Android's problems are NOT in the Java VM, they are in an absolutely insecure implementation of Linux. For all intents and purposes, apps can do just about anything they want. That's bloody stupid from a security standpoint. You want to know why Android has malware problems? It's because Android is built on the old DOS "anything goes" model that let to the security meltdowns of the 90's and early 00's for DOS, Windows 3.X, and 9X users, and the legacy of that development model is STILL slowly being contained. It wasn't until Vista that Microsoft had locked it down to even moderately "safe" levels... so what does Android do? Replicate it!
So yes, I'll put any WP7 or iOS device head-to-head against Android on the security front, because both of those OS's are much more secure *by design* than Android. The day Android becomes secure by default is the day that all of the cute things that Android power users love about it stop working. Remember, the power to install a replacement software keyboard is the power to install a keylogger...
The difficulty is how do manufacturers meet both sets of requirements? Not being a manufacturer, that's not my problem but their's. And it's high time they figured it out! Maybe it's difficult. All that means is they need to hire smarter people and make smarter design decisions.
If anyone screws it up, it's their problem. If anyone wants to be ruled by their provider, plenty of other vendors offer their authoritarian little walled gardens.
I wouldn't count on Google to do this well any more than I would expect MS to, so we'll have to wait for a better open-source Android version or for one of the other operating systems.
I think at this point though, the argument becomes academic and is simply a reversal of the arguments the community has been having for the last 20 years about security. To be precise, if the Linux kernel is not inherently more secure, then neither is the iOS or iPhone 7 kernel - or so it would stand to reason. Of course, you don't make that claim - you say that they are more secure *by design*. I honestly don't know enough to argue that claim. Ultimately, though - I think in the end we come to the same conclusion - the benefits of the Linux design model are the liabilities, and include a high degree of responsibility on the end user. Personally, I see iOS and WP7 as *appliance* devices, turn-key solutions for consumers who simply want what I've repeatedly described as digital-device "grocery getters" and "soccer mom vans". If iOS and WP7 are SMART phones, then Android is an actually INTELLIGENT phone. Being smart keeps you out of trouble - but limits your horizons - being intelligent frequently gets you into trouble, but gives you unlimited horizons.
put the blame squarely on the way that the implementation of Linux is handled - which illustrates the argument that there is no such thing as a "more inherently secure design" at the kernel level. It it was inherently more secure, you wouldn't be able to create a poor implementation that compromised that inherent security advantage
Thar doesn't even make sense. You can take the most secure bank vault design in the world, then decide to build one which doesn't have a top, but relies on the floor above as a lid. That has nothing to do with the original design, it has to do with a really horrible implementation.
Saying that a kernel which is modified poorly, and a userland which is given bad default permissions which are also not modifiable by the user, and an API which gives apps broad permissions (put a manhole in the top of the floor above the safe), indicates that the original design of the kernel is not more inherently secure than a swiss cheese OS is ridiculous.
Aside from that, keep up the good work.
existing in someone or something as a permanent and inseparable element, quality, or attribute: an inherent distrust of strangers.
If it is inherent, it is permanent and inseparable.
Linux is not INHERENTLY more secure and is not INHERENTLY secure. It is incorrect usage of the word "inherent". It sounds good as a sound-bite - and it has become part of the public consciousness when discussing Linux security - but it isn't the TRUTH. If it WERE inherent, it couldn't be undone - and Android illustrates it CAN be undone - thus - not inherent.
It makes *absolute* sense, but you've got to understand that as usual, I've carefully framed the argument. I'm not comparing it to a swiss-cheese OS. In this particular case, I'm actually comparing it to itself. Linux may be "MORE secure than a LESS secure OS design" - but that is a pretty redundant observation to make, and it still doesn't mean that Linux is INHERENTLY secure.
The Linux security debate is fundamentally flawed, because Linux isn't technically an OS -- it's a kernel. The kernel has terrific support for security *features* (chroot, and protected memory access, for example), but it's completely up to the OS to leverage that.
Linux as an OS (or GNU/Linux, if you prefer) is only touted as inherently secure because of the conscientious efforts taken by its developers and users to use the least-privilege model of execution. ("Don't run as root.") This mindset has trickled down to the application developers. Consider for example the various SMTP MTAs. I believe it was Qmail that brags about how each function is a separate executable that has zero trust for any of its interactions outside its silo. (Contrast that to svchost.exe, for example.)
Windows' biggest flaw over the years hasn't so much been its kernel (although the 9x kernel didn't have the robust multi-user security-minded partitioning that the NT kernel does), the problem has been that every user logs in as an administrator.
Android suffers this same fault. Apps are given the keys to the kingdom. The kernel just does what it's told. It schedules threads, manages memory allocation, and converses with the hardware. It doesn't know benign code from malicious code. That's not its job.
