
  I'm most concerned about security updates. I thought even the mighty Google only pushed out 3 years of security updates, and that 3 years starts from when the product first appears on their web site for sale. If you're even a little conservative about new tech (like me) and wait 6-12 months before pulling the trigger on a new product, that means only 2 to 2.5 years of security updates, not to mention regular updates, which you'd only get for 1 to 1.5 years.
  I guess at the moment I'm a little spoiled by iPhone, since I can buy a new one every 2.5 years or so, and pass on the old phone to my kid to use for 2.5 years. That's a 5 year life span for each phone. Once I take (price of phone / years of service), iPhone comes out way cheaper than anything I can buy in the Android ecosystem, for my use case at least. Granted, I'm a stickler about only using tech that's still getting security updates. I'm sure lots of people don't worry about security as much as I do.
40. Re:How can this possibly be true? by Teckla · 2018-03-16 11:44 · Score: 1
  
  I can't possibly imagine what gave you the idea that I buy phones from bargain-bin carriers. I'm at iPhone user. Not religiously so, though -- every time it comes time to buy a new phone, I reevaluate the entire marketplace. For me, the iPhone is actually quite a bit cheaper, once you factor in (cost of phone / years of service).
  I'm not sure why -- this is probably just a weird emotional thing -- but in my head I consider 5 years of security updates a minimum expectation.
41. Re:How can this possibly be true? by swillden · 2018-03-16 12:21 · Score: 1
  
  Given the ridiculously short amount of time Android devices get updates -- including devices from Google itself
  Three years is ridiculously short?
  
  --
  Note to ACs: I usually delete AC replies without reading them. If you want to talk to me, log in.
42. Re:How can this possibly be true? by LynnwoodRooster · 2018-03-16 12:31 · Score: 1
  
  The Samsung Note 4 was updated just 6 weeks ago, by Verizon. That's for a 4 year old phone. Perhaps Android life is not as you imagine or are told?
  
  --
  Browsing at +1 - no ACs, I ignore their posts. So refreshing!
43. Re:How can this possibly be true? by Teckla · 2018-03-16 12:48 · Score: 1
  
  Three years is ridiculously short?
  YES!
44. Re:How can this possibly be true? by Teckla · 2018-03-16 12:50 · Score: 1
  
  That's pretty good. Is that length of support common, or somewhat unique to Samsung, or...?
45. Re:How can this possibly be true? by swillden · 2018-03-16 15:37 · Score: 1
  
  Three years is ridiculously short?
  YES!
  You're nuts. I'd agree that perhaps it should be four, maybe, and that three is a little shorter than is ideal. But "ridiculously"? I think you need to buy a dictionary.
  
  --
  Note to ACs: I usually delete AC replies without reading them. If you want to talk to me, log in.
46. Re:How can this possibly be true? by swillden · 2018-03-16 15:38 · Score: 1
  
  Three years is ridiculously short?
  YES!
  You're nuts. I'd agree that perhaps it should be four, maybe, and that three is a little shorter than is ideal. But "ridiculously"? I think you need to buy a dictionary.
  Oh, it's also worth pointing out that AFAICT no one else commits to even three years. That includes Apple. Apple generally provides support for four, maybe five years, but they don't make any promises.
  
  --
  Note to ACs: I usually delete AC replies without reading them. If you want to talk to me, log in.
47. Re:How can this possibly be true? by Anonymous Coward · 2018-03-16 15:55 · Score: 0
  
  galaxy note 4 here, waiting for galaxy note 15. by then California repair law will go into effect and I'll have another note with an easily removable battery and a 16mega pixel camera.
48. Re:How can this possibly be true? by Anonymous Coward · 2018-03-16 18:31 · Score: 0
  
  From the current version of android going forward, All phones will be able to take a stock image and reciece regular updates as long as google keeps making them. No more relying on carriers or manufacturers if you want security updates. Anything that ships with android 8 must support it.
49. Re:How can this possibly be true? by Teckla · 2018-03-17 00:44 · Score: 1
  
  You're nuts. I'd agree that perhaps it should be four, maybe, and that three is a little shorter than is ideal. But "ridiculously"? I think you need to buy a dictionary.
  If we're talking about Google's devices here, it's not even 3 years unless you buy the phone the day it becomes available on their web site. I think it's pretty sensible to wait a minimum of 6 months to purchase new tech so that the inevitable new-device issues can be discovered and worked out. That brings its lifetime down to 2.5 years -- and that's just for security updates. Regular (non-security) updates would be an obscenely short 1.5 years. 1.5 years!
  I've never looked at Apple's official update policy, but history suggests about 5 years -- which includes both regular updates and security updates. Apple is crushing Google here.
  And, to be clear, I'm not an Apple fanboy. I think most people would be happy with Android or iOS. And the terribly buggy iOS 11 has certainly shaken my faith in Apple management to continue to do the right thing for their customers. I'm only talking about regular updates and security updates here. This is one area where Google is really weak and Apple is strong.
50. Re:How can this possibly be true? by swillden · 2018-03-17 02:48 · Score: 1
  
  Apple has no official update policy.
  
  --
  Note to ACs: I usually delete AC replies without reading them. If you want to talk to me, log in.
51. Re:How can this possibly be true? by LynnwoodRooster · 2018-03-17 03:57 · Score: 1
  
  Common for Verizon, Sprint, and T-Mobile. A lot of the discount carriers don't do it at all. And many of the Google phones have had 4 years of updates, too...
  
  --
  Browsing at +1 - no ACs, I ignore their posts. So refreshing!
52. Re: How can this possibly be true? by dbialac · 2018-03-17 12:44 · Score: 1
  
  Trustworthy? A trustworthy organization doesn't try to find a different way to determine your location with wifi after location services have been turned off. Google is an information rapist. Say no and it keeps doing it anyway. Facebook never was trustworthy, but Google used to say, "Don't be Evil."
53. Re: How can this possibly be true? by thegarbz · 2018-03-17 22:01 · Score: 2
  
  Trust is not a universal term that can be applied to everything. I qualified it by saying "with my data", the data being the subject in question. But then "trust" is nothing more than a belief in an outcome. I find google very "trustworthy" even in the case you apply it. I'm certain that they will continue to exhibit the behaviour of trying to shiftily ex-filtrate my data as much as possible.
  That's the thing about trust. You can "trust" bad behaviours as well as good behaviours. I trust the bad behaviour of Google will continue to collect my data as per normal based on past actions. I trust the good behaviour of Google to protect my data (it's their equivalent of the coca-cola recipe) and not sell it directly to third parties because it is their way of making money through services.
  I can't say the same thing about Microsoft. I can't trust them with my data. I have no idea what they will do with it. I have no faith they won't sell it unobfuscated to 3rd parties. Managing my data is not their core business.
54. Re:How can this possibly be true? by Plumpaquatsch · 2018-03-18 11:54 · Score: 1
  
  Given the ridiculously short amount of time Android devices get updates -- including devices from Google itself -- how can this possibly be true from a realistic viewpoint?
  Well, he said "now" and he meant that literally.
  
  --
  Of course news about a fake are Fake News.
With the result by Marxist+Hacker+42 · 2018-03-16 04:09 · Score: 1

That each version of Android OS that comes out, at least on the Samsung platform, is slightly less useful. That is the tradeoff for you between security and usability.

--
SJW: a person who perceives an injustice, and while correcting it, commits a greater injustice.
1. Re:With the result by Anonymous Coward · 2018-03-16 04:17 · Score: 0
  
  And this means it is harder and harder to root your phone and wrestle control of it from the service provider.
2. Re:With the result by Anonymous Coward · 2018-03-16 04:18 · Score: 0
  
  There are plenty of alternatives to Samsung. I'm Android 100%, but I'd rather carry an iPhone than touch a Samsung.
3. Re:With the result by wardrich86 · 2018-03-16 05:16 · Score: 1
  
  I'm hoping Treble will fix this. Custom ROM's are a huge part on why Android devices are so much better than their competition.
4. Re:With the result by Anonymous Coward · 2018-03-16 06:05 · Score: 0
  
  How would a service provider have control over whether you root your phone? And why would they care?
5. Re:With the result by lactose99 · 2018-03-16 06:15 · Score: 1
  
  Motorola phones are reliable, cheap, and easily allow unlocking of the bootloader.
  
  --
  Fully licensed blockchain psychiatrist
Where are the permissions logs? by javaman235 · 2018-03-16 04:10 · Score: 3, Interesting

Why can't I find a simple view in Android of what apps have accessed permissions and when? (mic, camera, GPS etc) Also, apps request such general permissions... Access to drive I grant for apps that need to save files to drive, but does that mean it can upload my photos to weird app developer?
Android needs more transparency on these things to build trust.

