×

Announcing: Slashdot Deals - Explore geek apps, games, gadgets and more. (what is this?)

Thank you!

We are sorry to see you leave - Beta is different and we value the time you took to try it out. Before you decide to go, please take a look at some value-adds for Beta and learn more about it. Thank you for reading Slashdot, and for making the site better!

Sundar Pichai: Android Designed For Openness; Security a Lower Priority

timothy posted about 9 months ago | from the not-that-they-must-contradict dept.

Security 117

An anonymous reader writes "Earlier this week, Google Android chief Sundar Pichai spoke at the Mobile World Congress where he explained, rather bluntly, that Android is designed to be open more so than it's designed to be safe. He also added that if he were a hacker today, he too would focus most of his efforts on Android on account of its marketshare position." Related: wiredmikey writes "Boeing is launching 'Boeing Black phone,' a self-destructing Android-based smartphone that the company says has no serviceable parts, and any attempted servicing or replacing of parts would destroy the product. 'Any attempt to break open the casing of the device would trigger functions that would delete the data and software contained within the device and make the device inoperable,' the company explained. ... The device should not be confused with the new encrypted Blackphone, developed by the U.S. secure communications firm Silent Circle with Spanish manufacturer Geeksphone."

Sorry! There are no comments related to the filter you selected.

Don't they know... (2, Insightful)

FuegoFuerte (247200) | about 9 months ago | (#46359925)

If there's a way to put it together, there's a way to take it apart. Also, it kind of sucks to have your data wiped if your phone takes a major spill and thinks you're trying to break it open.

Re:Don't they know... (5, Informative)

brainstem (519778) | about 9 months ago | (#46360039)

RTFA. This phone is not designed to be sold to the general public. It is designed for specific security sensitive applications and use by government agencies.

So Don't Buy It (0)

Anonymous Coward | about 9 months ago | (#46360079)

The phone isn't for you, as much as you may want it to be. For certain people, that's a risk they're willing to take.
CAPTCHA: defense

Slippery slope (1)

tepples (727027) | about 9 months ago | (#46361291)

The phone isn't for you

What worries me is that if this is successful, certain control-freak mobile phone, tablet, and video game hardware manufacturers are likely to point to this as a success story and attempt to make this the standard for devices sold to home users.

Re:Slippery slope (1)

gnick (1211984) | about 9 months ago | (#46362075)

...attempt to make this the standard for devices sold to home users.

How hard would it be for a competitor to come forward with a marketing campaign like, "This phone won't commit suicide if it falls off the bed"? It seems like that would draw a bigger customer base than "This phone will self-destruct."

Monkey see, monkey lockdown (1)

tepples (727027) | about 9 months ago | (#46362383)

How hard would it be for a competitor to come forward with a marketing campaign like, "This phone won't commit suicide if it falls off the bed"?

Given that both Sony and Microsoft made a business decision to adapt Nintendo's the lockout chip business model for their set-top gaming computers, I'm guessing manufacturers of other entertainment devices would be eager to imitate one another's repair lockout measures if it thinks the measure will help them seek more rents [wikipedia.org] .

Re:Slippery slope (1)

Krojack (575051) | about 9 months ago | (#46362381)

When it comes to phones and tablets, I don't believe the manufactures really want to lock down the devices. Several offer tools from their websites to unlock bootloaders. It's the cell network carriers that force the manufactures to lock down the devices.

T-Mobile: the uncarrier (1)

tepples (727027) | about 9 months ago | (#46362625)

It's the cell network carriers that force the manufactures to lock down the devices.

Fortunately, T-Mobile USA and the prepaid MVNOs have managed to pressure AT&T into offering plans priced without a hardware subsidy. When the phone is sold separately, what stops the manufacturers from selling unlocked phones in the U.S. market that work on AT&T, T-Mobile, or any of their MVNOs?

Re:Don't they know... (1)

rhook (943951) | about 9 months ago | (#46360621)

Not if everything is fused together.

Re:Don't they know... (1)

hurfy (735314) | about 9 months ago | (#46361105)

So was my laptop battery at one point ;)

Fused or not I assume it would still try and detect the pieces coming apart. One would hope it takes more than a Dremel wheel to defeat it.

Boeing making self-destructing phone? (0, Funny)

Anonymous Coward | about 9 months ago | (#46360045)

Well, they do have lots of practice making self-destructing airplanes.

Re:Boeing making self-destructing phone? (1)

lennier1 (264730) | about 9 months ago | (#46360379)

True to their defense contractor traditions they'll probably try to destroy it by way of a drone strike.

Disproportionate Malware (0, Troll)

SuperKendall (25149) | about 9 months ago | (#46360087)

There's no way the market share on Android explains the malware for the device; Android is not 98% of the smartphone market, but it DOES have 98% [theinquirer.net] of the malware.

This is exactly why for any non-technical user I cannot recommend Android. It's too dangerous for people who are not technically ept enough to properly manage security or know when something is fishy.

Re: Disproportionate Malware (0, Troll)

Eugriped3z (1549589) | about 9 months ago | (#46360449)

Everything about Android IS fishy, starting with its origin and ending with Apps that are allowed 'access' to anything just because the developer asks. Access to my contact list in exchange for information on astronomy?! C'mon... Why does Google approve of such behavior?

