Android Is Now as Safe as the Competition, Google Says (cnet.com) 116
In an interview with CNET, David Kleidermacher, Google's head of security for Android, Google Play and Chrome OS, said Android is now as safe as the competition. From the interview: That's a big claim, considering that Android's main competitor is Apple's iPhone. This bold idea permeates the annual Android Security Report that Google released Thursday. "Android security made a significant leap forward in 2017 and many of our protections now lead the industry," the report says on page one. Echoing the report, Kleidermacher told CNET that Android flaws have become harder for researchers to find and that the software now protects users from malicious software so well the problems that used to leave users exposed to bad actors aren't such a big problem anymore.
How can this possibly be true? (Score:5, Insightful)
Re: (Score:1)
Re: (Score:2)
FTFY
Re:How can this possibly be true? (Score:5, Insightful)
Re: (Score:2)
Re: (Score:3)
Or you can just not log in to a Google account, then it doesn't send anything to Google. For apps you'll need fdroid and/or Amazon (which is mostly crap since Amazon's whitelisted security model means few developers update their apps.) If you try to run a Google app and it asks you to login, you can either delete or disable the app (it never runs, just sits there on your phone's storage with all user data and updates deleted, and you have to go through several menus just to find an icon for it) and get an a
Re: (Score:2)
s/dinners/drivers
Re: (Score:2)
Indeed. Waiting to hear what autism has to do with this.
Re:How can this possibly be true? (Score:4, Insightful)
But is Android safe from Google? Spyware is spyware.
So? I don't need it to be safe from Google. They have shown to be trustworthy with my data. Google has yet to ransomware me, max out my credit card, steal my identity or do anything else with the ludicrous amount of data they have on me other than serve me ads.
Re: How can this possibly be true? (Score:2)
Re: (Score:3)
Trust is not a universal term that can be applied to everything. I qualified it by saying "with my data", the data being the subject in question. But then "trust" is nothing more than a belief in an outcome. I find google very "trustworthy" even in the case you apply it. I'm certain that they will continue to exhibit the behaviour of trying to shiftily ex-filtrate my data as much as possible.
That's the thing about trust. You can "trust" bad behaviours as well as good behaviours. I trust the bad behaviour of
Re: (Score:3)
I think you need to read into this a very narrow viewpoint. He's specifically referring to the latest OS and hacks injected from downloaded software/apps. He's not focused on any other aspect of the android ecosystem that is presently a source of concern:
1) Devices running old software that isn't secure
2) Devices running co-opted software from various sources (often legit sources) from vendors
3) Devices themselves that contain or allow rogue FW to run, some which may have been placed there by the manufactur
Re: (Score:2)
Google continues with a very software centric mindset, and trusts its OEMs. To me that's the biggest mistake, particularly given who a few of them are.
I suspect it's not trust... it's that Google doesn't particularly care about any security issues which can't be traced directly to shortcomings in Google's own software. And really, I'm not sure how much they cared even about that... until Apple started getting a lot of press related to how secure its devices are.
Re: (Score:3)
How long did Google provide updates for Nexus phones? Nowhere near long enough.
Re: (Score:2)
3) Devices themselves that contain or allow "rogue" FW to run, some which may have been placed there by the manufacturer for dubious purposes
You're kidding, right? If you're buying a device that doesn't allow you to run your own FW on it, you're just paying for a channel for the manufacturer to track you and sell you stuff.
Re: (Score:2)
I agree, but the trick is to how to get it to allow ME to put my own firmware on (the owner), not anyone else. That's the problem that needs to be solved, but until then Apple is more secure, even if you have to trust them. I trust them more than I trust random OEMs or, especially, my cell phone supplier. But I do think there is money on the table for someone to grab.
Re: (Score:2)
Wait... you don't trust Huawei?
Re: (Score:2, Interesting)
And if the Chinese own Qualcomm, any hope that cellphones are secure will be laughable.
Re:How can this possibly be true? (Score:5, Insightful)
not to mention the fact that submitting to the appstore requires 10x more effort because there are actual standards, code review, and testing to enforce.
Re: (Score:3)
not to mention the fact that submitting to the appstore requires 10x more effort because there are actual standards, code review, and testing to enforce.