--
-The art of programming is the pursuit of absolute simplicity.
1. Re:Where are the permissions logs? by BronsCon · 2018-03-16 04:21 · Score: 2
  
  Honest question: Where can I find this in iOS?
  
  --
  APK quotes people (including myself) without context and should not be trusted. Just thought you should know.
2. Re:Where are the permissions logs? by Anonymous Coward · 2018-03-16 04:27 · Score: 0
  
  It's in settings/privacy. Then per thing (camera, microphone etc) you get a list of apps that have permissions and you can change them..
3. Re:Where are the permissions logs? by Anonymous Coward · 2018-03-16 04:30 · Score: 2, Informative
  
  Honest question: Where can I find this in iOS?
  1) Open the Settings App.
  2) Scroll to the app you wish to check.
  3) You now see a list of permissions, such as "Location", "Notifications", Background App Refresh", ... You can turn each one on or off.
  You can also see all apps which might use a permission in one list:
  1) Open the Settings App.
  2) Choose "Privacy"
  3) Select the permission you wish to control.
  You now see a list of apps that requested the permission. You can enable or disable each app.
  I have mixed feelings about iOS in general, but this is one thing that iOS does exactly right.
4. Re:Where are the permissions logs? by orient · 2018-03-16 04:31 · Score: 3, Informative
  
  DTEK by BlackBerry does exactly this. Plus it can alert you when an app tries to access a certain resource (microphone, camera). Plus it can allow/deny access to each resource individually, unlike Google's all-or-nothing approach. Even if you grant all permissions when you install an app, when the app tries to actually access any resource (camera, microphone, address book, local files etc.) you get a prompt to allow or deny access to each of the resources requested. And, yes, it comes installed on the Android BlackBerry phones. I don't have another Android phone, so I can't tell of it's only available for BB phones or not.
  
  --
  Laudele lor desigur m-ar mahni peste masura.
5. Re:Where are the permissions logs? by Anonymous Coward · 2018-03-16 04:32 · Score: 0
  
  That's not what they asked for. Android has that too.
6. Re:Where are the permissions logs? by Anonymous Coward · 2018-03-16 04:34 · Score: 0
  
  Hmmm... Settings->Apps->->Permissions? (Samsung S6, Android 7.0)
7. Re:Where are the permissions logs? by 93+Escort+Wagon · 2018-03-16 04:36 · Score: 1, Informative
  
  Honest question: Where can I find this in iOS?
  Go to "Settings", then scroll down. The bottom 80% of the main Settings menu is a list of all your apps. Click on any one of those to see what permissions it has asked for and/or been granted.
  
  --
  #DeleteChrome
8. Re:Where are the permissions logs? by Anonymous Coward · 2018-03-16 04:38 · Score: 0
  
  Well, this doesn't answer your question but it might be useful. Noroot firewall is pretty good for seeing when apps call home.
9. Re: Where are the permissions logs? by javaman235 · 2018-03-16 05:06 · Score: 1
  
  Not control, logs. For instance an app from work has GPS permissions to know where I am when on duty, which is fine. But does it track me off the clock? Like with Uber:
  https://www.npr.org/sections/t...
  How would users know?
  
  --
  -The art of programming is the pursuit of absolute simplicity.
10. Re: Where are the permissions logs? by javaman235 · 2018-03-16 05:08 · Score: 1
  
  Thx.
  
  --
  -The art of programming is the pursuit of absolute simplicity.
11. Re:Where are the permissions logs? by BronsCon · 2018-03-16 05:24 · Score: 1
  
  Oh, if that's all we're talking about, long-press on any app (Mac users should be familiar with this from the one-button mouse days), choose App Info from the resulting dropdown, and it's right there under the App Settings heading. Been there for a couple major versions by now, at least; you can even turn permissions on and off.
  
  You can also go to Settings -> Apps and tap on any app to get the this same screen.
  
  --
  APK quotes people (including myself) without context and should not be trusted. Just thought you should know.
12. Re:Where are the permissions logs? by BronsCon · 2018-03-16 06:11 · Score: 2
  
  That's the same thing Android has (Settings -> Apps, or long-press on an app and choose App Info) and you can enable and disable permissions there, as well. It's also not what was being asked for.
  
  --
  APK quotes people (including myself) without context and should not be trusted. Just thought you should know.
13. Re:Where are the permissions logs? by Anonymous Coward · 2018-03-16 06:17 · Score: 0
  
  Android does that too.
  1) Open Gear menu
  2) Apps & Notifications
  3) App Permissions
  Now you can see all the permissions and the apps that have requested and the apps that are allowed to actually use it.
  I think he wants a log of every seconds they are actively using it, which I don't think either do. You probably could write something in android if you root your phone, but
14. Re:Where are the permissions logs? by thegarbz · 2018-03-16 07:32 · Score: 2
  
  Why can't I find a simple view in Android of what apps have accessed permissions and when?
  For the same reason the Subway queue is so long: people are overwhelmed with choice.
  Look you sound like you want to run a full blown Linux complete with terminal on your phone. But really this level of detail should not be exposed to the average user. The only thing you'll get is frothing at the mouth and outrage as people miss-read, miss-interpret and otherwise try to draw huge conspiracies from things they don't understand.
  There's a reason these devices are so popular, and simplicity is a key component of that.
15. Re: Where are the permissions logs? by Anonymous Coward · 2018-03-16 09:02 · Score: 0
  
  Fake GPS and never worry about it again. Turn it off when you have a real need for GPS like maps/directions.
16. Re: Where are the permissions logs? by orient · 2018-03-16 10:37 · Score: 1
  
  Yes, DTEK also has logs for the last 7 days. Just an example: On my BB KeyOne, the OpenSignal app asked for location 261 times while in foreground and 22562 times while in background (in the last 7 days).
  
  --
  Laudele lor desigur m-ar mahni peste masura.
17. Re:Where are the permissions logs? by dinfinity · 2018-03-16 11:06 · Score: 1
  
  Only tangentially related, but Blackberry can go fuck themselves. I bought their flagship Priv phone at launch at a premium price (because I love hardware keyboards) and when the moment passed where they legally did not have to provide security updates any more they said 'go fuck yourselves' to their customers. I received their message clearly and will be steering well away from anything of theirs.
18. Re:Where are the permissions logs? by swillden · 2018-03-16 12:23 · Score: 1
  
  Honest question: Where can I find this in iOS?
  Go to "Settings", then scroll down. The bottom 80% of the main Settings menu is a list of all your apps. Click on any one of those to see what permissions it has asked for and/or been granted.
  Android has this, too, and it's not what was requested.
  
  --
  Note to ACs: I usually delete AC replies without reading them. If you want to talk to me, log in.
19. Re:Where are the permissions logs? by DRJlaw · 2018-03-24 11:17 · Score: 1
  
  It's also not what was being asked for.
  Then you wrote the wrong question, because his answer responded to the question asked.
  
  Why can't I find a simple view in Android of what apps have accessed permissions and when? (mic, camera, GPS etc)
  Honest question: Where can I find this in iOS?
  You can also see all apps which might use a permission in one list:
  1) Open the Settings App.
  2) Choose "Privacy"
  3) Select the permission you wish to control.
  You now see a list of apps that requested the permission. You can enable or disable each app.
20. Re:Where are the permissions logs? by DRJlaw · 2018-03-24 11:59 · Score: 1
  
  Ah, I somewhat see what you mean. Only Location Services has icons that indicate whether the permission was used recently and in the past 24 hours.
  On the other hand, I don't manage the other permissions closely because the apps have to ask for them individually and thus the apps really only ask for the permissions that you would expect them to.
21. Re:Where are the permissions logs? by BronsCon · 2018-03-24 19:43 · Score: 1
  
  I did read the question wrong initially (and answered it before the rest of the lot, to boot), just as you did. It wasn't until I came back and read some of the other answers that I realized my mistake.
  
  Like you, I don't manage permissions that closely; for similar reasons, and with the additional note that I don't do anything all that interesting on my phone in the first place.
  
  I don't allow apps permissions that would grant them the content of my messages (unless they're messaging apps, of course) or phone calls, and the apps that do get those permissions I would expect to constantly see accessing them. If an app has access to speaker and microphone, location services on my device are irrelevant if someone else nearby has location services turned on and is broadcasting an ultrasonic beacon; the app vendor will know where they are and that I was near them. That's just one of many reasons I don't let the Facebook app live on my phone (just as an example of an app that does this).
  
  I really don't get why people worry so much about this, to be honest. At least, I don't get why they worry about it on their phones, when their computers don't even give them that information. Sure, there are applications that can track data and resource access on a PC -- just as there are on Android (if you're rooted -- and no, I don't know the name of one off-hand, I haven't rooted a phone in several years) -- but not on iOS, of course.
  
  That's not a stab at iOS, either. It works perfectly well for what the people who choose to use it (which includes me, just not my phone) wish to do with it.
  
  --
  APK quotes people (including myself) without context and should not be trusted. Just thought you should know.
Funny by Anonymous Coward · 2018-03-16 04:19 · Score: 0

They say this every year, don't they?
...except phone don't get timely updates (if ever) by Anonymous Coward · 2018-03-16 04:26 · Score: 0

I'm a long-time Android user, and consider myself a fanboy. But Kleidermacher's statements are true only in a clinical sense. My current phone (Moto G5 Plus) only just received January security updates (and it's two point versions behind the latest version of Android). It doesn't matter if the latest build of Android is super secure if vendors never roll out software updates (or they do so after a long delay).
How many Android phones are running 5.0 or 6.0? I consider myself lucky to only be a few versions behind.
If the only phones that have the latest software are the Pixel devices and (maybe?) some Nexus phones, and those phones represent some minuscule percentage of the Android install base, then it's not accurate to say that Android is as safe as the competition. Vastly more iPhones sold in the last 4 years are running the latest and more secure OS than Android.
The worst problem with Android: No updates. by Futurepower(R) · 2018-03-16 04:33 · Score: 1

Android does not usually allow updates. So, to get the latest version, it is necessary to buy a new cell phone. In my opinion, that's extremely abusive.

Another abuse: Cell phones with batteries that cannot be easily replaced.

Another abuse: Apple has been preventing 3rd party repairs. Stories:

A HREF= "http://www.bbc.com/news/technology-35502030" TARGET="_blank" >iPhones 'disabled' if Apple detects third-party repairs (Feb 5, 2016)

Apple Shouldn't [be allowed] to Brick Your iPhone Because You Fixed It Yourself. (Feb 18, 2016)

Apple fighting new âright to repairâ(TM) legislation after successfully lobbying against it in the past. (Feb 15, 2017)

Latest iOS Update Shows Apple Can Use Software to Break Phones Repaired by Independent Shops (Oct 13, 2017)

'Right to repair' legislation gaining steam amid Apple's iPhone battery replacement program (Jan 18, 2018)
1. Re:The worst problem with Android: No updates. by wangmaster · 2018-03-16 04:39 · Score: 2
  
  Android does not usually allow updates. So, to get the latest version, it is necessary to buy a new cell phone. In my opinion, that's extremely abusive.
  Technically, that's not an android problem. It's a problem with crappy manufacturers. Android itself absolutely allows updates. I get them at least once a month on my Pixel devices.
2. Re:The worst problem with Android: No updates. by thebullshitpatrol · 2018-03-16 04:48 · Score: 1
  
  I think the message here is what it means for the unsavvy consumer, just like how "security of android as an OS" is completely trivial when compared to minimal app review process and a severely dysfunctional 3rd-party ecosystem (which again, is designed to decrease restrictions and barrier to entry to attract as many use cases as possible, including walmart $50 tablets).
  The average consumer (that actually cares) will have a shitty experience with android because its unclear what you have to do to get a good experience, and end up defaulting to iOS because its a consistently above average experience.
3. Re:The worst problem with Android: No updates. by ilsaloving · 2018-03-16 05:06 · Score: 1
  
  Technically, nobody gives a shit. It's an Android phone. Google controls android. Google has a specific certification process that, if manufacturers want to enjoy things like the App store, etc, they have to comply with. Google could have added updates as part of that contract, but they didn't. It's not like they don't have the clout.
  The lack of updates is the single biggest reason why I've stayed with iOS. Yes, Apple are douchebags, but it all turns into a question of "In what manner do I want to be screwed over?" and when all is said and done, Apple screws me in less ways than Android manufacturers do with their lack of updates, their non-removable bloatware, their shitty ecosystem, etc.
  Also, this IS Google's fault for not having a proper HAL baked into the OS from day one, like Windows has. I have very high hopes with Project Treble. If it works out, then maybe I'll finally be able to jump off the increasingly broken iOS ship. Unfortunately, I'll have probably wait a couple years before I can, because I am going to wait and see how things actually work out, rather than taking some mouthpiece at face value. I've been burned by that kind of thing before.
4. Re:The worst problem with Android: No updates. by Anonymous Coward · 2018-03-16 05:28 · Score: 0
  
