Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
Android IOS Security

Android Is Now as Safe as the Competition, Google Says (cnet.com) 116

In an interview with CNET, David Kleidermacher, Google's head of security for Android, Google Play and Chrome OS, said Android is now as safe as the competition. From the interview: That's a big claim, considering that Android's main competitor is Apple's iPhone. This bold idea permeates the annual Android Security Report that Google released Thursday. "Android security made a significant leap forward in 2017 and many of our protections now lead the industry," the report says on page one. Echoing the report, Kleidermacher told CNET that Android flaws have become harder for researchers to find and that the software now protects users from malicious software so well the problems that used to leave users exposed to bad actors aren't such a big problem anymore.
This discussion has been archived. No new comments can be posted.

Android Is Now as Safe as the Competition, Google Says

Comments Filter:
  • by Teckla ( 630646 ) on Friday March 16, 2018 @12:04PM (#56269921)
    Given the ridiculously short amount of time Android devices get updates -- including devices from Google itself -- how can this possibly be true from a realistic viewpoint?
    • You HAVE purchased a new phone in the last 9 months, haven't you? HAVEN'T YOU?
    • by dbialac ( 320955 ) on Friday March 16, 2018 @12:22PM (#56270043)
      But is Android safe from Google? Spyware is spyware.
      • Run AOSP, don't install Gapps.
        • Or you can just not log in to a Google account, then it doesn't send anything to Google. For apps you'll need fdroid and/or Amazon (which is mostly crap since Amazon's whitelisted security model means few developers update their apps.) If you try to run a Google app and it asks you to login, you can either delete or disable the app (it never runs, just sits there on your phone's storage with all user data and updates deleted, and you have to go through several menus just to find an icon for it) and get an a

      • by thegarbz ( 1787294 ) on Friday March 16, 2018 @03:28PM (#56271397)

        But is Android safe from Google? Spyware is spyware.

        So? I don't need it to be safe from Google. They have shown to be trustworthy with my data. Google has yet to ransomware me, max out my credit card, steal my identity or do anything else with the ludicrous amount of data they have on me other than serve me ads.

        • Trustworthy? A trustworthy organization doesn't try to find a different way to determine your location with wifi after location services have been turned off. Google is an information rapist. Say no and it keeps doing it anyway. Facebook never was trustworthy, but Google used to say, "Don't be Evil."
          • Trust is not a universal term that can be applied to everything. I qualified it by saying "with my data", the data being the subject in question. But then "trust" is nothing more than a belief in an outcome. I find google very "trustworthy" even in the case you apply it. I'm certain that they will continue to exhibit the behaviour of trying to shiftily ex-filtrate my data as much as possible.

            That's the thing about trust. You can "trust" bad behaviours as well as good behaviours. I trust the bad behaviour of

    • I think you need to read into this a very narrow viewpoint. He's specifically referring to the latest OS and hacks injected from downloaded software/apps. He's not focused on any other aspect of the android ecosystem that is presently a source of concern:

      1) Devices running old software that isn't secure
      2) Devices running co-opted software from various sources (often legit sources) from vendors
      3) Devices themselves that contain or allow rogue FW to run, some which may have been placed there by the manufactur

      • Google continues with a very software centric mindset, and trusts its OEMs. To me that's the biggest mistake, particularly given who a few of them are.

        I suspect it's not trust... it's that Google doesn't particularly care about any security issues which can't be traced directly to shortcomings in Google's own software. And really, I'm not sure how much they cared even about that... until Apple started getting a lot of press related to how secure its devices are.

        • .. it's that Google doesn't particularly care about any security issues which can't be traced directly to shortcomings in Google's own software

          How long did Google provide updates for Nexus phones? Nowhere near long enough.

      • 3) Devices themselves that contain or allow "rogue" FW to run, some which may have been placed there by the manufacturer for dubious purposes

        You're kidding, right? If you're buying a device that doesn't allow you to run your own FW on it, you're just paying for a channel for the manufacturer to track you and sell you stuff.

        • I agree, but the trick is to how to get it to allow ME to put my own firmware on (the owner), not anyone else. That's the problem that needs to be solved, but until then Apple is more secure, even if you have to trust them. I trust them more than I trust random OEMs or, especially, my cell phone supplier. But I do think there is money on the table for someone to grab.

      • Re: (Score:2, Interesting)

        by whoever57 ( 658626 )

        And if the Chinese own Qualcomm, any hope that cellphones are secure will be laughable.

    • by thebullshitpatrol ( 4673009 ) on Friday March 16, 2018 @12:42PM (#56270225)

      not to mention the fact that submitting to the appstore requires 10x more effort because there are actual standards, code review, and testing to enforce.

      • not to mention the fact that submitting to the appstore requires 10x more effort because there are actual standards, code review, and testing to enforce.

        Lol that's a good one. You use that in your stand-up routine often? No sorry I jest. There are standards. The standard is that Apple will only accept software that doesn't immediately threaten their bottom line, whereas Google seems comfortable to let those slip through.

      • Those standards project Apple, not Apple users.
      • Given the ridiculously short amount of time, Android devices get updates -- including devices from Google itself -- how can this possibly be true from a realistic viewpoint? https://newzealand.babasupport... [babasupport.org]
    • My Galaxy S5 is running Oreo... Just because the manufacturers and carriers drop the ball doesn't mean the homebrew community isn't there.
      • by pnutjam ( 523990 )
        I have a Verizon s5, this thing seems to be locked up tight and I can't get my own OS on it.
        • Yeah, whenever I hear about shitty ass phones in the US, it's always the ones sold by Verizon. I'd go with a different carrier if you can... one that at least gives the slightest hint that the give a fuck about their customers.
    • by AmiMoJo ( 196126 )

      Android devices get updates pretty much forever because they come via Play Services. Doesn't really matter if the vendor doesn't update the kernel.

      Google fixed the lack of vendor today's by making it not matter.

    • Given the ridiculously short amount of time Android devices get updates

      What kind of updates? Most phones get security updates just fine and for quite a long period of time. Combine that with the very few exploits that actually abuse any security bugs instead focusing mostly on the previously primitive permissions system of the past, I fail to see how that's even relevant.

      • by Teckla ( 630646 )

        I'm most concerned about security updates. I thought even the mighty Google only pushed out 3 years of security updates, and that 3 years starts from when the product first appears on their web site for sale. If you're even a little conservative about new tech (like me) and wait 6-12 months before pulling the trigger on a new product, that means only 2 to 2.5 years of security updates, not to mention regular updates, which you'd only get for 1 to 1.5 years.

        I guess at the moment I'm a little spoiled by iPhon

    • "It's not our problem if OEMs don't update their ROMs with our latest and most secure versions!" - that's what you could expect Google to say in response, seemingly unaware that some of their own damn hardware doesn't get updates either.

      If they can't even be bothered to update their own shit, how could you ever expect LG, HTC, Lenovo, Samsung, Huawei, et. al. to ?

    • My 2+ year old Note 5 got an update about 3 weeks ago. I guess you buy phones from bargain-bin carriers?
      • by Teckla ( 630646 )

        I can't possibly imagine what gave you the idea that I buy phones from bargain-bin carriers. I'm at iPhone user. Not religiously so, though -- every time it comes time to buy a new phone, I reevaluate the entire marketplace. For me, the iPhone is actually quite a bit cheaper, once you factor in (cost of phone / years of service).

        I'm not sure why -- this is probably just a weird emotional thing -- but in my head I consider 5 years of security updates a minimum expectation.

        • The Samsung Note 4 was updated just 6 weeks ago, by Verizon. That's for a 4 year old phone. Perhaps Android life is not as you imagine or are told?
          • by Teckla ( 630646 )
            That's pretty good. Is that length of support common, or somewhat unique to Samsung, or...?
            • Common for Verizon, Sprint, and T-Mobile. A lot of the discount carriers don't do it at all. And many of the Google phones have had 4 years of updates, too...
    • Well given the present state of "News" and the facts and not so facts one must question the validity of this statement from them. I mean seriously, Microsoft has made the same kind of statement in the past counter to the facts. I believe that Apple tries this crap as well. Lest be honest here, the OS's and firmware now running in these devices now days are so fucking complicated that there is literally no way that the term secure can be applied with any reasonable expectation of it being fact. For fucks
    • Given the ridiculously short amount of time Android devices get updates -- including devices from Google itself

      Three years is ridiculously short?

