Forgot your password?
typodupeerror
Security Android Cellphones Handhelds Open Source

Sundar Pichai: Android Designed For Openness; Security a Lower Priority 117

Posted by timothy
from the not-that-they-must-contradict dept.
An anonymous reader writes "Earlier this week, Google Android chief Sundar Pichai spoke at the Mobile World Congress where he explained, rather bluntly, that Android is designed to be open more so than it's designed to be safe. He also added that if he were a hacker today, he too would focus most of his efforts on Android on account of its marketshare position." Related: wiredmikey writes "Boeing is launching 'Boeing Black phone,' a self-destructing Android-based smartphone that the company says has no serviceable parts, and any attempted servicing or replacing of parts would destroy the product. 'Any attempt to break open the casing of the device would trigger functions that would delete the data and software contained within the device and make the device inoperable,' the company explained. ... The device should not be confused with the new encrypted Blackphone, developed by the U.S. secure communications firm Silent Circle with Spanish manufacturer Geeksphone."
This discussion has been archived. No new comments can be posted.

Sundar Pichai: Android Designed For Openness; Security a Lower Priority

Comments Filter:
  • Don't they know... (Score:2, Insightful)

    by FuegoFuerte (247200)

    If there's a way to put it together, there's a way to take it apart. Also, it kind of sucks to have your data wiped if your phone takes a major spill and thinks you're trying to break it open.

    • by brainstem (519778) on Thursday February 27, 2014 @02:11PM (#46360039)
      RTFA. This phone is not designed to be sold to the general public. It is designed for specific security sensitive applications and use by government agencies.
    • by rhook (943951)

      Not if everything is fused together.

      • by hurfy (735314)

        So was my laptop battery at one point ;)

        Fused or not I assume it would still try and detect the pieces coming apart. One would hope it takes more than a Dremel wheel to defeat it.

    • by hazydave (96747)

      Most secure systems like this are assembled before applying power... that's how you put it together. When first powered up, the tamper detect mechanism is in place. And that piece of it is kept powered forever... lose power to the crypto engine, and the unit tampers. Once tampered, you have to reinstall the original software. So basically, even Boeing has no means of taking these apart without tampering them. If you had enough units to study and take apart, maybe you could, maybe not. The case itself can b

  • by Anonymous Coward

    Blackberry prioritized security over extensibility. Where did that get them?

    • Blackberry had the wrong business model, we are in the new millennium.
      Wrong business model: concentrate on the product.
      Right business model: give free or cheap stuff away and collect users' data in return.

      Oh and the new millennium sucks.

      • by rsborg (111459)

        Wrong business model: concentrate on the product.

        No, Blackberry got beat there, too, by Apple. You could just as well say "frozen OJ" is "concentrating on product". What matters isn't how hard you work, but what you're working on, and whether it has appeal.

        Android being "open" and given away free to manufacturers and carriers wouldn't be worth a shit without their mimicking a successful design and adopting the iPhone look and feel. In 2006, Android devices being specced looked like a Blackberry copy, in 2008, they pivoted to become iPhone imitations.

    • Blackberry prioritized security over extensibility.

      They had a built in man in the middle attack. I would argue they NEVER prioritized security, just presented a strong illusion of it.

      It would be more accurate to say, Blackberry prioritized email above everything. And look where that got them... but it is not true of the iPhone or Android.

  • by Anonymous Coward

    but I digress...

    If Android was made to be open, with security as a far flung after thought, wouldn't its open nature prove it to be more secure by its availablitiy to 'more eyes'? I'm not talking about the implementation here, but the nature of its existence.

    That said, and with regard to that openness, hasn't the mobile security landscape changed a little in the past few years? More threats than ever now on the mobile landscape, and I would think that openness would be a much appreciated door to combat such

    • For the small percent who does root their phone it isn't a huge concern, but considering the most popular firmware claims around 10 million installs compared to the 1 billion total Android devices there are a ton of people left in the dark. Most of the people I know who use Android devices get the free phone, the 1 phone, or get the stupid Casio "rugged" phone. All of those options are going to leave them in the dark on updates.

      I spend quite a bit more for my devices than $100, but that's because I hate be
    • by Lumpy (12016)

      There are no "many eyes" on Android The most important parts, the drivers, are closed source binary blobs in most cases. It is ungodly easy to hide crap inside those blobs.

      • by exomondo (1725132)

        There are no "many eyes" on Android The most important parts, the drivers, are closed source binary blobs in most cases. It is ungodly easy to hide crap inside those blobs.

        The key is to differentiate between Android and AOSP, there are many eyes on AOSP but devices don't actually ship with AOSP, as you say they ship with many binary blobs that are platform services, UI layer, stock & 3rd party applications and drivers for all the hardware. The Android Open Source Project is open but (AFAIK) there is no device that runs Android that is open.

  • I thought that the HTC One [ifixit.com] already had that market cornered.
  • by Anonymous Coward

    Then why can't I use an old phone as a usb to bluetooth adapter for my old laptop? And why can't I use an old phone as a bluetooth "audio receiver" so that I don't have to buy a $200 mono speaker in order to enjoy wireless audio from my regular phone? It seems to be a combination of software restriction and no one has made the app, but the hardware should do these things just fine, so what about Android is open? Its ability to manipulate the hardware via simple abstraction? It's opened source, but it hasn't

    • by Lumpy (12016)

      You must not have listened to A2DP Bluetooth audio.. you dont enjoy barely FM radio quality from them. Just plug it in, it's 20X better sounding.