Lol that's a good one. You use that in your stand-up routine often? No sorry I jest. There are standards. The standard is that Apple will only accept software that doesn't immediately threaten their bottom line, whereas Google seems comfortable to let those slip through.
Re: (Score:2)
Re: (Score:1)
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
Re: (Score:3)
Android devices get updates pretty much forever because they come via Play Services. Doesn't really matter if the vendor doesn't update the kernel.
Google fixed the lack of vendor today's by making it not matter.
Re: (Score:2)
Given the ridiculously short amount of time Android devices get updates
What kind of updates? Most phones get security updates just fine and for quite a long period of time. Combine that with the very few exploits that actually abuse any security bugs instead focusing mostly on the previously primitive permissions system of the past, I fail to see how that's even relevant.
Re: (Score:3)
I'm most concerned about security updates. I thought even the mighty Google only pushed out 3 years of security updates, and that 3 years starts from when the product first appears on their web site for sale. If you're even a little conservative about new tech (like me) and wait 6-12 months before pulling the trigger on a new product, that means only 2 to 2.5 years of security updates, not to mention regular updates, which you'd only get for 1 to 1.5 years.
I guess at the moment I'm a little spoiled by iPhon
Re: (Score:2)
"It's not our problem if OEMs don't update their ROMs with our latest and most secure versions!" - that's what you could expect Google to say in response, seemingly unaware that some of their own damn hardware doesn't get updates either.
If they can't even be bothered to update their own shit, how could you ever expect LG, HTC, Lenovo, Samsung, Huawei, et. al. to ?
Re: (Score:2)
Re: (Score:2)
I can't possibly imagine what gave you the idea that I buy phones from bargain-bin carriers. I'm at iPhone user. Not religiously so, though -- every time it comes time to buy a new phone, I reevaluate the entire marketplace. For me, the iPhone is actually quite a bit cheaper, once you factor in (cost of phone / years of service).
I'm not sure why -- this is probably just a weird emotional thing -- but in my head I consider 5 years of security updates a minimum expectation.
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
Given the ridiculously short amount of time Android devices get updates -- including devices from Google itself
Three years is ridiculously short?
Re: (Score:2)
Three years is ridiculously short?
YES!
Re: (Score:2)
Three years is ridiculously short?
YES!
You're nuts. I'd agree that perhaps it should be four, maybe, and that three is a little shorter than is ideal. But "ridiculously"? I think you need to buy a dictionary.
Re: (Score:2)
Three years is ridiculously short?
YES!
You're nuts. I'd agree that perhaps it should be four, maybe, and that three is a little shorter than is ideal. But "ridiculously"? I think you need to buy a dictionary.
Oh, it's also worth pointing out that AFAICT no one else commits to even three years. That includes Apple. Apple generally provides support for four, maybe five years, but they don't make any promises.
Re: (Score:2)
You're nuts. I'd agree that perhaps it should be four, maybe, and that three is a little shorter than is ideal. But "ridiculously"? I think you need to buy a dictionary.
If we're talking about Google's devices here, it's not even 3 years unless you buy the phone the day it becomes available on their web site. I think it's pretty sensible to wait a minimum of 6 months to purchase new tech so that the inevitable new-device issues can be discovered and worked out. That brings its lifetime down to 2.5 years -- and that's just for security updates. Regular (non-security) updates would be an obscenely short 1.5 years. 1.5 years!
I've never looked at Apple's official update policy,
Re: (Score:2)
Re: (Score:2)
Given the ridiculously short amount of time Android devices get updates -- including devices from Google itself -- how can this possibly be true from a realistic viewpoint?
Well, he said "now" and he meant that literally.
With the result (Score:1)
That each version of Android OS that comes out, at least on the Samsung platform, is slightly less useful. That is the tradeoff for you between security and usability.
Re: (Score:2)
Re: (Score:2)
Motorola phones are reliable, cheap, and easily allow unlocking of the bootloader.
Where are the permissions logs? (Score:4, Interesting)
Why can't I find a simple view in Android of what apps have accessed permissions and when? (mic, camera, GPS etc) Also, apps request such general permissions... Access to drive I grant for apps that need to save files to drive, but does that mean it can upload my photos to weird app developer?
Android needs more transparency on these things to build trust.
Re: (Score:3)
Re: (Score:2, Informative)
Honest question: Where can I find this in iOS?
1) Open the Settings App. ... You can turn each one on or off.
2) Scroll to the app you wish to check.
3) You now see a list of permissions, such as "Location", "Notifications", Background App Refresh",
You can also see all apps which might use a permission in one list:
1) Open the Settings App.
2) Choose "Privacy"
3) Select the permission you wish to control.
You now see a list of apps that requested the permission. You can enable or disable each app.
I have mixed feelings about iOS in general, but this is one t
Re: (Score:3)
Re: (Score:2)
Then you wrote the wrong question, because his answer responded to the question asked.
Re: (Score:2)
Ah, I somewhat see what you mean. Only Location Services has icons that indicate whether the permission was used recently and in the past 24 hours.
On the other hand, I don't manage the other permissions closely because the apps have to ask for them individually and thus the apps really only ask for the permissions that you would expect them to.
Re: (Score:2)
Like you, I don't manage permissions that closely; for similar reasons, and with the additional note that I don't do anything all that interesting on my phone in the first place.
I don't allow apps permissions that would grant them the content of my messages (unless they're messaging apps, of course) or ph
Re: (Score:2, Informative)
Honest question: Where can I find this in iOS?
Go to "Settings", then scroll down. The bottom 80% of the main Settings menu is a list of all your apps. Click on any one of those to see what permissions it has asked for and/or been granted.
Re: (Score:2)
You can also go to Settings -> Apps and tap on any app to get the this same screen.
Re: (Score:2)
Honest question: Where can I find this in iOS?
Go to "Settings", then scroll down. The bottom 80% of the main Settings menu is a list of all your apps. Click on any one of those to see what permissions it has asked for and/or been granted.
Android has this, too, and it's not what was requested.
Re: (Score:3, Informative)
Re: (Score:2)
Only tangentially related, but Blackberry can go fuck themselves. I bought their flagship Priv phone at launch at a premium price (because I love hardware keyboards) and when the moment passed where they legally did not have to provide security updates any more they said 'go fuck yourselves' [blackberry.com] to their customers. I received their message clearly and will be steering well away from anything of theirs.
Re: Where are the permissions logs? (Score:2)
Not control, logs. For instance an app from work has GPS permissions to know where I am when on duty, which is fine. But does it track me off the clock? Like with Uber:
https://www.npr.org/sections/t... [npr.org]
How would users know?
Re: (Score:1)
Re: Where are the permissions logs? (Score:2)
Thx.
Re: (Score:3)
Why can't I find a simple view in Android of what apps have accessed permissions and when?
For the same reason the Subway queue is so long: people are overwhelmed with choice.
Look you sound like you want to run a full blown Linux complete with terminal on your phone. But really this level of detail should not be exposed to the average user. The only thing you'll get is frothing at the mouth and outrage as people miss-read, miss-interpret and otherwise try to draw huge conspiracies from things they don't understand.
There's a reason these devices are so popular, and simplicity is a key component of
The worst problem with Android: No updates. (Score:2)
Another abuse: Cell phones with batteries that cannot be easily replaced.
Another abuse: Apple has been preventing 3rd party repairs. Stories:
A HREF= "http://www.bbc.com/news/technology-35502030" TARGET="_blank" >iPhones 'disabled' if Apple detects third-party repairs (Feb 5, 2016)
Apple Shouldn't [be allowed] to Brick Your iPhone Because You F [wired.com]
Re: (Score:3)
Android does not usually allow updates. So, to get the latest version, it is necessary to buy a new cell phone. In my opinion, that's extremely abusive.
Technically, that's not an android problem. It's a problem with crappy manufacturers. Android itself absolutely allows updates. I get them at least once a month on my Pixel devices.
Re: (Score:2)
I think the message here is what it means for the unsavvy consumer, just like how "security of android as an OS" is completely trivial when compared to minimal app review process and a severely dysfunctional 3rd-party ecosystem (which again, is designed to decrease restrictions and barrier to entry to attract as many use cases as possible, including walmart $50 tablets).