Apparently geeks only require security for their own personal data or that of their company and believe everyone else's is better off left wide open.

Tap Back (2)

tepples (727027) | about 9 months ago | (#46361307)

Access to my contact list in exchange for information on astronomy?!

That's why Android has a system-wide Back button. If you disagree with the permissions that an application requests, tap Back instead of Install, and take it up with the application's publisher.

Re:Tap Back (4, Insightful)

rsborg (111459) | about 9 months ago | (#46361657)

Access to my contact list in exchange for information on astronomy?!

That's why Android has a system-wide Back button. If you disagree with the permissions that an application requests, tap Back instead of Install, and take it up with the application's publisher.

And that kind of attitude is why Android's privacy model is flawed. This puts the control of your options at the whim of the developer. Instead *you* should be able to disable the camera, or disallow access to your GPS for any given app. If I find out after the fact that I don't want an app to have access to that information, I shouldn't have to uninstall the whole app. Example: weather apps almost always (reasonably) ask for my location info. I deny them, because, I have all my locations already entered. They don't need to know where I've been, but I still like to get the forecast on my phone.

Re: Tap Back (1)

ShieldW0lf (601553) | about 9 months ago | (#46361787)

Contrasted with what, Apple?

Here's a hypothesis: Most malware is written by groups associated with the US government and their allies, the UK and Israel.

It's easier to just call Apple because they completely own anyone who buys their products already and Apple will do what they want.

Android isn't secure, true, but at least it isn't always owned the moment you get it, though Google does try.

Thus, the malware targets the devices that are most secure, from the perspective of those on the attack.

Add in some foreign governments and the odd purely mercenary criminal group, and there's your malware scene.

Just a hypothesis...

Re: Tap Back (1)

rsborg (111459) | about 9 months ago | (#46363047)

Contrasted with what, Apple?

I gave actual examples of why I find Apple's privacy model better than Google's. Can you rebut that, or are you just going to go on about "Apple owning the user".

Android isn't secure, true, but at least it isn't always owned the moment you get it, though Google does try.
Thus, the malware targets the devices that are most secure, from the perspective of those on the attack.

This just shows have zero understanding of basic economics. The lower hanging fruit is always the best bet unless you can justify that the more difficult is indeed far more profitable. And guess what - iPhone users are more valuable to advertisers and developers [1]... yet have only 1% of the malware. Nice try at sophistry.

[1] https://digiday.com/platforms/... [digiday.com]

Re: Tap Back (1)

ShieldW0lf (601553) | about 9 months ago | (#46363823)

If you sign up with Apple, they have complete control over your device from the hardware to the software, they know who you are, and they'll tell the authorities anything they ask.

If you buy an Android phone, there is no one entity that has control like Apple does.

Your position is based around the motive of the "hackers" being economic. If they're just scammers trying to steal money, then yeah, Apple is probably more secure.

I believe the motive of the majority of malware does not come from such people, is not economically motivated, but is rather written by government agencies.

No one is really that interested in stealing your identity for money. It's just fear-mongering.

Re: Tap Back (0)

Anonymous Coward | about 9 months ago | (#46364617)

If you sign up with Apple, they have complete control over your device from the hardware to the software

In what way?

they know who you are

Of course they do, you told them...duh. Just like when you sign up for a google account.

and they'll tell the authorities anything they ask.

Citation? I dont think there is any company that will just tell the "authorities" (which also is a completely ambiguous term) anything they ask.

If you buy an Android phone, there is no one entity that has control like Apple does.

How do you know that? Do you have an Android phone that is 100% open? Because last time I checked pretty much every single Android phone ships with binary blobs.

I believe the motive of the majority of malware does not come from such people, is not economically motivated, but is rather written by government agencies.

And do you have any evidence to support that? Why would they even need malware when they can just contact the platform vendors (like you claim they can) or just intercept communications along the way? Which malware do you believe was created by government agencies?

You might not even need an app (1)

tepples (727027) | about 9 months ago | (#46362499)

Instead *you* should be able to disable the camera, or disallow access to your GPS for any given app.

The developer always has the opportunity to make the activity close itself if you don't grant it the right permissions. (In fact, this is what applications do by default in modded ROMs and in Android 4.3 with App Ops because they don't catch SecurityException.) So again, the beef is between you and the developer. You could always get applications from F-Droid, where all applications are distributed under a free software license. Then you can load an application's source code into Android SDK and compile out the feature that you insist on not using.

[Weather application developers] don't need to know where I've been, but I still like to get the forecast on my phone.

If you insist on keying each location into a weather service, you don't need a dedicated application at all. All you need to do is point your web browser at weather.gov.

Re:You might not even need an app (2)

rsborg (111459) | about 9 months ago | (#46364131)

The developer always has the opportunity to make the activity close itself if you don't grant it the right permissions. (In fact, this is what applications do by default in modded ROMs and in Android 4.3 with App Ops because they don't catch SecurityException.) So again, the beef is between you and the developer. You could always get applications from F-Droid, where all applications are distributed under a free software license. Then you can load an application's source code into Android SDK and compile out the feature that you insist on not using.

No my beef is with Google/Android's weakness at letting users control their apps, I'll keep using my iPhone, thanks. While you look down on iOS users, you feel free to jump through all those wonderful hoops to lick the developer's boots or maybe I'll look down at you instead for simply rolling over and taking what the developers offer instead of taking control of your own device.