      • by Teckla ( 630646 )

        Three years is ridiculously short?

        YES!

        • Three years is ridiculously short?

          YES!

          You're nuts. I'd agree that perhaps it should be four, maybe, and that three is a little shorter than is ideal. But "ridiculously"? I think you need to buy a dictionary.

          • Three years is ridiculously short?

            YES!

            You're nuts. I'd agree that perhaps it should be four, maybe, and that three is a little shorter than is ideal. But "ridiculously"? I think you need to buy a dictionary.

            Oh, it's also worth pointing out that AFAICT no one else commits to even three years. That includes Apple. Apple generally provides support for four, maybe five years, but they don't make any promises.

          • by Teckla ( 630646 )

            You're nuts. I'd agree that perhaps it should be four, maybe, and that three is a little shorter than is ideal. But "ridiculously"? I think you need to buy a dictionary.

            If we're talking about Google's devices here, it's not even 3 years unless you buy the phone the day it becomes available on their web site. I think it's pretty sensible to wait a minimum of 6 months to purchase new tech so that the inevitable new-device issues can be discovered and worked out. That brings its lifetime down to 2.5 years -- and that's just for security updates. Regular (non-security) updates would be an obscenely short 1.5 years. 1.5 years!

            I've never looked at Apple's official update policy,

    • Given the ridiculously short amount of time Android devices get updates -- including devices from Google itself -- how can this possibly be true from a realistic viewpoint?

      Well, he said "now" and he meant that literally.

  • That each version of Android OS that comes out, at least on the Samsung platform, is slightly less useful. That is the tradeoff for you between security and usability.

  • by javaman235 ( 461502 ) on Friday March 16, 2018 @12:10PM (#56269975) Homepage

    Why can't I find a simple view in Android of what apps have accessed permissions and when? (mic, camera, GPS etc) Also, apps request such general permissions... Access to drive I grant for apps that need to save files to drive, but does that mean it can upload my photos to weird app developer?

    Android needs more transparency on these things to build trust.

    • Honest question: Where can I find this in iOS?
      • Re: (Score:2, Informative)

        by Anonymous Coward

        Honest question: Where can I find this in iOS?

        1) Open the Settings App.
        2) Scroll to the app you wish to check.
        3) You now see a list of permissions, such as "Location", "Notifications", Background App Refresh", ... You can turn each one on or off.

        You can also see all apps which might use a permission in one list:

        1) Open the Settings App.
        2) Choose "Privacy"
        3) Select the permission you wish to control.

        You now see a list of apps that requested the permission. You can enable or disable each app.

        I have mixed feelings about iOS in general, but this is one t

        • That's the same thing Android has (Settings -> Apps, or long-press on an app and choose App Info) and you can enable and disable permissions there, as well. It's also not what was being asked for.
          • by DRJlaw ( 946416 )

            It's also not what was being asked for.

            Then you wrote the wrong question, because his answer responded to the question asked.

            Why can't I find a simple view in Android of what apps have accessed permissions and when? (mic, camera, GPS etc)

            Honest question: Where can I find this in iOS?

            You can also see all apps which might use a permission in one list:

            1) Open the Settings App.
            2) Choose "Privacy"
            3) Select the permission you wish to control.

            You now see a list of apps that requested the permission. You can enable

            • by DRJlaw ( 946416 )

              Ah, I somewhat see what you mean. Only Location Services has icons that indicate whether the permission was used recently and in the past 24 hours.

              On the other hand, I don't manage the other permissions closely because the apps have to ask for them individually and thus the apps really only ask for the permissions that you would expect them to.