  • I'd love to see how Boeing is maintaining GPL compliance with their Android based phone. Does anyone believe they won't make any modifications to the core OS? And how much will the NSA pay for a backdoor?
  • by WindBourne (631190) on Thursday February 27, 2014 @02:41PM (#46360469) Journal
    Seriously, this is the kind of phone that should be in our troops hands. Basically, we need secured systems that are also weather and water proof. And if Boeing builds it with western chips, then it should be fully secured.
  • by Anonymous Coward

    Ok, we have Google's Android chief admit that security isn't their priority and that malware makers _should_ target their users and Slashdot tacks on a "related" article about Boeing making a destructible phone which, really, has ABSOLUTELY NOTHING TO DO WITH THE FIRST SUBMISSION.

    Come on! Really?

    Let's make it a bit more obvious that we're all HUGE fans of Android and don't want there to be any discussion about anything vaguely negative about the OS, why don't we. Two entirely unrelated discussions in the sa

  • by AdmV0rl0n (98366)

    Yeah, its so open each phone tends to have issues on boot loaders and on getting root. And yet, despite that, its more open to the malware writers than to its users.

    tut tut tut.

  • by Anubis IV (1279820) on Thursday February 27, 2014 @03:10PM (#46360879)

    The summary provided some related news, but isn't the fact that Apple just published a white paper about the security of iOS [apple.com] a bit more relevant to comments from Android's chief about its security than what the summary provided?

    For example, consider the contrast in how the two companies approach the topic of security:
    Google's Android chief: "We can not guarantee that Android is designed to be safe, the format was designed to give more freedom."
    Apple's white paper: "Apple designed the iOS platform with security at its core. [...] The tight integration of hardware and software on iOS devices ensures that each component of the system is trusted, and validates the system as a whole."

    The two approaches are practically polar opposites of each other, which I find horribly fascinating. As with pretty much everything, there are tradeoffs to either side. Android enjoys a load of benefits from being more open, and Apple enjoys a load of benefits from being more closed. Pick which works best for you and appreciate the differences.

    • by bloodhawk (813939)
      What Apple is saying there is basically Marketing BS. They have demonstrated time and again that security is NOT their primary concern in design.
    • For how long does Apple ask to confirm permissions when they are requested? Wasn't it like Apple users didn't even know what an app can and can not access?

      And there goes false safety feeling. Remember the Dolphin browser "calling home" to report sites visited by the users?
      1) It affected both Android and iOS
      2) It was discovered by Andorid users, (and Android is indeed more open)

      I don't see any serious issues with Android asking user to confirm permissions, when they are actually exercised by the app. That wh

      • Are you talking about the in-app purchases that kids were making after their parents entered the password for an initial purchase? A couple of years ago, the default behavior was that you'd be prompted for your password on your first purchase, but you wouldn't be requested to re-enter your password for 15 minutes if you made additional purchases. This effectively created a 15 minute window in which additional purchases could be made. Parents tried to claim that the OS-level modal dialog box that always popp

  • That the Boeing phone will give the NSA and Law enforcement the keys to the kingdom. There is no way they made a secure phone, the US government will not allow it.

    • That the Boeing phone will give the NSA and Law enforcement the keys to the kingdom. There is no way they made a secure phone, the US government will not allow it.

      ...unless they only sell the phone to NSA approved government employees.

      • by tlhIngan (30335)

        That the Boeing phone will give the NSA and Law enforcement the keys to the kingdom. There is no way they made a secure phone, the US government will not allow it.

        ...unless they only sell the phone to NSA approved government employees.

        Given Boeing doesn't make phones normally, the only reason it exists is because we're talking about Boeing the defense contractor, and not Boeing the plane manufacturer.

        The phone will most likely only be sold to government for government use only. In which case, well, it does

        • "the only reason it exists is because we're talking about Boeing the defense contractor, and not Boeing the plane manufacturer."

          Well either that or Boeing has decided to produce the first cellphone with retractable wings and turbofan engines. Likely? No but a man can dream.

  • I don't think that was the 'open' they were talking about.

    How long have the editors been bots? ...as if we haven't suspected....

  • Disingenuous (Score:5, Insightful)

    by MrL0G1C (867445) on Thursday February 27, 2014 @04:29PM (#46361685) Journal

    Since when was security mutually exclusive with openness?

    It's pretty obvious that Google has refused to give users the optional security permissions that they would like to have control of.

    It's daft that you have to root your phone in order to be able to increase the security.

    And just because Apple have (A) good security and (B) a crazy degree of control freakery, doesn't mean that everyone else with good security needs to be a control freak too which is some in these threads are insinuating.

  • ... what a joke.
  • by TrueSpeed (576528) on Friday February 28, 2014 @12:22AM (#46365257)

    Here's what Sundar Pichai actually said minus the selective editing from that 'iOnApple' hack at NetworkWorld.

    [quote]
    Sorry, the premise of the question is because Android is open, it has more security issues? Respectfully, I’m not sure that’s a correct premise of the question. Open platforms historically undergo a lot of scrutiny, but there are a lot of advantages to having an open source platform from a security standpoint. I would argue that it’s the best way for a platform to be secure, because every researcher in the world can inspect it, every developer in the world can inspect it, and I think that contributes a lot to Android security.

    Android was built to be very, very secure. The thing that you’re seeing is because Android is an open platform, many people can ship Android in many different ways and so there are some partners when they ship devices, they have an older version of Android. And sure you can have a security vulnerability there, but that doesn’t mean Android isn’t secure. We go to great lengths–the depth of work in Android to make it secure; the depth of work done by Google PlayGoogle Play automatically scans and verifies thousands of applications for malware. We track data on this. It’s state of the art in terms of what we do. What you see across the ecosystempeople will ship good phones and keep them updatedyou will have some phones that will not be updated. That’s where we see issues. Not Android at a fundamental level.
    [/quote]

The unfacts, did we have them, are too imprecisely few to warrant our certitude.

Working...