Re:You might not even need an app (1)

tepples (727027) | about 9 months ago | (#46364509)

Let me guess: you bought the Mac and the $99 per year certificate so that you can actually control your phone.

Re:You might not even need an app (0)

Anonymous Coward | about 9 months ago | (#46364679)

You could always get applications from F-Droid, where all applications are distributed under a free software license. Then you can load an application's source code into Android SDK and compile out the feature that you insist on not using.

But not everybody has a desktop pc or laptop on which they could do this. How should such a person go about resolving the issue in that case?

Re:Tap Back (1)

Krojack (575051) | about 9 months ago | (#46362529)

On top of that, at least you get to see what that app wants access to before installing it. Last time I used my iPad it wouldn't show me anything before installing something.

Re:Disproportionate Malware (0)

Anonymous Coward | about 9 months ago | (#46360459)

Most of that comes from 3rd party market places, which non-technical users don't know how to install.

Re:Disproportionate Malware (4, Insightful)

AmiMoJo (196126) | about 9 months ago | (#46360503)

I spent a few moments RTFA and TFS distorts it badly. What he is actually saying is that unless you lock the OS down like iOS is you will never get that level of security. In other words any open system that allows the owner to run the software they want to run can never be as secure as one that only runs software Apple wants to run.

So, take your pick, run only Apple approved code (which as we saw recently isn't immune to malware anyway) or actually own your device and take some responsibility for it. Almost all malware for Android relies on the user being an idiot, and that is what this guy is saying. With power comes responsibility and all that.

Also, you wouldn't expect that an OS with say 85% of the market would only get 85% of the malware. People gravitate towards the most popular systems, and you also have to consider that Android is much bigger in countries like China and India where they don't seem to have had as long as westerners to become get savvy to torjans or excessive permission requests. Many Chinese carriers put their own app stores on their devices too, and then fail to properly police them, and of course (trojan) pirate software is widespread.

Re:Disproportionate Malware (3, Insightful)

maccodemonkey (1438585) | about 9 months ago | (#46360907)

To be fair, there are issues with Android that don't have anything to do with signed code. On iOS, you can deny individual permissions (at the time they're actually exercised!) and still run an app (and modify those permissions post-install), whereas on Android it's an all or nothing sort of thing. That's more "open" but it's less "secure", and it doesn't really anything to do with app stores or code signing.

Re:Disproportionate Malware (1)

AmiMoJo (196126) | about 9 months ago | (#46361527)

Can you block internet access so that apps can't download advertising? Seems like developers of free apps would not be very happy about that. I do it on Android via a firewall, but I don't have an iOS device so I'm asking.

Re: Disproportionate Malware (1)

maccodemonkey (1438585) | about 9 months ago | (#46361569)

No, on iOS internet access isn't considered a permission. Off the top of my head, the ones I remember are location, microphone, camera, and contacts. Access to pre-configured social network accounts I believe requires permission as well.

Re: Disproportionate Malware (1)

AmiMoJo (196126) | about 9 months ago | (#46362029)

Really? Apps don't have to ask for internet access, and you can't deny it to them?

Re: Disproportionate Malware (1)

maccodemonkey (1438585) | about 9 months ago | (#46362621)

Really? Apps don't have to ask for internet access, and you can't deny it to them?

No. But iOS protects any resource that would be considered something you wouldn't want uploaded (i.e. Contacts.) iOS apps are sandboxed as well which means that an app can't access files created by another app (so it's not going to be able to upload documents or settings from another app), and an app can't download a bunch of stuff to a system directory. So you can't deny an app internet access, but unless you're worried about an app running up your data bill, there isn't much reason you'd want to as anything valuable an app could send out is protected.

If you really wanted to block individual apps or firewall, especially if you're a corporation, you could put a device under MDM management, which I believe offers some ability to firewall a device, and do other things like force a device onto a VPN where you can manage traffic. So if you have serious interest in patrolling network traffic on an iOS device you can, but it's mostly focused at IT departments.

Re: Disproportionate Malware (1)

AmiMoJo (196126) | about 9 months ago | (#46362705)

I had no idea it was that bad. Apps have access to personal data without permissions, things like unique device IDs and anything you enter into the app itself. They can also download advertising and collect data like how long you use the app and what you do in it. I deny most apps internet access by default unless there is a really good reason for them to have it.

Re: Disproportionate Malware (1)

maccodemonkey (1438585) | about 9 months ago | (#46362809)

I had no idea it was that bad. Apps have access to personal data without permissions, things like unique device IDs and anything you enter into the app itself. They can also download advertising and collect data like how long you use the app and what you do in it. I deny most apps internet access by default unless there is a really good reason for them to have it.

Unique device ids are not available under iOS as of... iOS 6 I think? It might have been 5.

Apple will give you a per-app-per-install id that is only valid for your app for that specific install. You can't use it to derive personal information about the device or relate to any other app installs. It's basically a one time locally generated UUID that is saved for that app. You might be able to identify people with a push id, but that requires permissions.

That gave the advertisers and analytics people fits when the changeover happened.

Re: Disproportionate Malware (0)

Anonymous Coward | about 9 months ago | (#46363481)

well you can turn off WiFi and that will disable it.

Re: Disproportionate Malware (0)

Anonymous Coward | about 9 months ago | (#46363935)

Cellular data for the entire phone, as well as cellular data access on a per-app basis, is available in the Settings app. Granted, this doesn't cover Wifi.

Re: Disproportionate Malware (1)

Incadenza (560402) | about 9 months ago | (#46363919)

You forget access to mobile date (over the phone network). So Internet access over wi-fi isn't considered a permission, but Internet access over cellular is.

Re:Disproportionate Malware (1)

Zordak (123132) | about 9 months ago | (#46361573)

I don't personally use an iOS device, but my kids just turn off WiFi when playing Temple Run. Then it can't download any ads.

Re:Disproportionate Malware (1)

SuperKendall (25149) | about 9 months ago | (#46360933)

So, take your pick, run only Apple approved code (which as we saw recently isn't immune to malware anyway) or actually own your device and take some responsibility for it.

I agree, but what I am saying is that for non-technical users they simply CANNOT take a proper level of responsibility for an Android device - they are simply not able to.

Re:Disproportionate Malware (0)

Anonymous Coward | about 9 months ago | (#46361441)

The summary doesn't distort the article at all. For the most part, it's directly lifted from the first link.

But the article itself is "via 9to5Mac", so it might be a little slanted.

Re:Disproportionate Malware (0)

Anonymous Coward | about 9 months ago | (#46361503)

Also,

What he is actually saying is that unless you lock the OS down like iOS is you will never get that level of security

Is emphatically NOT what the article is stating. It specifically argues that "attributing Android's malware problem strictly to market share is a cop-out" and "it'd be nice to see Google work tirelessly to get ahead of malware rather than seemingly stating, "Well of course we have malware, we're popular!"".

Are we reading the same article? I have no idea where you would get these impressions if you read the first link...

Re:Disproportionate Malware (1)

StripedCow (776465) | about 9 months ago | (#46361463)

[...] any open system that allows the owner to run the software they want to run can never be as secure as one that only runs software Apple wants to run.

So what you are saying is that none of the apps in the Apple app-store can be Turing-complete.

Re:Disproportionate Malware (1)

cbhacking (979169) | about 9 months ago | (#46362689)

... That is an explicit requirement of Apple's approval process, just in case you've been living under a rock for the last seven or so years. Actually, the requirement is that they can't run *arbitrary* code - you're allowed to include a (Turing-complete) game emulator in an app, so long as it can only load the game(s) included with the app - in practice it's the same thing. An app that can load arbitrary ROM images would be prohibited. So would one that includes its own JS engine (this is why Chrome on iOS actually uses the performance-crippled version of Safari's engine that is all third-party apps can access) or user-accessible scripting language.

Re:Disproportionate Malware (0)

Anonymous Coward | about 9 months ago | (#46362459)

So, take your pick, run only Apple approved code (which as we saw recently isn't immune to malware anyway) or actually own your device and take some responsibility for it. Almost all malware for Android relies on the user being an idiot, and that is what this guy is saying.

That's exactly the same as Windows on the desktop and look at the impression users have of its security. Most malware for Windows relies on the user being an idiot too, sure there are drive-by attacks on Windows but the same goes for Android as well (even iOS had a security issue that allowed it to be jailbroken by a website). Users do not want to take responsibility in that way, it is more preferable to put their trust in a company like Apple that has a vested interest in both pleasing their customers and protecting their platform.

Re:Disproportionate Malware (1)

MightyYar (622222) | about 9 months ago | (#46360547)

Isn't the vast majority (all?) of the malware side-loaded? That would explain the number, since you can't turn on side-loading on the i-things.

Re:Disproportionate Malware (0)

Anonymous Coward | about 9 months ago | (#46360767)

because jailbreaking doesn't exist, right?

Re:Disproportionate Malware (0)

Anonymous Coward | about 9 months ago | (#46360955)

yes but it's akin to rooting not sideloading.

Not vast majority (0)

SuperKendall (25149) | about 9 months ago | (#46360975)

There is malware in Google Play.

There are also exploits like the recent SMS attack on Android via Facebook ads. [pingzine.com]

You don't need to side-load to be compromised on Android, and most non-technical people have very few options for updating devices if there are security patches in newer Android versions.

Re:Not vast majority (3, Informative)

MightyYar (622222) | about 9 months ago | (#46361163)

The link you posted is a side-loading exploit, albeit one that begins with instructions when you click on an ad. You have to download the app and then sideload it.

Re:Disproportionate Malware (2)

Anubis IV (1279820) | about 9 months ago | (#46360739)

I'm still okay with recommending Android to non-technical users, given that most of them manage just fine on Macs and PCs that face the same primary vector for attack (i.e. the user downloading and installing a trojan).

That said, yeah, Android is really getting a disproportionate share of the malware. More recent reports peg it at 99% of all mobile malware, and Pichai is trying to brush that away as a simple factor of market share, which is rather short-sighted. iOS currently sits around a 16% market share [techcrunch.com] (and falling, due to Android outpacing iOS' rate of growth), which should be more than enough to attract malware. Especially so when you consider that iOS still attracts a comparable (some would argue better) amount of third-party support from developers making apps, as well as the fact that we still get reports like these [internetretailer.com] (tl;dr: this last Christmas season, iOS users accounted for 5x more online purchases than Android users and spent roughly 2x as much on each purcase), making them potentially much more lucrative targets to developers of adware and malware.

Yet, despite all of that, iOS malware rates aren't even being registered on any of [securelist.com] the mobile [techlicious.com] malware reports [gigaom.com] I can find from the last quarter. I recall them being at something like 0.07% the quarter before that, with Blackberry even registering more malware than them.

Re:Disproportionate Malware (0)

SuperKendall (25149) | about 9 months ago | (#46360861)

I'm still okay with recommending Android to non-technical users, given that most of them manage just fine on Macs and PCs that face the same primary vector for attack

But with computers there is no really secure alternative (though I would still argue in this case Macs are more secure, since they manage updates in a way it's more likely to happen for non-technical users).

With phones there is an alternative that we know is more secure - the iPhone. That is why I don't think it's right to steer non-technical users to a platform where they simply are not able to manage risk well.

And it's not just downloading trojans that's the issue - it's really nasty stuff like the recent Android SMS exploit where just getting an SMS can infect you. And since so few hardware makers do updates with any frequency, there's not even a good plan for how those users could be automatically protected.

Re:Disproportionate Malware (1)

exomondo (1725132) | about 9 months ago | (#46362715)

it's really nasty stuff like the recent Android SMS exploit where just getting an SMS can infect you.

Which one is that? I did see a recent SMS exploit but it relied on the user using the Facebook app, being presented a particular ad from Facebook's ad network, clicking on that ad and following it to a fake version of google play then downloading a malicious application and only then are they available to the SMS vulnerability. Perhaps you are thinking of another one but that's the only one I've seen recently.

Re:Disproportionate Malware (0)

Anonymous Coward | about 9 months ago | (#46364723)

But with computers there is no really secure alternative (though I would still argue in this case Macs are more secure, since they manage updates in a way it's more likely to happen for non-technical users).

Oh right just like for those 20% of users that are on Snow Leopard for which they silently dropped updates, clearly they managed that real well.

Re:Disproportionate Malware (0)

Anonymous Coward | about 9 months ago | (#46361033)

Tech crunch is full of shit on their numbers because they count ALL android phones, even the garbage stuff still running a 2.X android

you dont listen to the morons at tech crunch, they are barely journalists.

Re:Disproportionate Malware (2)

SuperKendall (25149) | about 9 months ago | (#46361087)

People use those same devices when proclaiming how huge market share is - which means people still buy them. So they should be included in discussions on security.

Re:Disproportionate Malware (0)

Anonymous Coward | about 9 months ago | (#46362033)

Ever hear of a malware exploit (not a jailbreak) in the iOS wild? Yet to happen, AFIAK.

Re:Disproportionate Malware (1)

cbhacking (979169) | about 9 months ago | (#46362813)

Yes, actually; some malicious sites used the same exploit as the jailbreak for drive-by malware installations. The hilarious thing is that the only way to defend against it (either early, before Apple released the fix, or after they dropped support for older devices so the patch was never officially available) was to jailbreak your phone and use the elevated access to patch the vulnerability yourself.

There were also exploits which targeted jailbroken iOS devices, since a number of the security defaults post-jailbreak were really stupid (SSH server running with a default password, for example).

These days target iOS with malware is pretty stupid, though; why go for under 20% of the market when you can target over 70% instead? Same risk (get your ass locked away for 10 years), much bigger payout. Malware is business, nothing more. There have been plenty of POCs of iOS malware*, but most of them don't get weaponized because the risk isn't worth the reward.

* Note: most of these POCs don't have or need root, so they aren't useful for jailbreaking.

Re:Disproportionate Malware (1)

Anubis IV (1279820) | about 9 months ago | (#46363357)

Depends how we define "in the wild". There was a proof-of-concept app released that took advantage of a current exploit in iOS. It was reported here on Slashdot [slashdot.org] just two days ago. There was also the ability to wirelessly jailbreak iOS devices at one point in time by simply visiting a specially-crafted web page, which could open up all sorts of other attacks, though the hole that allowed that has since been patched. Even so, tens of thousands of users jailbroke their devices that way before it was patched, and it's likely that someone else could have deployed it as a drive-by jailbreak before it was patched.

Re:Disproportionate Malware (0)

Anonymous Coward | about 9 months ago | (#46363601)

Do you have a source for this no exploits? because you know that if you just claim that there are none that it does not make it true.

Re:Disproportionate Malware (1)

pnutjam (523990) | about 9 months ago | (#46362485)

If your not side loading apps your risk is very low. Stick to Play Store.

Re:Disproportionate Malware (1)

cbhacking (979169) | about 9 months ago | (#46362591)

You don't understand how malware works, do you? It's a market. Money, the almighty buck, is the driving force of it. Not even necessarily the *user's* money either, although genuine mobile botnets are less common than on PCs.

When writing malware, why would you target the player with 25% marketshare if you could target the one with 70% instead? That's voluntarily giving up about 2/3 of your potential income. Even if it was much harder to exploit Android (which it really isn't), they would still be the preferred target, because the return on investment is so much higher.