              • I did read the question wrong initially (and answered it before the rest of the lot, to boot), just as you did. It wasn't until I came back and read some of the other answers that I realized my mistake.

                Like you, I don't manage permissions that closely; for similar reasons, and with the additional note that I don't do anything all that interesting on my phone in the first place.

                I don't allow apps permissions that would grant them the content of my messages (unless they're messaging apps, of course) or ph
      • Re: (Score:2, Informative)

        Honest question: Where can I find this in iOS?

        Go to "Settings", then scroll down. The bottom 80% of the main Settings menu is a list of all your apps. Click on any one of those to see what permissions it has asked for and/or been granted.

        • Oh, if that's all we're talking about, long-press on any app (Mac users should be familiar with this from the one-button mouse days), choose App Info from the resulting dropdown, and it's right there under the App Settings heading. Been there for a couple major versions by now, at least; you can even turn permissions on and off.

          You can also go to Settings -> Apps and tap on any app to get the this same screen.
        • Honest question: Where can I find this in iOS?

          Go to "Settings", then scroll down. The bottom 80% of the main Settings menu is a list of all your apps. Click on any one of those to see what permissions it has asked for and/or been granted.

          Android has this, too, and it's not what was requested.

    • Re: (Score:3, Informative)

      by orient ( 535927 )
      DTEK by BlackBerry does exactly this. Plus it can alert you when an app tries to access a certain resource (microphone, camera). Plus it can allow/deny access to each resource individually, unlike Google's all-or-nothing approach. Even if you grant all permissions when you install an app, when the app tries to actually access any resource (camera, microphone, address book, local files etc.) you get a prompt to allow or deny access to each of the resources requested. And, yes, it comes installed on the Andr
      • Only tangentially related, but Blackberry can go fuck themselves. I bought their flagship Priv phone at launch at a premium price (because I love hardware keyboards) and when the moment passed where they legally did not have to provide security updates any more they said 'go fuck yourselves' [blackberry.com] to their customers. I received their message clearly and will be steering well away from anything of theirs.

    • Why can't I find a simple view in Android of what apps have accessed permissions and when?

      For the same reason the Subway queue is so long: people are overwhelmed with choice.
      Look you sound like you want to run a full blown Linux complete with terminal on your phone. But really this level of detail should not be exposed to the average user. The only thing you'll get is frothing at the mouth and outrage as people miss-read, miss-interpret and otherwise try to draw huge conspiracies from things they don't understand.

      There's a reason these devices are so popular, and simplicity is a key component of

  • Android does not usually allow updates. So, to get the latest version, it is necessary to buy a new cell phone. In my opinion, that's extremely abusive.

    Another abuse: Cell phones with batteries that cannot be easily replaced.

    Another abuse: Apple has been preventing 3rd party repairs. Stories:

    A HREF= "http://www.bbc.com/news/technology-35502030" TARGET="_blank" >iPhones 'disabled' if Apple detects third-party repairs (Feb 5, 2016)

    Apple Shouldn't [be allowed] to Brick Your iPhone Because You F [wired.com]
    • Android does not usually allow updates. So, to get the latest version, it is necessary to buy a new cell phone. In my opinion, that's extremely abusive.

      Technically, that's not an android problem. It's a problem with crappy manufacturers. Android itself absolutely allows updates. I get them at least once a month on my Pixel devices.

      • I think the message here is what it means for the unsavvy consumer, just like how "security of android as an OS" is completely trivial when compared to minimal app review process and a severely dysfunctional 3rd-party ecosystem (which again, is designed to decrease restrictions and barrier to entry to attract as many use cases as possible, including walmart $50 tablets).

        The average consumer (that actually cares) will have a shitty experience with android because its unclear what you have to do to get a good

      • "Technically, that's not an android problem. It's a problem with crappy manufacturers."

        Google should have arranged that manufacturers allow updates. Now that abuse is associated with the Google (Alphabet) name.
      • Technically, nobody gives a shit. It's an Android phone. Google controls android. Google has a specific certification process that, if manufacturers want to enjoy things like the App store, etc, they have to comply with. Google could have added updates as part of that contract, but they didn't. It's not like they don't have the clout.