The average consumer (that actually cares) will have a shitty experience with android because its unclear what you have to do to get a good
Google should have arranged to allow updates. (Score:2)
Google should have arranged that manufacturers allow updates. Now that abuse is associated with the Google (Alphabet) name.
Re: (Score:2)
Technically, nobody gives a shit. It's an Android phone. Google controls android. Google has a specific certification process that, if manufacturers want to enjoy things like the App store, etc, they have to comply with. Google could have added updates as part of that contract, but they didn't. It's not like they don't have the clout.
The lack of updates is the single biggest reason why I've stayed with iOS. Yes, Apple are douchebags, but it all turns into a question of "In what manner do I want to be
Apple Haters are such liars (Score:2)
Latest iOS Update Shows Apple Can Use Software to Break Phones Repaired by Independent Shops
What a goober, if you actually read the story it's about how Apple pushed a software update to FIX third party screens that had been installed. Apple did exactly the opposite of what you said. They just issued a warning after doing that that told people if you don't use Apple parts things may not work, they didn't even say you shouldn't use Apple parts yourself to repair systems!
You're right about Android, though y
Except for all that Creepy Googleieness (Score:1)
Is that so?... (Score:1)
So, I glance at the /. feed, and I see one article about Android being more safe... and the very next article is about Google having just recently been fooled into serving up malicious ads [slashdot.org] -- and apparently not for the first time, either.
Uh huh. I'm sure you'll forgive me, Google, if I'm more than a wee bit skeptical of the veracity of your latest marketing materials...
Please tell Samsung (Score:2)
to push out an update to my 'phone which is running Android 4.3. I had the cracked screen replaced this week and thus hope to use it for at least another 2 years. Do I want to update ? No: it does what I want.
Wrong target. (Score:2)
To the end user, you should never tell them that your product is safe, because it will only go an bite you back. Because if they feel their phone is safe and immune to attacks/hacks and malware. Then chances are their behavior will be reckless, and will find some way to get their device infected. (Apple or Android)
I think google was really talking to Enterprise Deployments. Where big companies with sensitive data may have a policy that said iOS is OK while Android is not, siting security concerns. If Goo
In related news... (Score:2)
Amazon says their web shopping is the best.
Telsa says their cars are the best.
And Long John Silver's says their fish is the best.
Impossible until... (Score:1)
PoisonJuice is now as safe as the competition (Score:3)
We bought the competition and shuttered their business. So now PoisonJuice® is the only juice-like beverage, which also makes it the best, safest and most natural.
Moot unless user can run the latest code (Score:1)
Oreo has been out for 7 months now and yet, a month ago only 0.7% of users had installed it. What's the point of stating your OS is secure if you can't deploy it appropriately? Android deployment: Google -> Phone manufacturer -> Telcos. This is a crazy pipeline!
Sure... (Score:3)
While that might be half true, it's also true that the vast majority of the entire Android market doesn't have, and might not ever have access to this latest Android version that is supposedly as secure as the competition. So the point is moot.
In fact, the only way to get that version of Android anytime soon would be by getting a Pixel phone. Because that's the only device that has the latest core/vanilla Android version. Other than that, perhaps a few Android One and Go devices. And that, for the global Android market, must be way bellow 1% of users. I'm not sure if it's even 0.01% of the global market.
Beyond that, Google cannot guarantee anything, because they really don't know. Most of the security and privacy breaches in the platform's history remains unpatched for a metric ton of Android devices, a whole ton of problems that emerged in recent years regarding spyware, telemetry, smartphone brands harvesting personally identifiable information surreptiously (thanks OnePlus), and a bunch of other safety problems came from Android skins/forks that Google has no way to completely control. And no, even Project Treble and other initiatives will be enough - they'll help, but they won't be enough.
And then the deathknell of supposed safety: as long as you can sideload apks into an Android device, it can never be considered as secure as a walled garden closed off system as iOS. Of course, lots of Android users (including myself) gladly accepts the risk for the openness, but that alone is enough for Android to never be as "safe" a platform as iOS. It's about the paradigm, not the OS.