This is the same reason malware for Windows is so valuable, and exploits for that platform are more commonly weaponized than on other platforms. Malware authors are a lot less likely to invest a bunch of development time, and then risk jail time, to try and take over the #2 platform, even though a working exploit on Windows actually costs a lot more (or is alternatively harder to find) than on OS X. Of course, most malware isn't "exploits" in any proper sense anyhow, it's just Trojans. Those work equally well on all platforms, desktop and mobile. They're still illegal though, so again, not many people are going to go for anything but the biggest potential bag of money. The risk is the same anyhow...

Re:Disproportionate Malware (1)

SuperKendall (25149) | about 9 months ago | (#46364219)

You don't understand how malware works, do you? It's a market. Money, the almighty buck, is the driving force of it.

Then you would ABSOLUTELY target iOS preferentially.

Re:Disproportionate Malware (0)

Anonymous Coward | about 9 months ago | (#46364749)

Then you would ABSOLUTELY target iOS preferentially.

Why? Are iOS users objectively stupider and more likely to fall for these malware scams? Since fooling the user is the most common way malware propagates.

The market has spoken (2, Interesting)

Anonymous Coward | about 9 months ago | (#46360101)

Blackberry prioritized security over extensibility. Where did that get them?

Re:The market has spoken (1)

marcello_dl (667940) | about 9 months ago | (#46360367)

Blackberry had the wrong business model, we are in the new millennium.
Wrong business model: concentrate on the product.
Right business model: give free or cheap stuff away and collect users' data in return.

Oh and the new millennium sucks.

Re:The market has spoken (0)

rsborg (111459) | about 9 months ago | (#46360467)

Wrong business model: concentrate on the product.

No, Blackberry got beat there, too, by Apple. You could just as well say "frozen OJ" is "concentrating on product". What matters isn't how hard you work, but what you're working on, and whether it has appeal.

Android being "open" and given away free to manufacturers and carriers wouldn't be worth a shit without their mimicking a successful design and adopting the iPhone look and feel. In 2006, Android devices being specced looked like a Blackberry copy, in 2008, they pivoted to become iPhone imitations.

Built in MITM attack "security"? (2)

SuperKendall (25149) | about 9 months ago | (#46361035)

Blackberry prioritized security over extensibility.

They had a built in man in the middle attack. I would argue they NEVER prioritized security, just presented a strong illusion of it.

It would be more accurate to say, Blackberry prioritized email above everything. And look where that got them... but it is not true of the iPhone or Android.

Got it (0)

Anonymous Coward | about 9 months ago | (#46360227)

"The device should not be confused with the new encrypted Blackphone" - got it. Black phone, Blackphone. No problem. Genius level work there, guys...

Bad headline (1)

Anonymous Coward | about 9 months ago | (#46360245)

but I digress...

If Android was made to be open, with security as a far flung after thought, wouldn't its open nature prove it to be more secure by its availablitiy to 'more eyes'? I'm not talking about the implementation here, but the nature of its existence.

That said, and with regard to that openness, hasn't the mobile security landscape changed a little in the past few years? More threats than ever now on the mobile landscape, and I would think that openness would be a much appreciated door to combat such things. With carriers not providing Android updates to the phones they're selling, I'm a little annoyed by the fact that I can't flatly update the Andriod version without 1) rooting it, and 2) worrying that it might nuke my entire phone OS and data, even if I do. Honestly, we shouldn't be at this point with mobile devices, specifically Android. The more I use it, the more I'm wondering why there are hoops to jump through when every other device in my aresenal, is click to update. My LG, just doesn't have that ability. And while I'm more than technically adept at rooting and applying the latest release, the risk almost becomes greater to do it, than not and living with the threats of the wild.

Conclusion? Either fork Android and strip out almost everything 'Google required communication', or go to my Gentoo PC and start working on my own mobile dist. Knowing every intricacy with updating Android on my phone, for risk purposes, requires hours if not days of discovery, for a device that should do maybe a dozen different tasks at any given time. Getting a dumb phone with only text and call ability is looking more and more favorable as the days progress.

And just to mention it, I'm just not gonna shell out more than $100 for a new phone. Any phone, at any given time! Ever!

Re:Bad headline (2)

Timothy Hartman (2905293) | about 9 months ago | (#46360527)

For the small percent who does root their phone it isn't a huge concern, but considering the most popular firmware claims around 10 million installs compared to the 1 billion total Android devices there are a ton of people left in the dark. Most of the people I know who use Android devices get the free phone, the 1 phone, or get the stupid Casio "rugged" phone. All of those options are going to leave them in the dark on updates.

I spend quite a bit more for my devices than $100, but that's because I hate being locked to a carrier or paying the big four carriers' fees. Paying more for my device and having a sub-$30 bill compared to the $79+ bill I'd have for a smartphone on Verizon is a no brainer to me. Even buying the ultra bestest Samsung phone at $700 outright buyout isn't a big deal when I'll save that much in half the two year contract time.

Re:Bad headline (1)

Lumpy (12016) | about 9 months ago | (#46361007)

There are no "many eyes" on Android The most important parts, the drivers, are closed source binary blobs in most cases. It is ungodly easy to hide crap inside those blobs.

Re:Bad headline (2)

exomondo (1725132) | about 9 months ago | (#46362825)

There are no "many eyes" on Android The most important parts, the drivers, are closed source binary blobs in most cases. It is ungodly easy to hide crap inside those blobs.

The key is to differentiate between Android and AOSP, there are many eyes on AOSP but devices don't actually ship with AOSP, as you say they ship with many binary blobs that are platform services, UI layer, stock & 3rd party applications and drivers for all the hardware. The Android Open Source Project is open but (AFAIK) there is no device that runs Android that is open.

A phone which self destructs when taken apart? (2)

Minwee (522556) | about 9 months ago | (#46360297)

I thought that the HTC One [ifixit.com] already had that market cornered.

Nah, Android is like teh future n stuff. (0)

Anonymous Coward | about 9 months ago | (#46360317)

Newer = better, more = better. Newer + more = more better. Fragmented semi-OSS platforms don't just have vulnerabilities, they have MORE!

It's designed to be open? (1)

Anonymous Coward | about 9 months ago | (#46360343)

Then why can't I use an old phone as a usb to bluetooth adapter for my old laptop? And why can't I use an old phone as a bluetooth "audio receiver" so that I don't have to buy a $200 mono speaker in order to enjoy wireless audio from my regular phone? It seems to be a combination of software restriction and no one has made the app, but the hardware should do these things just fine, so what about Android is open? Its ability to manipulate the hardware via simple abstraction? It's opened source, but it hasn't opened my phone yet.

Re:It's designed to be open? (1)

Lumpy (12016) | about 9 months ago | (#46360993)

You must not have listened to A2DP Bluetooth audio.. you dont enjoy barely FM radio quality from them. Just plug it in, it's 20X better sounding.

I thought it was that other website (0)

Anonymous Coward | about 9 months ago | (#46360353)

and they were making a Boing Boing Phone.

GPL Compliant? (1)

RevSpaminator (1419557) | about 9 months ago | (#46360463)

I'd love to see how Boeing is maintaining GPL compliance with their Android based phone. Does anyone believe they won't make any modifications to the core OS? And how much will the NSA pay for a backdoor?

Re: GPL Compliant? (0)

Anonymous Coward | about 9 months ago | (#46361047)

What's to say they didn't foot the bill for it so China isn't listening...

Boeing needs to sell to the DOD (2, Interesting)

WindBourne (631190) | about 9 months ago | (#46360469)

Seriously, this is the kind of phone that should be in our troops hands. Basically, we need secured systems that are also weather and water proof. And if Boeing builds it with western chips, then it should be fully secured.

Re: Boeing needs to sell to the DOD (0)

Anonymous Coward | about 9 months ago | (#46361011)

http://www.boeing.com/boeing/defense-space/ic/black/index.page

Dual sim-card capability. Here's a link to the pdf: http://www.boeing.com/assets/pdf/defense-space/ic/black/boeing_black_smartphone_product_card.pdf

Seriously??? (1)

Anonymous Coward | about 9 months ago | (#46360609)

Ok, we have Google's Android chief admit that security isn't their priority and that malware makers _should_ target their users and Slashdot tacks on a "related" article about Boeing making a destructible phone which, really, has ABSOLUTELY NOTHING TO DO WITH THE FIRST SUBMISSION.

Come on! Really?

Let's make it a bit more obvious that we're all HUGE fans of Android and don't want there to be any discussion about anything vaguely negative about the OS, why don't we. Two entirely unrelated discussions in the same thread watering down the very relevant discussion about Google's admission that security for their mobile OS isn't a priority.

Holy fucking biased much?

Re:Seriously??? (0)

Anonymous Coward | about 9 months ago | (#46361099)

Yes clearly you are biased much. But that's ok i don't care, and you may have some good points, that i would never take seriously because i'ts clear you made no attempt to RTFA or understand what he was saying. BTW it wasn't that security isn't a priority.

Some of the old DVI interfaces on TV's did this (0)

Anonymous Coward | about 9 months ago | (#46360655)

I had an old JVC rear CRT projection TV that had an elaborate procedure you had to follow if you disassembled it (to prevent it from wiping the HDCP software when exposed to light.)

Re:Some of the old DVI interfaces on TV's did this (0)

sexconker (1179573) | about 9 months ago | (#46360915)

I had an old JVC rear CRT projection TV that had an elaborate procedure you had to follow if you disassembled it (to prevent it from wiping the HDCP software when exposed to light.)

That "elaborate procedure" was "turn off single light in basement".

Hmmm (1)

AdmV0rl0n (98366) | about 9 months ago | (#46360873)

Yeah, its so open each phone tends to have issues on boot loaders and on getting root. And yet, despite that, its more open to the malware writers than to its users.

tut tut tut.

Even more related news... (3, Informative)

Anubis IV (1279820) | about 9 months ago | (#46360879)

The summary provided some related news, but isn't the fact that Apple just published a white paper about the security of iOS [apple.com] a bit more relevant to comments from Android's chief about its security than what the summary provided?

For example, consider the contrast in how the two companies approach the topic of security:
Google's Android chief: "We can not guarantee that Android is designed to be safe, the format was designed to give more freedom."
Apple's white paper: "Apple designed the iOS platform with security at its core. [...] The tight integration of hardware and software on iOS devices ensures that each component of the system is trusted, and validates the system as a whole."

