Android users left at risk... and it's not even THEIR FAULT this time! Tardiness in providing security updates is leaving the vast majority of Android devices hopelessly insecure, according to researchers at the University of Cambridge. Over the last four years, an average of 87 per cent of Android devices were vulnerable to attack by malicious apps, according to the research, which blames a …
I'm not; I have a phone I bought outright from one of those Amazon-hosted resellers, and I use an AT&T-hosted MVNO with a monthly payment plan. (It's about 1/3 the cost of the AT&T plan I used to have.)
My phone is a Samsung, originally AT&T-branded. Bought new and unlocked.
No updates in sight. Samsung isn't publishing any for this phone, and AT&T won't supply updates if you're not on contract. Samsung's "commitment" to supplying updates clearly doesn't apply to devices they don't consider current.
Phone's rooted, so I can just disable Stagefright (using build.props) if I want - at the moment I just have MMS auto-downloading disabled. But the updating process isn't any better if you're not under contract.
I have yet to EVER see ANY Android device with Malware
I've personally seen two infected devices, one of which was mine and I always double check the permissions on my apps before I let them install. The other wasn't even rooted and didn't have the "allow unknown sources" checked so the infection either had to have come in through stagefright or something similar or from the Play Store itself.
Not to slam Android, because it is still my mobile OS of choice and most likely will be at least until a new player comes into the market, but the malware for it is out there and works. That's why I run a security app.
Just because "allow unknown sources" was off, doesn't mean it's ALWAYS been off.
I've seen people do nothing more than read that an app needs to turn that option on to work, then press to go to the menu directly, switch that option, let the app install, then go back in and turn it off again.
In fact, even things like Amazon App Store require this as they are "not Google". So you can be sure that MILLIONS of Android users have turned that option on, and some brainy ones may even have turned it off again, which may well be like closing the stable door after the horse has bolted.
P.S. The Android App Store, then, is free to install what it likes.
On the subject of Amazon - I did not install their Amazon underground app - inspected what rights it wanted - an absolutely ludicrous (in a bad way security / privacy wise) set of permissions, way in excess of what was required with the functionality it nominally offered.
There's more to malware than botnets and lost files. Much of what's in Google Play Store is garbage of some kind trying to get easy ad revenue. You might think you're clean, but you might have a few impostor apps that do exactly what you expect but send ad revenue to a different developer. Or maybe they collect a bit of extra information of extra value. Lots of apps even have Google Play Store reviews with proof that they're malware.
Well still never seen or heard of a single Android malware issues. I do know a couple of people stung by the age old Windows problems..
http://www.bbc.co.uk/news/technology-34527439
Funny this seems to have slipped by without getting a mention, perhaps nobody is paying the security researchers to promote this... That would instantly suggest who was behind all this Android scare stories.
Indeed, but there is a huge difference between the iPhone/iOS and Android.
iDevices are designed hardware and software by a single OEM. This OEM then ensure that the various networks toe the line in terms of updates and keeping crapware to a minimum. i.e. the OEM cares and ensures quality. This even goes as far down to the connector - rather than use USB which was never designed for such a job, iDevices have a purpose-made connector so that DAC can happen *on the device itself* meaning that add-ons are much cheaper and easier for other vendors to make. Heck the iDevice dock being the most common to see.
Android, on the other hand, is thrown over the wall by the writer who then provides zero support, standards or guidance. Thus networks add crapware and ignore updates as well as OEMs adding crapware and ignoring updates. What the end-user winds up with is a dog's dinner that barely functions (hardly surprising, it is Linux after all) in a cheaply made unit and with a woeful connector.
This is, and many other reasons, are why Android and its ilk are simply best avoided.
OS X is based on NeXTStep, which in turn used the Mach kernel. Some things from BSD (_not_ strictly FreeBSD) were added. And things have changed sufficiently over last decade and a half that it would be extremely inaccurate to call OS X either Mach or BSD. It most definitely is NOT FreeBSD.
This OEM then ensure that the various networks toe the line in terms of updates and keeping crapware to a minimum
No, the networks are not involved AT ALL with iOS. They don't have the ability to install crapware or anything else on iOS, and all updates are delivered directly from Apple so the carrier has zero ability to control or interfere with you choosing if and when to update iOS.
The only thing the carrier controls on an iPhone is 'carrier settings', which you might see referred to in a popup once a year or so, or when you change carriers. Basically it is a small file that allows the carrier to specify stuff like LTE bands, roaming partners, carrier hotspots and so on. But since Apple controls the format and allowed content of the file, and it is not executable code, the carriers can only use it for the designated purposes and can't use it to mess with your iPhone. The only difference you might see if a few menu items in the Cellular settings go away for certain carriers or if your phone is SIM locked due to a contract. The carrier settings go away when you switch carriers via a new SIM and is replaced by your new carrier's settings.
This post has been deleted by its author
There's malware in the wild for iOS too. And no, you don't have to jailbreak your iWhatsit to get it. The difference is that you can get decent anti-malware for Android while iOS anti-malware is somewhat crippled by restrictions Apple places on it.
I've said for years that no matter what platform you're running only a fool runs a system with access to the internet and no anti-malware and I stand by that. Unfortunately Apple encourages people to be fools in that regard.
Which malware is that then? I assume you are probably referring to the recent issue where some Chinese developers grabbed Xcode off a bulletin board instead of from Apple, which added malware (in the form of a popup to ask for your iCloud credentials) to the compiled code when these developers then uploaded to the app store? Apple remotely disabled all the affected apps, as they always do if any malware is found. What's the point of running anti-malware when it would basically do the same thing in relying on signatures from the outside to tell it what's malware and what isn't?
There's malware in the wild for iOS too
Please, please, please, name it so I can have a look at it - by that I mean in a Western app store, though, I would never install an app where I could not even read the screen. It will be totally worth rebuilding the phone from scratch because I have as yet not seen a single such app. Pretty please?
I've said for years that no matter what platform you're running only a fool runs a system with access to the internet and no anti-malware and I stand by that.
You can do rather well if you start with decent fundamentals. Anti-virus is more like forgetting to add the brakes when you design a sports car and then fix it by selling chains and boat anchors. I must admit, though, that Google is the only company I know that has been able to start from a Unix platform and then make it look more like Windows from the perspective of vulnerabilities :)
Toires, LBTM, and FindCall. There are three trojans that can infect un-jailbroken iOS devices. And that considering that iOS is undoubtedly one of the hardest to infect platforms currently available. Granted one is proof of concept and the other two have been removed from the appstore, but if three can do it then more can as well. I personally view anti-virus on hardened OSes the same way I view the carbon monoxide detector in my house: the odds of needing it are astronomically against it, but if I ever DO need it I'd much rather have it than not.
There's no doubt iOS is more secure than Android. How much of that is due to good design and how much is due to the walled garden and relative obscurity of the underlying system is up for debate, but it's a purely academic debate. I realize that the odds of ever actually encountering iOS malware are pretty insignificant, but just as I would probably tell my landlord where to shove it if he tried to make me get rid of my CO detector I would be uncomfortable not having access to decent anti-virus software. There is simply no such thing as a perfectly hardened system.
Toires, LBTM, and FindCall. There are three trojans that can infect un-jailbroken iOS devices.
The first two were proof of concepts that were patched before anyone could put them into production, and one (1) that made it to the app store. The latter got pulled quickly, also because it didn't work that hidden because iOS does not allow SMS sending or making calls without user interaction (stops premium rate abuse).
I reckon iOS fares rather well in any "how vulnerable is my device out of the box" comparisons, ditto for "how easy is it to keep up to date" comparisons, simply because it is known hardware.
How much of that is due to good design and how much is due to the walled garden and relative obscurity of the underlying system is up for debate
Obscure? iOS? LOL :).
Obscure? iOS? LOL :).
Yes, iOS is relatively obscure compared to Android. Any neophyte script kiddie with a basic understanding of java can get the source code, spend a few months studying it and know the ends and outs of how the system works. With iOS unless you work for Apple you don't actually know exactly what's going on under the hood. That's what I mean by relative obscurity.
OK, I will spell it out for you.
This Android scareware FUD that is going around at the moment, this is Apple money. Apple have their own problems. Apple device security if you look at it without bias, is actually inferior to Android. It doesn't have several of the layers of protection that Android has.
http://lifehacker.com/how-secure-is-android-really-1446328680
iPhone is secure because it's locked down. Android is secure because it's also locked down, but it does allow you to unlock it (with a warning). Users are idiots.
>This Android scareware FUD that is going around at the moment, this is Apple money. Apple have their own problems. Apple device security if you look at it without bias, is actually inferior to Android
Ok let me know when iOS allows an attacker to root your boot locked (non jailbroken) phone without user intervention with an MMS. That is an entirely different class of shit security more of the Windows XP worm kind. Last I heard its still not completely fixed and in all forms is still certainly a vulnerability on the majority of Android phones out there.
Also (bah missed edit period) yes iOS has some vulnerabilities (plus Apple's security record and practices are a mixed bag) as well but the fact that they have a very successful patching system (most handsets supported are kept up to date at a remarkably high level) plus a much better full disk encryption solution means Android (as shipped in vast majority of handsets) has some work to do.
Noooooo.
iPhones just leave you feeling seasick just looking at the screen, or refuse to let you use it as intended because you're right handed, or send your car barreling down an airport runway, or charge you a premium price on a "new" phone for features that have been in competitors devices for 4 years.f
Yep, not a problem with iPhones, because who has the time to write malware for IOS when the device in question doesnt work well enough for you to test it?
Funny I thought the conversation was about security of the various handsets and not your personal opinion about phones. There is much not to like about Apple but the fact remains they are the only handset maker making any kind of profit on phones today so they are obviously doing something right (and its not all marketing even if the majority, their competitors spend plenty on marketing as well).
This is the feature I want. If a manufacturer decide to stop supporting the device then at least give us the ability to support it ourselves with Cygenmod. I have an annoying Asus tablet here that had updates abandoned barely three months after purchase! I expected support to at least get to the end of the one year warranty....
The score has three components:f - the proportion of devices free from known critical vulnerabilities.
u - the proportion of devices updated to the most recent version.
m - the number of vulnerabilities the manufacturer has not yet fixed on any device.
But how realistic is this considering
d - the time delay between an update being available from the manufacturer and the carrier being arsed to push it out?
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