You're saying that when I launch Shazzam or Angry Birds or any other app, it is running as root, with least restrictive, most permissive access to the entire device - even when the device is not rooted?
If that was true you would not be able to root your phone.
Malware doesn't always require vulnerabilities or non-authorized behavior to behave in inappropriate ways.
I guess then, the logical assumption is that while iOS and WP7 may be safer from Malware in general, there is no guarantee it is safe from the malware that the manufacturer/vendor/wireless provider approves of having on their phones?
And of course, on a WP7 or iOS device, there it is far more difficult to alter or uninstall anything that is placed there *intentionally* by those parties than it is on Android.
Just playing devil's advocate here, more than anything. It certainly seems to be a 6 of one, half-a-dozen of the other kind of situation to me.
But here, I think the problem is that you're not being specific about which store you're talking about (Android MARKET or Apple APP STORE)... it gets confusing with all the different app vendors with different names for their various front ends - at least for me.
So, if I read this as "Apps in the Apple App Store aren't authorized to..."
Then the argument is that the iOS and MSFT app vetting process would catch and prevent any application that was misusing an API or otherwise contained code that would lead to escalation privileges?
Well - remember that app that briefly snuck by Apple that posed as one app but actually had an embedded phone tethering feature? How was that done, how was the code snuck by, and why couldn't that be used in an example like this but for nefarious purposes? It doesn't seem like it is as foolproof as Justin suggests, and in fact, a false sense of complacency seems to be dangerous in a case like this. Android users might arguably be MORE cautious because they inherently (there is that damn word again) have LESS trust in their OS and market. No?
No, I'm not trying to say one is better than the other through 'inherent' capabilities; I'm suggesting that the platforms are really aimed at different classes of users but the OEMs don't seem to care that they're getting a higher proportion of reportedly 'defective' devices that on analysis have nothing more wrong with them than a jumbled-up mess of a file system due to ignorant users trying to customize their phones. Whether you look at Motorola or the other OEMs, the biggest complaint comes down to software mucking up the OS--followed by pretty poor hardware from one specific brand.
App Store (Apple) and Marketplace (Google) do operate in different ways--one to filter and attempt to vet the software before it goes public while the other is a wide-open market that only polices when it must. They each have their advantages, but to me Apple's offers at least some real sense of security because the review process does block the vast majority of 'intentional' malware. Yes, it may be possible to get a trojan horse through those gates, but at least those gates are there, keeping those Trojans from just walking all over the city. Better any walls at all than a city get invaded from all directions any time the invaders want.
The history of warfare and the history of computer security aren't all that different in scale--only in environment.
And so we're right back to the user as the issue (whatever the mobile equivalent of PEBCAK is)?
How is this different than WP7? Are you saying that the WP7 app store somehow magically knows what APIs an app should try to call (which should vary by app capability, of course), and detects if it tries to call outside those boundaries? In either case, there's a manifest that lists capabilities needed, and the user has to grant rights to those capabilities, no? And any attempt to call a capability that hasn't been approved is denied, in either case, no?
Not seeing the distinction that you are. Android has basically the "UAC at install" approach, not an inherently insecure approach.
Each Android app (and WP7, for that matter) has a manifest file that does indeed list the rights needed, and the user is notified at install time and authorizes the app.
"How is this different than WP7?"
Explaining this is starting to get boring, but here I go again...
WP7 apps *cannot make dangerous calls*.
Android apps *can make dangerous calls with user permission*.
EXAMPLE: WP7: apps cannot directly access contact information; when they want to look at your contacts list, the standard contact picker list is displayed, and the USER selects the contact that the app gets access to. Android: once the app is authorized to handle contacts and installed, it can carouse through the contacts list at will, whenever it wants, with no user interaction required.
"Are you saying that the WP7 app store somehow magically knows what APIs an app should try to call (which should vary by app capability, of course), and detects if it tries to call outside those boundaries?"
Yes, that's actually EXACTLY how it works. It's not "magic" incidentally, it's called "reflection", and the Android app market is technically capable of the same (Amazon's Android app store does it). Furthermore, the WP7 app store verifies that the requested rights match the rights actually used, and if they don't, the app is rejected.
"Not seeing the distinction that you are. Android has basically the "UAC at install" approach, not an inherently insecure approach."
Again, the difference is in the APIs. WP7 apps do not have access to the underlying system... WITH OR WITHOUT PERMISSION. Android apps, once authorized, do whatever they want, and I am not even sure of the manifest *must* match the actual code. We all know that users say "yes" to anything! So by design, an API that allows unlimited access "with permission" is insecure for all but the most savvy users. If you don't believe me, take a look at malware install rates on Windows...
"Android has basically the "UAC at install" approach, not an inherently insecure approach."
UAG on install is an inherently insecure approach, because the bad buys know that users say "yes" to anything. It's socially hackable.