The two approaches are practically polar opposites of each other, which I find horribly fascinating. As with pretty much everything, there are tradeoffs to either side. Android enjoys a load of benefits from being more open, and Apple enjoys a load of benefits from being more closed. Pick which works best for you and appreciate the differences.

Re:Even more related news... (0)

Anonymous Coward | about 9 months ago | (#46361983)

Ahh yes, because comparing a carefully sanitized white paper with some out-of-context off-the-cuff comments clearly highlights the differences between two systems.

Re:Even more related news... (0)

bloodhawk (813939) | about 9 months ago | (#46362443)

What Apple is saying there is basically Marketing BS. They have demonstrated time and again that security is NOT their primary concern in design.

Bet you $100.... (1)

Lumpy (12016) | about 9 months ago | (#46360957)

That the Boeing phone will give the NSA and Law enforcement the keys to the kingdom. There is no way they made a secure phone, the US government will not allow it.

Re:Bet you $100.... (1)

lagomorpha2 (1376475) | about 9 months ago | (#46361199)

That the Boeing phone will give the NSA and Law enforcement the keys to the kingdom. There is no way they made a secure phone, the US government will not allow it.

...unless they only sell the phone to NSA approved government employees.

Re:Bet you $100.... (1)

tlhIngan (30335) | about 9 months ago | (#46361961)

That the Boeing phone will give the NSA and Law enforcement the keys to the kingdom. There is no way they made a secure phone, the US government will not allow it.

...unless they only sell the phone to NSA approved government employees.

Given Boeing doesn't make phones normally, the only reason it exists is because we're talking about Boeing the defense contractor, and not Boeing the plane manufacturer.

The phone will most likely only be sold to government for government use only. In which case, well, it doesn't matter if the NSA has all the keys because well, it's all government. It'll be issued to government employees (and the military), and basically owned by the US government.

Civilians most likely won't be able to get their hands on it, so those who complain about privacy being compromised well, they're going to be used by people who agreed to it anyways.

Re:Bet you $100.... (1)

lagomorpha2 (1376475) | about 9 months ago | (#46363205)

"the only reason it exists is because we're talking about Boeing the defense contractor, and not Boeing the plane manufacturer."

Well either that or Boeing has decided to produce the first cellphone with retractable wings and turbofan engines. Likely? No but a man can dream.

Re:Bet you $100.... (0)

Anonymous Coward | about 9 months ago | (#46362937)

Devil's advocate:

Define "secure".

For me, the NSA is way low on my list of people I'm worried about. However, this phone does protect data if it gets lost or taken in a mugging [1], which is a lot higher on my threat list. I also fear China a lot more than the US... At least the NSA won't destroy an industry like China has been known to do, similar to how the US solar industry was obliterated by predatory practices (hacking companies to gain the mask files, then flooding panels cheaper than the cost of the rare earths it takes to make the panels.)

[1]: Only reason that mugging occurrences went down in the first place was the move to credit cards by most people, so an assault would have to be coupled with CC fraud in order to score any money. Now that thieves know they can get a fat wad of meth from someone by taking their phone, they are going back up. Welcome back to NYC in the 1970s.

Fail to see the related part (1)

hurfy (735314) | about 9 months ago | (#46361223)

I don't think that was the 'open' they were talking about.

How long have the editors been bots? ...as if we haven't suspected....

Disingenuous (4, Insightful)

MrL0G1C (867445) | about 9 months ago | (#46361685)

Since when was security mutually exclusive with openness?

It's pretty obvious that Google has refused to give users the optional security permissions that they would like to have control of.

It's daft that you have to root your phone in order to be able to increase the security.

And just because Apple have (A) good security and (B) a crazy degree of control freakery, doesn't mean that everyone else with good security needs to be a control freak too which is some in these threads are insinuating.

Android is Open? (1)

hi-endian (2589843) | about 9 months ago | (#46362229)

... what a joke.

Re:Android is Open? (0)

Anonymous Coward | about 9 months ago | (#46362371)

It's open source. What more do you want? (I mean that question literally, not metaphorically - what more DO you want?)

Re:Android is Open? (1)

hi-endian (2589843) | about 9 months ago | (#46362773)

I would agree that it *was* open-source, but these days it's open in name only. Google has been chipping away at its openness for years, making it almost useless/impossible to fork.

I'll be the first to admit that my knowledge of this topic is almost completely second-hand, so if I'm talking out of my ass, please correct me. However this article sums up fairly well my understanding of the current situation:

http://arstechnica.com/information-technology/2014/02/neither-microsoft-nokia-nor-anyone-else-should-fork-android-its-unforkable/ [arstechnica.com]

The article is largely about Microsoft's relationship to Android (or lack thereof), but talks quite a bit about the current state of Android's "openness."

Re:Android is Open? (2)

hi-endian (2589843) | about 9 months ago | (#46362931)

... and in the interest of "balance," (again, as I have little firsthand knowledge, it is difficult for me to ascertain how balanced this actually is) here's a rebuttal from an employee at Google:

http://arstechnica.com/information-technology/2014/02/neither-microsoft-nokia-nor-anyone-else-should-fork-android-its-unforkable/?comments=1&post=26199423 [arstechnica.com]

(via Reddit) [reddit.com]
Load More Comments
Slashdot Login

Need an Account?

Forgot your password?