No, but your description of the process was still misleading. Even unsigned apps on Android can be secure. On iPhone, manual review and signing is the only thing that keeps you secure.
You can moderate all you want, the facts remain. Android has an effective security architecture that protects users from hostile applications, while iPhone merely has the whims and quick review by the App Store review team to protect users from fraud and invasion of privacy.
As you noted, the google model is nothing more than blame-shifting, just like MS's UAC.
Totally wrong. Google sandboxes applications, meaning it enforces these permissions at the OS level. And the permissions are clear and simple enough that normal people usually understand them. On iPhone, in principle, any application can read almost any data and invoke for-pay services.
When compared to Apple's walled garden from a security perspective there isn't even a question as to which is better.
Apple's "walled garden" is a fiction; Apple doesn't have the resources to do meaningful security audits on the software it approves. Anybody who wants to can sneak malware into their Objective-C programs and activate it at some point in the future. Even with full source code, Objective-C is such a flexible language that a clever programmer can hide pretty much anything. And Apple wouldn't know about it until it gets user complaints. But since there is no sandboxing or permission system, and no way to install security software on the iPhone, it may be a long time before anybody notices what's going on. So, not only is Apple's own review process nearly meaningless against a determined hacker, user-based vetting is far less effective on the iOS platform.
The only way to enforce permissions is through sandboxing. Apple's "walled garden" is a joke from a security point of view. iOS has just about the worst security model of any phone OS.
I think you'd surprised to find that to most private data NO apps have ANY access on the iPhone...
There are clearly APIs to access contact data, send text messages, determine your location, and make Internet connections. In principle, any application can use those.
They're mostly limited to their own data and to the net and there are only very few APIs to access anything else.
And how do you think they are "limited"? What do you think is doing the "limiting"? And how do you, as a user, find out whether the Tetris clone you just downloaded is sending $10 text messages to a for-pay text message service?
The answer is that on iPhone, you can't. There is nothing limited about it. The OS isn't designed to do this and there is no way in which you, the user, could be informed of any restrictions.
The only thing that potentially could "limit" these things is a thorough code review by Apple, where Apple determines which APIs an application invokes and whether that is a reasonable match for the functions that the application performs. However, the idea that Apple can perform such security audits on tens of thousands of Objective-C programs is ludicrous.
In the long run I very much doubt that the "flagging and informing" of Android helps here. It's good for shifting the responsibility over to the user ("You clicked OK after all, you dumb fuck!"), nothing more. The difference between Google and Apple is that Google thinks this is enough and Apple doesn't.
Totally wrong. Android sandboxes the apps. If the app doesn't request permission to use services that cost you money, it can't invoke such services; if the app doesn't request permission to access your phone book, it can't access it. That's a fundamental piece of technology that is just missing from iOS. It's a huge deficiency in iOS.
They are taking a big negative with the iPhone, (no access to some phone functions) and turning it into a win for Apple.
Except the iPhone's dirty little secret is that, whereas only 20% of Android apps can access private data, 100% of iPhone apps can do so in principle, and you aren't told about which ones actually do.
For the miniscule amount of money Apple makes on the average iPhone app, they can't possibly do a meaningful security audit, in particular on something has complex and hard to audit as Objective-C software (where pointers and dynamic method calls let you hide just about anything from any simple security audit if you want to).
Just because half the people in the US don't wear safety belts doesn't mean we should remove them from our cars or that they aren't effective.
Android has the same mechanisms for security that iPhone has: application review, ratings, and developer banishment. In addition, Android has something that neither iPhone nor other major systems have: capabilities-based sandboxing. That's a really good thing. Having the permission system on Android doesn't hurt you, it just gives you an extra layer of security if you choose to use it.
And your assumption that "the general public" doesn't understand it when the installer says "this application may cost you money because it can send text messages" is wrong in my experience. Several non-technical friends and relatives of mine have gotten Android phones and they all have been paying attention to this.
Android applications have flags indicating what they are and aren't allowed to do, and are cryptographically signed with those flags.
