Corporate ethics aside, this scares me because I don't trust its security. Android has vulnerabilities, but they're regularly discovered and patched. A Verizon-made side channel gathering all the same stuff? That sounds like it'll bleed data to anyone and everyone and not get patched on anything like a responsible schedule.
OK, but it means a billion android devices are vulnerable to various attacks. It would be cool if we could have, idk, backported security fixes for devices that hold tons of critical information?
It is almost reckless and life threatening to use Android. It can:
1. Cause financial ruin.
2. Destroy your relationships.
3. Possibly hurt your family.
4. Introduce legal exposure to you and your loved ones.
5. and more..
All because it has terrible security. It seems the companies in the ecosystem are just concerned with rushing new models out as fast as they can with little regard for security. Worse, when these things are discovered, they could care less about rushing out fixes.
After doing some research on security it seems that Android's problem is overblown. The malware I've come across mostly stems from people downloading random apps from the web and then granting full privileges to that app. Which in turn does things with the permissions the person granted it.
That doesn't really seem to be a security hole as much as it is a user problem.
I guess it's simple to say Android is insecure, but it doesn't seem to be the case. Any more so than a rootable iOS device.
Am I mistaken? Are there reports of apps gaining root access?
I hope it doesn't wind up being illegal. The android security landscape is a disaster, in part, because of fragmentation. OEMs need to stop screwing around with devices.
I don't think I follow. In what sense is Android horribly insecure? More interestingly: in what sense is it horribly insecure that it wouldn't be if we lived in a world where Google didn't have the market agreements to, say, force security patches for pieces of the Android OS core that were broken?
Because we already lived in that world, and it was less secure than the one we live in now, to my memory. Security issue in one of the Android libraries that are now part of Play Services? Good luck; wait for your OEM to update your OS.
It seems worth talking about the fact that it appears to be the vendor of the phone putting this kind of snooping in place. Blaming Android is missing the real culprit. Like they say in the article, we need stronger controls on people's data for whoever happens to make the phone's OS.
The article doesn't go into details of how the app manged to do all these things, isn't there some sandboxing that was broken, know vulnerability or some 0day that was used or anything like it?
I've heard that android security is broken but it's seems a little too easy.
I wonder if they've solved the problem of shipping year old kernels and letting untrusted apps run native code without any explicit permission. Until then, the words "Android" and "secure" should never appear in the same sentence.
My phone app would work much better if Android would drop all of its security measures and just let my app access everything on the system. That would make the lives of the bunch of people who use my app much better.
Seems like the headline is perfectly fine. The software on the device you don't own is bypassed, resulting in encryption being ineffective? That seems like a highly critical issue for whoever owns the software.
Step the fuck up Google. Android security is an embarrassment.
Is Android itself a good decision? Apps aren't as strongly sandboxed, much more data gets collected (by Google, but that means an account compromise is much worse than it would be otherwise), security overall is worse.
I remember when I had an Android phone and I took a peek at Google's personal-data dashboard at one point. It had a line drawn on the map tracing my every footstep for the past several years. Vacations, commuting, visiting friends. Everything. It was neat at the time, but is a nightmare scenario for this kind of thing. You can disable some of that, I think, but Maps will constantly bug you about turning it back on.
At the very least I'd steer them away from installing any apps that don't come from major global corporations. There's a ton of malware on the Android store, especially games, and it's not hard to imagine some of it collecting data to sell on the black market.
This article is one big troll. Virtually no technical details about Android are known, yet an antivirus company is spreading FUD about malware? I'm sure they have only the users' best interests in mind...
reply