  Android does not usually allow updates. So, to get the latest version, it is necessary to buy a new cell phone. In my opinion, that's extremely abusive.
  Technically, that's not an android problem. It's a problem with crappy manufacturers. Android itself absolutely allows updates. I get them at least once a month on my Pixel devices.
  ... for 18 months +- 6 months. It's 24 months since the device is first announced, but they're for sale for 12. And that's a Google device, so it's best case.
  That's just not good enough.
5. Re:The worst problem with Android: No updates. by Anonymous Coward · 2018-03-16 05:32 · Score: 0
  
  I use amazon phone with CM installed (now Lineage OS). There is a quarterly security update that is provided by maintainer. So the problem is not with Android but with phone manufacturers.
  If you want security updated just get a phone supported by Lineage OS and update yourself. Most people do not care about security updates. They just want a latest game to run on their phone and latest facebook app. If you running facebook app you already forfeited all claims to privacy and security.
Except for all that Creepy Googleieness by Dusanyu · 2018-03-16 04:34 · Score: 1

I got tired of my Phone being used for advertisement research so I "upgraded" to the Nokia 3310 3G it does what I need from a phone (Makes Phone calls) without all that creepy google tracking. I also Dumped my Tablet off at the St. Vincent de paul (goodwill can bite me) and went back to a laptop with Debian on it for web on the go. (heck i even got out my orignal iPod Mini replaced the micro drive with a compact flash card for music. I may look like a troglodyte but at least I am not whoring my data out.
Re:Caveat... by Anonymous Coward · 2018-03-16 04:36 · Score: 0

Not everyone has an IT miracle worker in their building that can run 7 chassis fans from HDMI power.
In other news... by Anonymous Coward · 2018-03-16 04:38 · Score: 0

Big Mac is Now as Safe as the Competition, McDonalds Says
Re: ...except phone don't get timely updates (if e by Anonymous Coward · 2018-03-16 04:41 · Score: 0

The updates come more at the app level. Your Chrome app is up to date regularly.
Because the competition is dead by Anonymous Coward · 2018-03-16 04:43 · Score: 0

Windows Phone, Firefox, Ubuntu, MeeGo, Tizen, Blackberry, Symbian, Bada, WebOS the list goes on. Android should go to antitrust courts because the only competiton dosent give a jack (physically as well as logicly).
Google should have arranged to allow updates. by Futurepower(R) · 2018-03-16 04:50 · Score: 1

"Technically, that's not an android problem. It's a problem with crappy manufacturers."

Google should have arranged that manufacturers allow updates. Now that abuse is associated with the Google (Alphabet) name.
Is that so?... by zarmanto · 2018-03-16 04:56 · Score: 0

So, I glance at the /. feed, and I see one article about Android being more safe... and the very next article is about Google having just recently been fooled into serving up malicious ads -- and apparently not for the first time, either.
Uh huh. I'm sure you'll forgive me, Google, if I'm more than a wee bit skeptical of the veracity of your latest marketing materials...
Apple Haters are such liars by SuperKendall · 2018-03-16 04:57 · Score: 1

Latest iOS Update Shows Apple Can Use Software to Break Phones Repaired by Independent Shops
What a goober, if you actually read the story it's about how Apple pushed a software update to FIX third party screens that had been installed. Apple did exactly the opposite of what you said. They just issued a warning after doing that that told people if you don't use Apple parts things may not work, they didn't even say you shouldn't use Apple parts yourself to repair systems!
You're right about Android, though you only used that as leverage to try and attack Apple. You are a sad, sad, man.