Older phone operating systems use that technique; it isn't very effective.
Android actually sandboxes the application, ensuring that the permissions it requests are the only permissions it actually gets. Signing on Android is not used for verifying permissions but for "establishing trust relations" between multiple applications--making sure that if you call Jack's Barcode Reader, you actually get that application, not an impostor.
Of course, iPhone/iOS doesn't have either kind of permission system; on iPhone/iOS, you have to cross your fingers that Apple's review process somehow catches evil applications. Of course, given how shoddy and haphazard that process is, that's not a good bet to take.
Suddenly the walled garden approach where apps go through an approval process doesn't seem so bad.
Except that Apple can't review/audit applications for security; they simply do not have the resources, and they can't even get much simpler criteria right.
If only there was some phone manufacturer that did this.
On iPhone, every application is a threat to your privacy. On Android, on the other hand, you can safely install any application that doesn't need permissions that cost you money or access your private data. In different words, on Android, 80% of applications on Android are totally safe by this survey and the remaining 20% are no more dangerous than on any other platform. On iPhone, 0% of your applications are safe, and 100% are dangerous.
First of all, 20% have the ability to access private data on Android. Now, 20% is less than 100%, which is what you effectively get on other smartphone platforms. On the iPhone, effectively 100% of apps have access to your private data.
Now, those 20% of applications don't "expose" private data, they have access to it. Most of them do because they need it. Some do because the programmer screwed up and asked for more than he needed; such apps tend to get punished in the ratings.
Android has a good architecture, security and otherwise: it's clear, simple, and actually alerts people to what their applications are doing. iPhone/iOS is primitive and obsolete in comparison.
The U.S. has established a nice little track record of abducting people far away from any battlefields
European and Asian nations have been complicit in this: they've participated in moving people around and questioning them, and they sometimes refuse to take back even their own residents, let alone other people picked up in the battlefield.
And what alternative do you actually propose? US soldiers pick up a dozen people on the battlefield. What are they supposed to do with them? Let them go? Create internment camps in Afghanistan and Iraq? Ship them to Switzerland? I'm not saying it's right, but I think people simply don't know what to do.
I'm glad WikiLeaks exists and publishes this kind of information. On the other hand, I also don't have a problem with the US government arresting and prosecuting people who do. Ultimately, a court does need to look at these kinds of leaks and make a determination whether there was a compelling public interest or not.
What we should be asking is whether our laws protect whistleblowers enough in these cases, and whether our courts are making the right decisions. And I think we also need strong laws against people classifying information for which there is no strong security interest in keeping it classified.
Don't you think the users buying those phones are quite aware of that now.
No. And Apple is spending hundreds of millions in marketing dollars to make sure that they don't care. Why does it bother you when people keep reminding potential Apple customers of this?
And it is not like we don't have proper alternatives by now.
Good, we should let the world know about it.
I admit it is really scary that the average user just want computers and gadets that works together well without the need to have any technical knowledege at all
That's not scary at all. Too bad that Apple doesn't deliver on this promise.
Even some HTC phones with android have been terrible with unstable windows drivers and I have spent more than one evening fixing other peoples computers, so that they could do something that should be Plug'n'Play 10 years ago(syncing their Hero phone with XP).
You don't need to sync an Android phone with a desktop, it syncs with the cloud. iPhone is the only major phone platform left that still syncs with the desktop, an outdated and cumbersome model.
How? The first amendment and the doctrine of separation of church and state don't say that no one working for the government can mention God, or even give a religious observance.
The first amendment talks about a principle (and an important one). Principles are far more general and less specific than laws or rules. We have to figure out how to translate that into policy and laws. How we do that depends on many factors, including time and historical context.
I think these kinds of references to God are starting to violate the establishment clause, because social context and norms have changed. It used to be workable for the most part to assume that everybody in the US was a monotheist (even if just a deist), so generic references to "God" were not offensive except to a tiny minority. That's changed. And within a few decades, I think you'll see that Congress, too, has to change.
You're insane if you're comparing this to Google Street View.
The kind of insane objections people make to Street View also can be made here: "it's my personal property, nobody has a right to image it", "people are making money with this data, I want my cut", and "people may be using the data to plan crimes against my property".
Why do you think those objections should apply to a "PHOTO" but not an "ELEVATION MAP"?
And Americans wonder why the rest of the civilized world looks at them and shakes their head in disbelief.
Apparently, you consider it more civilized when government officials do unpleasant things quietly so that nobody is disturbed by it. I suggest you look at the history of 20th century Europe for how well that worked.
Nor, for that matter, is the belief in European moral superiority anything new; that existed ever since the US was founded. While French, German, and British intellectuals were pointing their fingers at the US over slavery and Indian issues, the militaries that supported their upper middle class lifestyles were busy slaughtering natives all around the world (or minorities at home, as the case may be); but it was all oh-so-civilized because they didn't really talk about it much.
Thanks, but I prefer being part of the uncivilized world then.
I don't see anything wrong with clear communications from government officials. I may disagree with the death penalty, but I appreciate this being announced without Newspeak or other obscure language.
(I do hope he gets in trouble for his invocation of "God" if this is indeed an official government communication.)
Inadvertent or not Google broke laws in some countries.
It's not clear whether they did; it depends on whether you consider these kinds of broadcasts to be "private". Historically, unencrypted packet radio has not been considered private. In every country where this has come up, new law is being made using this case, often in an atmosphere of FUD and political opportunism.
This inane copyright that the German publishers are proposing would end up preventing them from writing headlines.
The problem goes away as soon as you either have only a single publisher or a small cartel of publishers. That way, the members of the cartel can publish freely and nobody else can ever compete with them. "Combinometrics" works in their favor, since they already have vast archives with all these phrases.
The German public won't care or understand; as long as the masses still get their boulevard press with big breasted women on the cover, they're happy. Many of them pay for it with government-provided benefits anyway.
And there, in a nutshell, do you have the reason why German politicians and media are grilling Google alive over Streetview and WiFi packet data: they want to demolish Google's reputation in order to make it easy for them to push their own money-making anti-Google agenda.
Members of the North American music cabal claim that simple chord changes are copyrightable and so exclusively theirs.
So do music publishers around the world. German music publishers actually have quite successfully managed even many classical works from falling into the public domain through various shenanigans.
But bad as that may be, music is not essential to freedom, free speech is.
This kind of nonsense is par for the course for Germany. People can sue you if they feel insulted, offended, or blasphemed. In fact, in many cases, they can simply send you a letter asking you for money without so much as a court case. Publishers already extract huge amounts of money from electronic equipment, copiers, and blank media. I think it's part of Germany's fascist heritage.
No matter how greedy publishers in other nations may be, they are not going to be able to get these kinds of laws, copyright ratchet or not; Germany's laws in this area mare in fundamental conflict with principles of free speech and they wouldn't stand a constitutional test in the US or elsewhere.
Yeah, why don't you take that to heart. Look at the iTunes and iPod market share, for example.
try again with meaningful data. When something is on the market for less than two months, it's pretty hard to draw any kind of conclusion.
It's not hard to draw conclusions, however, about Apple's business practices and their dealings and successes in other digital media.
And by the time Apple has managed to grab the majority of the digital marketplace in books as well, it will be too late to do anything about it with free market mechanisms. That's why people need to be aware of the danger right now when consumer choice can still have a strong influence.
Fortunately, just because you're a moron doesn't mean everybody is.
You're the one who can't figure out <quote> tags, yet I'm the moron? (Do you see how pointless, irrelevant, yet easy personal attacks are? I suppose if they make you feel better...)
Thank you: you just supported my observation about your lack of intellectual depth again by trivializing the threat of media monopolization in this way.
Slashdot Mirror
No, but your description of the process was still misleading. Even unsigned apps on Android can be secure. On iPhone, manual review and signing is the only thing that keeps you secure.
I guess the truth hurts, doesn't...
You can moderate all you want, the facts remain. Android has an effective security architecture that protects users from hostile applications, while iPhone merely has the whims and quick review by the App Store review team to protect users from fraud and invasion of privacy.
As you noted, the google model is nothing more than blame-shifting, just like MS's UAC.
Totally wrong. Google sandboxes applications, meaning it enforces these permissions at the OS level. And the permissions are clear and simple enough that normal people usually understand them. On iPhone, in principle, any application can read almost any data and invoke for-pay services.
When compared to Apple's walled garden from a security perspective there isn't even a question as to which is better.
Apple's "walled garden" is a fiction; Apple doesn't have the resources to do meaningful security audits on the software it approves. Anybody who wants to can sneak malware into their Objective-C programs and activate it at some point in the future. Even with full source code, Objective-C is such a flexible language that a clever programmer can hide pretty much anything. And Apple wouldn't know about it until it gets user complaints. But since there is no sandboxing or permission system, and no way to install security software on the iPhone, it may be a long time before anybody notices what's going on. So, not only is Apple's own review process nearly meaningless against a determined hacker, user-based vetting is far less effective on the iOS platform.
The only way to enforce permissions is through sandboxing. Apple's "walled garden" is a joke from a security point of view. iOS has just about the worst security model of any phone OS.
I think you'd surprised to find that to most private data NO apps have ANY access on the iPhone...
There are clearly APIs to access contact data, send text messages, determine your location, and make Internet connections. In principle, any application can use those.
They're mostly limited to their own data and to the net and there are only very few APIs to access anything else.
And how do you think they are "limited"? What do you think is doing the "limiting"? And how do you, as a user, find out whether the Tetris clone you just downloaded is sending $10 text messages to a for-pay text message service?
The answer is that on iPhone, you can't. There is nothing limited about it. The OS isn't designed to do this and there is no way in which you, the user, could be informed of any restrictions.
The only thing that potentially could "limit" these things is a thorough code review by Apple, where Apple determines which APIs an application invokes and whether that is a reasonable match for the functions that the application performs. However, the idea that Apple can perform such security audits on tens of thousands of Objective-C programs is ludicrous.
In the long run I very much doubt that the "flagging and informing" of Android helps here. It's good for shifting the responsibility over to the user ("You clicked OK after all, you dumb fuck!"), nothing more. The difference between Google and Apple is that Google thinks this is enough and Apple doesn't.
Totally wrong. Android sandboxes the apps. If the app doesn't request permission to use services that cost you money, it can't invoke such services; if the app doesn't request permission to access your phone book, it can't access it. That's a fundamental piece of technology that is just missing from iOS. It's a huge deficiency in iOS.
They are taking a big negative with the iPhone, (no access to some phone functions) and turning it into a win for Apple.
Except the iPhone's dirty little secret is that, whereas only 20% of Android apps can access private data, 100% of iPhone apps can do so in principle, and you aren't told about which ones actually do.
For the miniscule amount of money Apple makes on the average iPhone app, they can't possibly do a meaningful security audit, in particular on something has complex and hard to audit as Objective-C software (where pointers and dynamic method calls let you hide just about anything from any simple security audit if you want to).
Just because half the people in the US don't wear safety belts doesn't mean we should remove them from our cars or that they aren't effective.
Android has the same mechanisms for security that iPhone has: application review, ratings, and developer banishment. In addition, Android has something that neither iPhone nor other major systems have: capabilities-based sandboxing. That's a really good thing. Having the permission system on Android doesn't hurt you, it just gives you an extra layer of security if you choose to use it.
And your assumption that "the general public" doesn't understand it when the installer says "this application may cost you money because it can send text messages" is wrong in my experience. Several non-technical friends and relatives of mine have gotten Android phones and they all have been paying attention to this.
Android applications have flags indicating what they are and aren't allowed to do, and are cryptographically signed with those flags.
Older phone operating systems use that technique; it isn't very effective.
Android actually sandboxes the application, ensuring that the permissions it requests are the only permissions it actually gets. Signing on Android is not used for verifying permissions but for "establishing trust relations" between multiple applications--making sure that if you call Jack's Barcode Reader, you actually get that application, not an impostor.
Of course, iPhone/iOS doesn't have either kind of permission system; on iPhone/iOS, you have to cross your fingers that Apple's review process somehow catches evil applications. Of course, given how shoddy and haphazard that process is, that's not a good bet to take.
Suddenly the walled garden approach where apps go through an approval process doesn't seem so bad.
Except that Apple can't review/audit applications for security; they simply do not have the resources, and they can't even get much simpler criteria right.
If only there was some phone manufacturer that did this.
On iPhone, every application is a threat to your privacy. On Android, on the other hand, you can safely install any application that doesn't need permissions that cost you money or access your private data. In different words, on Android, 80% of applications on Android are totally safe by this survey and the remaining 20% are no more dangerous than on any other platform. On iPhone, 0% of your applications are safe, and 100% are dangerous.
First of all, 20% have the ability to access private data on Android. Now, 20% is less than 100%, which is what you effectively get on other smartphone platforms. On the iPhone, effectively 100% of apps have access to your private data.
Now, those 20% of applications don't "expose" private data, they have access to it. Most of them do because they need it. Some do because the programmer screwed up and asked for more than he needed; such apps tend to get punished in the ratings.
Android has a good architecture, security and otherwise: it's clear, simple, and actually alerts people to what their applications are doing. iPhone/iOS is primitive and obsolete in comparison.
The U.S. has established a nice little track record of abducting people far away from any battlefields
European and Asian nations have been complicit in this: they've participated in moving people around and questioning them, and they sometimes refuse to take back even their own residents, let alone other people picked up in the battlefield.
And what alternative do you actually propose? US soldiers pick up a dozen people on the battlefield. What are they supposed to do with them? Let them go? Create internment camps in Afghanistan and Iraq? Ship them to Switzerland? I'm not saying it's right, but I think people simply don't know what to do.
I'm glad WikiLeaks exists and publishes this kind of information. On the other hand, I also don't have a problem with the US government arresting and prosecuting people who do. Ultimately, a court does need to look at these kinds of leaks and make a determination whether there was a compelling public interest or not.
What we should be asking is whether our laws protect whistleblowers enough in these cases, and whether our courts are making the right decisions. And I think we also need strong laws against people classifying information for which there is no strong security interest in keeping it classified.
Don't you think the users buying those phones are quite aware of that now.
No. And Apple is spending hundreds of millions in marketing dollars to make sure that they don't care. Why does it bother you when people keep reminding potential Apple customers of this?
And it is not like we don't have proper alternatives by now.
Good, we should let the world know about it.
I admit it is really scary that the average user just want computers and gadets that works together well without the need to have any technical knowledege at all
That's not scary at all. Too bad that Apple doesn't deliver on this promise.
Even some HTC phones with android have been terrible with unstable windows drivers and I have spent more than one evening fixing other peoples computers, so that they could do something that should be Plug'n'Play 10 years ago(syncing their Hero phone with XP).
You don't need to sync an Android phone with a desktop, it syncs with the cloud. iPhone is the only major phone platform left that still syncs with the desktop, an outdated and cumbersome model.
How? The first amendment and the doctrine of separation of church and state don't say that no one working for the government can mention God, or even give a religious observance.
The first amendment talks about a principle (and an important one). Principles are far more general and less specific than laws or rules. We have to figure out how to translate that into policy and laws. How we do that depends on many factors, including time and historical context.
I think these kinds of references to God are starting to violate the establishment clause, because social context and norms have changed. It used to be workable for the most part to assume that everybody in the US was a monotheist (even if just a deist), so generic references to "God" were not offensive except to a tiny minority. That's changed. And within a few decades, I think you'll see that Congress, too, has to change.
You're insane if you're comparing this to Google Street View.
The kind of insane objections people make to Street View also can be made here: "it's my personal property, nobody has a right to image it", "people are making money with this data, I want my cut", and "people may be using the data to plan crimes against my property".
Why do you think those objections should apply to a "PHOTO" but not an "ELEVATION MAP"?
And Americans wonder why the rest of the civilized world looks at them and shakes their head in disbelief.
Apparently, you consider it more civilized when government officials do unpleasant things quietly so that nobody is disturbed by it. I suggest you look at the history of 20th century Europe for how well that worked.
Nor, for that matter, is the belief in European moral superiority anything new; that existed ever since the US was founded. While French, German, and British intellectuals were pointing their fingers at the US over slavery and Indian issues, the militaries that supported their upper middle class lifestyles were busy slaughtering natives all around the world (or minorities at home, as the case may be); but it was all oh-so-civilized because they didn't really talk about it much.
Thanks, but I prefer being part of the uncivilized world then.
I don't see anything wrong with clear communications from government officials. I may disagree with the death penalty, but I appreciate this being announced without Newspeak or other obscure language.
(I do hope he gets in trouble for his invocation of "God" if this is indeed an official government communication.)
So, let me see whether I get this right:
Google taking street photos = bad (according to Germans).
The German government making high resolution elevation maps from space = good (according to Germans).
Where can I complain if I don't want my private property mapped by the German government?
Inadvertent or not Google broke laws in some countries.
It's not clear whether they did; it depends on whether you consider these kinds of broadcasts to be "private". Historically, unencrypted packet radio has not been considered private. In every country where this has come up, new law is being made using this case, often in an atmosphere of FUD and political opportunism.
This inane copyright that the German publishers are proposing would end up preventing them from writing headlines.
The problem goes away as soon as you either have only a single publisher or a small cartel of publishers. That way, the members of the cartel can publish freely and nobody else can ever compete with them. "Combinometrics" works in their favor, since they already have vast archives with all these phrases.
The German public won't care or understand; as long as the masses still get their boulevard press with big breasted women on the cover, they're happy. Many of them pay for it with government-provided benefits anyway.
Just remember that last time dying German industries took over the government with right-wing populist ideologies, millions of people died.
And there, in a nutshell, do you have the reason why German politicians and media are grilling Google alive over Streetview and WiFi packet data: they want to demolish Google's reputation in order to make it easy for them to push their own money-making anti-Google agenda.
Members of the North American music cabal claim that simple chord changes are copyrightable and so exclusively theirs.
So do music publishers around the world. German music publishers actually have quite successfully managed even many classical works from falling into the public domain through various shenanigans.
But bad as that may be, music is not essential to freedom, free speech is.
This kind of nonsense is par for the course for Germany. People can sue you if they feel insulted, offended, or blasphemed. In fact, in many cases, they can simply send you a letter asking you for money without so much as a court case. Publishers already extract huge amounts of money from electronic equipment, copiers, and blank media. I think it's part of Germany's fascist heritage.
No matter how greedy publishers in other nations may be, they are not going to be able to get these kinds of laws, copyright ratchet or not; Germany's laws in this area mare in fundamental conflict with principles of free speech and they wouldn't stand a constitutional test in the US or elsewhere.
Anecdotes do not evidence make,
Yeah, why don't you take that to heart. Look at the iTunes and iPod market share, for example.
try again with meaningful data. When something is on the market for less than two months, it's pretty hard to draw any kind of conclusion.
It's not hard to draw conclusions, however, about Apple's business practices and their dealings and successes in other digital media.
And by the time Apple has managed to grab the majority of the digital marketplace in books as well, it will be too late to do anything about it with free market mechanisms. That's why people need to be aware of the danger right now when consumer choice can still have a strong influence.
Fortunately, just because you're a moron doesn't mean everybody is.
You're the one who can't figure out <quote> tags, yet I'm the moron? (Do you see how pointless, irrelevant, yet easy personal attacks are? I suppose if they make you feel better...)
Thank you: you just supported my observation about your lack of intellectual depth again by trivializing the threat of media monopolization in this way.