        The lack of updates is the single biggest reason why I've stayed with iOS. Yes, Apple are douchebags, but it all turns into a question of "In what manner do I want to be

    • Latest iOS Update Shows Apple Can Use Software to Break Phones Repaired by Independent Shops

      What a goober, if you actually read the story it's about how Apple pushed a software update to FIX third party screens that had been installed. Apple did exactly the opposite of what you said. They just issued a warning after doing that that told people if you don't use Apple parts things may not work, they didn't even say you shouldn't use Apple parts yourself to repair systems!

      You're right about Android, though y

  • I got tired of my Phone being used for advertisement research so I "upgraded" to the Nokia 3310 3G it does what I need from a phone (Makes Phone calls) without all that creepy google tracking. I also Dumped my Tablet off at the St. Vincent de paul (goodwill can bite me) and went back to a laptop with Debian on it for web on the go. (heck i even got out my orignal iPod Mini replaced the micro drive with a compact flash card for music. I may look like a troglodyte but at least I am not whoring my data out.
  • So, I glance at the /. feed, and I see one article about Android being more safe... and the very next article is about Google having just recently been fooled into serving up malicious ads [slashdot.org] -- and apparently not for the first time, either.

    Uh huh. I'm sure you'll forgive me, Google, if I'm more than a wee bit skeptical of the veracity of your latest marketing materials...

  • to push out an update to my 'phone which is running Android 4.3. I had the cracked screen replaced this week and thus hope to use it for at least another 2 years. Do I want to update ? No: it does what I want.

  • To the end user, you should never tell them that your product is safe, because it will only go an bite you back. Because if they feel their phone is safe and immune to attacks/hacks and malware. Then chances are their behavior will be reckless, and will find some way to get their device infected. (Apple or Android)

    I think google was really talking to Enterprise Deployments. Where big companies with sensitive data may have a policy that said iOS is OK while Android is not, siting security concerns. If Goo

  • Microsoft says their OS is the best OS.

    Amazon says their web shopping is the best.

    Telsa says their cars are the best.

    And Long John Silver's says their fish is the best.

    ...whew, glad all of that is finally settled!
  • Google has total control of the hardware, firmware, and OS.
  • We bought the competition and shuttered their business. So now PoisonJuice® is the only juice-like beverage, which also makes it the best, safest and most natural.

  • by Anonymous Coward

    Oreo has been out for 7 months now and yet, a month ago only 0.7% of users had installed it. What's the point of stating your OS is secure if you can't deploy it appropriately? Android deployment: Google -> Phone manufacturer -> Telcos. This is a crazy pipeline!

  • by XSportSeeker ( 4641865 ) on Saturday March 17, 2018 @05:10AM (#56274215)

    While that might be half true, it's also true that the vast majority of the entire Android market doesn't have, and might not ever have access to this latest Android version that is supposedly as secure as the competition. So the point is moot.

    In fact, the only way to get that version of Android anytime soon would be by getting a Pixel phone. Because that's the only device that has the latest core/vanilla Android version. Other than that, perhaps a few Android One and Go devices. And that, for the global Android market, must be way bellow 1% of users. I'm not sure if it's even 0.01% of the global market.

    Beyond that, Google cannot guarantee anything, because they really don't know. Most of the security and privacy breaches in the platform's history remains unpatched for a metric ton of Android devices, a whole ton of problems that emerged in recent years regarding spyware, telemetry, smartphone brands harvesting personally identifiable information surreptiously (thanks OnePlus), and a bunch of other safety problems came from Android skins/forks that Google has no way to completely control. And no, even Project Treble and other initiatives will be enough - they'll help, but they won't be enough.
    And then the deathknell of supposed safety: as long as you can sideload apks into an Android device, it can never be considered as secure as a walled garden closed off system as iOS. Of course, lots of Android users (including myself) gladly accepts the risk for the openness, but that alone is enough for Android to never be as "safe" a platform as iOS. It's about the paradigm, not the OS.

VMS must die!

Working...