--
"There is more worth loving than we have strength to love." - Brian Jay Stanley
Err by Anonymous Coward · 2018-03-16 05:05 · Score: 0

What was it before? Why didnt they tell me?
Please tell Samsung by Alain+Williams · 2018-03-16 05:06 · Score: 1

to push out an update to my 'phone which is running Android 4.3. I had the cracked screen replaced this week and thus hope to use it for at least another 2 years. Do I want to update ? No: it does what I want.
This just in! by Anonymous Coward · 2018-03-16 05:08 · Score: 0

Head of company says that his company's products are great! News at 11!
Re: ...except phone don't get timely updates (if e by Anonymous Coward · 2018-03-16 05:11 · Score: 0

Google canâ(TM)t be responsible for fucking Samsung or Motorola (really?) can they? Want a secure Android? buy a Pixel. Call yourself a fan boy.... fucking wanna be....
CopperheadOS by Anonymous Coward · 2018-03-16 05:22 · Score: 0

That is sedure, fully open source Android. Whatever Google is cranking out here is certainly not safer than iOS.
Wrong target. by jellomizer · 2018-03-16 06:03 · Score: 1

To the end user, you should never tell them that your product is safe, because it will only go an bite you back. Because if they feel their phone is safe and immune to attacks/hacks and malware. Then chances are their behavior will be reckless, and will find some way to get their device infected. (Apple or Android)
I think google was really talking to Enterprise Deployments. Where big companies with sensitive data may have a policy that said iOS is OK while Android is not, siting security concerns. If Google can convince these people who do Risk management that Android isn't any worse then iOS is. That will open the door to further enterprise deployment.
The Commodore 64 may had been the best selling computer of all time. However the IBM PC x86 architecture had won the war. Not because it was better then the competitors, but because it had business approval for usage. Meaning people who wanted to do work from home, got these things (or work gave them one). Where after their work is done, their kids would play on it, causing games to be made for it, kids typing school work on them... So the Apple, Commodore 64, Atari, Amiga and the others while having a place in our heart, and did some things much better then the PC (Especially in graphics and sound), they undoubtedly went out of favor because it all comes down to needing to do the serious stuff.
In terms of Mobile devices we are roughly back in the mid 1980's With Apple holding on to their device, and an other company making an OS for many other devices. And the PalmOS, WebOS, Windows Phone OS... That were once popular and had some following just kinda died out. Now like the IBM PC and Compatibles and the Apple Macintosh. There is now a fight for the business mark. History can repeat itself and go to Android, or people reminded with the Pain of Microsoft and wishing they had Macs. May stay on iOS.

--
If something is so important that you feel the need to post it on the internet... It probably isn't that important.
In related news... by theendlessnow · 2018-03-16 06:53 · Score: 1

Microsoft says their OS is the best OS.

Amazon says their web shopping is the best.

Telsa says their cars are the best.

And Long John Silver's says their fish is the best.

...whew, glad all of that is finally settled!
Impossible until... by richrz · 2018-03-16 07:03 · Score: 1

Google has total control of the hardware, firmware, and OS.
PoisonJuice is now as safe as the competition by OrangeTide · 2018-03-16 08:25 · Score: 2

We bought the competition and shuttered their business. So now PoisonJuice® is the only juice-like beverage, which also makes it the best, safest and most natural.

--
“Common sense is not so common.” — Voltaire
Unlikely by Anonymous Coward · 2018-03-16 08:38 · Score: 0

Give me a break ...
Which version?
From which device maker?
Using what bundled software, apps and front ends?
Moot unless user can run the latest code by Anonymous Coward · 2018-03-16 09:20 · Score: 1

Oreo has been out for 7 months now and yet, a month ago only 0.7% of users had installed it. What's the point of stating your OS is secure if you can't deploy it appropriately? Android deployment: Google -> Phone manufacturer -> Telcos. This is a crazy pipeline!
Re:Caveat... by Anonymous Coward · 2018-03-16 09:42 · Score: 0

Don't click on his homepage link! creimer is trying to get you to subscribe automatically to his youtube channel, force you to watch his digi-feces videos and make money off you!
CREIMER' SUBMISSIONS UPDATE:
Note also that creimer is trying to regain karma by getting his submissions published as articles on /. so make sure to go to:
https://slashdot.org/~_sharp'r...
https://slashdot.org/~crreimer
https://slashdot.org/~cdreimer
https://slashdot.org/~criss69
https://slashdot.org/~Anonymou...
https://slashdot.org/~FatCashe...
https://slashdot.org/~ILoveFat...
https://slashdot.org/~IHateFat...
https://slashdot.org/~IAteFatC...
https://slashdot.org/~ITapeFat...
https://slashdot.org/~IApeFatC...
https://slashdot.org/~IPrayFat...
https://slashdot.org/~FatCashe...
and mod down his submissions as well. The great thing is that you don't even need mod points to mod down a submission, just click on the "minus" icon!
Yes, believe it or not, creimer owns all the above sock puppet accounts. It is a mystery why Slashdot management tolerates it!
creimer wrote:

I don't bother with mod points. I'm doing something much more sinister. It took ten story submissions ? I'll have to double check the number ? to move cdreimer's karma from neutral to excellent without ever being exposed to the capricious mods. Mmmmmwwwwahahahahahahaha!
https://slashdot.org/comments....
Danger, Will Robinson, Danger! Creimy is posting more than 2 posts a day. Hurry! mod down otherwise /. will go to hell again!
Note: you can mod down even if already at -1 to lower karma and to prevent lost /. users to accidentally mod up.
creimer wrote:

All you need to do is find a website with a permissive TOS, say, Slashdot, create a Python script to scrape your own comments, sprinkle Amazon affiliate links in various posts, and then re-post past links whenever possible. Won't be long before you start making "coffee money" each month.
https://slashdot.org/comments....
C.D. Reimer is a renowned Slashdot collaborator, as he puts it himself; "Because of the quality of my posts and my article submissions, I'm a highly rated commentator and moderator."
But does anybody ever wondered what "C.D." stands for? Well, it stands for Creimy Dumpty of course!
Creimy Dumpty sat on the wall,
Creimy Dumpty had a great fall.
All the king's horses
And all the king's men
Couldn't put Creimy Dumpty
Together again.
Creimy's siblings video and theme song, very realistic, especially the pants, just like Creimy's:
https://www.youtube.com/watch?...
With "Vice President Pence Vowing US Astronauts Will Return To the Moon", we are sure they will need miracle workers up there, here is what it would look like. Note that Creimy takes care of bringing a lot of food to the moon as depicted below:
https://www.youtube.com/watch?...
Creimy's real pictures:
Before the sex change:
https://ibb.co/cc7Ddw
Google says lots of things. by Anonymous Coward · 2018-03-16 11:59 · Score: 0

Don't believe them, their track record speaks for itself, and remember: you are *never* safe from Google themselves. They are, as a company, synonymous with spyware.
with a sample of one model which gets upgrades? by Anonymous Coward · 2018-03-16 12:27 · Score: 0

Now go back to being "not evil."
So my nexus s running 4.x is as safe as my iPhone 4s running iOS 9?
Okay then
Re:Caveat... by Anonymous Coward · 2018-03-16 14:59 · Score: 0

Hahaha really funny +5
I watched Casey Neistat videos for the first time in my life yesterday and it's really funny how the delusional creimer tries to copy his style in his own creimy digi-feces videos and how he always give Neistat as an example!
Neistat even has one video where he says "to believe" and to "build your own brand" with your "own ideas"
CROFLOL! The delusional creimer really belives in that shit! You don't have to search really far to find where it's coming from! creimer thinks for real that he will be the next Casey Neistat ;-)
CROFLOL! CROFLOL! CROFLOL!
--
Balena!
Sure... by XSportSeeker · 2018-03-16 21:10 · Score: 2

While that might be half true, it's also true that the vast majority of the entire Android market doesn't have, and might not ever have access to this latest Android version that is supposedly as secure as the competition. So the point is moot.
In fact, the only way to get that version of Android anytime soon would be by getting a Pixel phone. Because that's the only device that has the latest core/vanilla Android version. Other than that, perhaps a few Android One and Go devices. And that, for the global Android market, must be way bellow 1% of users. I'm not sure if it's even 0.01% of the global market.
Beyond that, Google cannot guarantee anything, because they really don't know. Most of the security and privacy breaches in the platform's history remains unpatched for a metric ton of Android devices, a whole ton of problems that emerged in recent years regarding spyware, telemetry, smartphone brands harvesting personally identifiable information surreptiously (thanks OnePlus), and a bunch of other safety problems came from Android skins/forks that Google has no way to completely control. And no, even Project Treble and other initiatives will be enough - they'll help, but they won't be enough.
And then the deathknell of supposed safety: as long as you can sideload apks into an Android device, it can never be considered as secure as a walled garden closed off system as iOS. Of course, lots of Android users (including myself) gladly accepts the risk for the openness, but that alone is enough for Android to never be as "safe" a platform as iOS. It's about the paradigm, not the OS.