In the case of Android it has also been Google for failing to properly secure the OS from this crap. Google Android OS is their version of Windows 95.
Apple has it right with the App Store (TM) but their pricing policy is rediculous.
Think of WinPhone is what the Mac was a few years back before the OS X started to get malware and other infections - relatively "clean" because it had a minority stake in the market share. In addition, unlike WinPhone, the iPhone also is a status symbol where malware writers will go after because they are sometimes rich[er] and sometimes dumb[er].
This is a far cry from the viruses and trojans that most people, reading these articles, are envisioning as what's being talked about.
I think the distinction is important, and that IT journalists have an ethical responsibility to be clear on this issue. Otherwise, they're implicitly feeding into a FUD cycle.
Honestly, for Android to really show off its capabilities, it needs to be in the hands of techies almost exclusively; let the other choose something easier to use that reduces their risk of malfunction. It needs to be in the hands of people who know how to manage it and want to. More people are choosing Android now because of its low average cost, not for its claimed superiority over other platforms.
The only thing I'd say is that from an uber-techie perspective - this line:
"Yes, it is almost infinitely configurable, which is great for techies, but that also means that it's easily breakable by non-techies."
Although true - isn't the *whole* story. While it is easily broken by non-techies in an easily repairable way, the iOS platform is easily broken by TECHIES in a difficult to nearly impossible way to fix.
That is - in competent hands, Rooting your Android device is fairly safe and easy to recover from - and it is very rare that a Rootable and Rooted Android device is bricked in such a way that a seasoned Android technical user cannot recover it.
On the other hand - it is fairly easy and not uncommon for a jailbroken iOS device to become bricked so hard that even the most adept iOS hackers struggle to recover it to a usable state.
This represents a fraction of a fraction of all users for both platforms combined, so I'm *absolutely* splitting hairs in bringing this up - but it *is* an important distinction for *me*.
For years Windows OS has taken the majority of criticism when the real criticism should be aimed at (1st) the users and (2nd) certain appliction designers. If you install Windows (XP, 7, or even Vista) on a PC that was designed for them; that machine will run beautifully and in most cases with no problems at all. It is not until the users come in and starts adding their coupon toolbars and "cool" screensavers that problems start happening. On top of that you have the endless variety of software companys that put out shotty, untested software for the OS. The users buy this cheap software and then get upset when things go wrong.
Of course the other part of this is the malware and virus developers. They choose to attack Windows (for computers) and Android (for phones) for two very simple reasons. 1) The are the more prominent and widely used systems and 2) they are more open systems and thus easier to develop attacks against. Don't get me wrong, Apple is not invunerable. Hackers love a challenge and the more popular Apple becomes the more you'll see attacks against it. Especially as more of these PC users migrate over to Apple and start wanting their toolbars and nifty mouse pointers.
I've only been infected a few times - but in almost every case I can recall, I knew I was swimming in dangerous waters right before I got hit by the infection. I can only name a few times where I got hit by a drive-by infection that totally took me by surprise. It can happen, and I think in the past it was far more possible that it is now - but in almost two decades of experience, I'd say that MY personal experience indicates that it is exceedingly rare.
So far, my Android experience seems to be indicating the same results.
You're right - with great freedom comes great responsibility. For those who rise to that challenge, Android is the best platform. I don't see myself becoming a Windows Phone or iOS user anytime soon.
It was purely an end user decision. I knew they had a good chance of muckin' up the Androids, but not so much the iPhones. Although I'm far from an Apple fan, it was better for the users of those phones.
It seems like it's usually the uninformed or less knowledgeable users that get themselves into trouble.
They never want to do maintenance, quoting how much they paid for the phone and saying they should not HAVE to do it... they don't take even the most basic precautions when surfing the web on there computer let alone their phones... and they think they don't need to...
The "UAC at install" approach is only insecure to the idiots that go into the market with the "ooh pretty shiny" approach anyone with a brain should be able to say no when there flashlight app wants access to the internet, contacts, or system files...
the problem really is the users... and a lot of the problem could be fixed by educating customers at point of sale... most of the users that I had spoken to since the launch of android were not told it was something that needed to be done...
by letting them know ahead of time what they need to do and look out for you will be "educating" rather the "reacting" and in the technological world we live in... education of the end user is really the only intelligent choice...
- and just a side note... YouTube is a hotbed of people showing others who don't know, how to do things they shouldn't be doing... a lot of users end of bricking phones or voiding warranties b/c they wanted to do something the phone wouldn't do... and they went on YouTube to find a walk though so they could... its always a wildcard to show the average pretty shiny end user how to open there phone up...
(Omnifice it is funny that you phrased it the way you did, "I can handle the potential issues with Android, the ladies in my family can't." it is the exact opposite is my house... I had to take over my husband's android every week to fix what he had broken... so I got him WP)
- Keyboard Shortcuts: