Fragmentation Leads To Android Insecurities 318
Rick Zeman writes "The Washington Post writes about how vendor fragmentation leads to security vulnerabilities and other exploits. This situation is '...making the world's most popular mobile operating system more vulnerable than its rivals to hackers, scam artists and a growing universe of malicious software' unlike Apple's iOS which they note has widely available updates several times a year. In light of many companies' Bring Your Own Device initiatives 'You have potentially millions of Androids making their way into the work space, accessing confidential documents,' said Christopher Soghoian, a former Federal Trade Commission technology expert who now works for the American Civil Liberties Union. 'It's like a really dry forest, and it's just waiting for a match.'"
missing disclaimer (Score:3, Informative)
TFA author is an iPhone user, according to his twit feed https://twitter.com/craigtimberg [twitter.com]
Re:Or... (Score:4, Informative)
Android phones rarely get updated. About half of all Android users are still running 2.3 or earlier and the uptake for new versions is glacially slow. This makes android extremely vulnerable. If someone discovers an attack for 2.x, it's game over for millions of phones. Android also has a leaky walled garden that allows users to easily bypass the Google Play store and go to any market place they may choose. Hell, it's not even unusual to find infected apps in the official Google Play store.
Re:It's not the frequency, it's the penetration (Score:5, Informative)
The biggest install base for iOS is always "the latest version". The biggest install base for Android is what, Honeycomb? Shit.
Even worse, it's still Gingerbread.
http://bgr.com/2012/12/04/android-version-distribution-december-2012/ [bgr.com]
Re:Not vendor fragmentation (Score:2, Informative)
Two reasons:
1) Hardware component manufacturers don't provide updated drivers. Many of them are binary blobs that aren't compatible with newer kernel/Android versions. Especially Qualcomm and Nvidia chipsets.
2) Carrier certification is *expensive*. Going through the effort of getting updates carrier-approved costs tens of thousands of dollars, per update.
Re:Not vendor fragmentation (Score:4, Informative)
I call bullshit to your bullshit.
Go have a look at the list of supported devices by Cyanogenmod and look up how many of those devices actually offer vendor upgrades to Jellybean. Hint: very few. My device stopped being supported at Gingerbread because the vendor says "it was too slow". I am now running Jellybean and thanks to Google's tweaks it's runs faster and smoother than it ever did.
But hey let's not dwell on old hardware shall we? Jellybean was released in early July 2012. Just under 4 months later Samsung were still saying US customers will get their SIII update in "the coming months". You know when Cyanogenmod 10.1 supported the Galaxy S III? Within 3 weeks of release.
The problem IS vendor lazyness.
Re:Or... (Score:3, Informative)
A quick search revealed these gems
http://tech2.in.com/news/android/malware-found-in-updates-app-on-google-play/523862 [in.com]
http://www.androidauthority.com/google-hosted-malware-on-its-play-store-during-q3-but-how-much-131309/ [androidauthority.com]
http://arstechnica.com/security/2012/07/more-malware-found-hosted-in-google-android-market/ [arstechnica.com]
Just download Avast mobile security (Score:5, Informative)
Re:Or... (Score:5, Informative)
TL;DR: You may not be able to upgrade your Gingerbread phone to ICS, but Google still patches known vulns on your system.
Re:Or... (Score:4, Informative)
jailbreaking your iphone in usa is against the law
Nope, unlocking your phone is - which is different to jailbreaking.
Re:Or... (Score:5, Informative)
If someone is using an iPhone, at some point it was connected to iTunes to activate it (or it wouldn't be working).
That used to be the case but you can activate and iPhone or iPad without iTunes these days and never ever hook it up to a host computer.