These days, smartphones are a bit like Dr Seuss' mythical "thneed," doing anything and everything – including (gasp!) making phone calls. Unless you're on AT&T, of course, with its penchant for dropping calls. Ironically, however, we're fast approaching the time when users may care far more about PC-era issues like viruses and …
One area I'd gladly give up my freedom
The main crippling point for most home PCs is malware removal. The software most users run, commercial and shareware, cause their machines to be slower and more unstable than the malware they're supposed to protect them from. And that's the last thing we need on our mobiles.
Once again I believe that Apple's restrictive marketplace is the better of two evils. Sure, we're tied down to what Apple deem "suitable". But at least the devices remain responsive and relatively safe.
I believe that Android developers should offer a similar approach, particularly in vetting the apps before they make it onto their marketplace. Let those that seek the freedom to twist their devices to their will do so with impunity, but give the mass public the safety, security, and performance that comes from a controlled and regulated marketplace: locked down with the option of opening rather than the reverse.
Unless you never plan on clicking on a website, or accepting email, the walls in the Garden are only so high. High enough to keep you from installing what apps you would like, but not high enough to cut off all email and website that can carry trojans and Infectons.
Hackers have finally realized that Apple users not only are smug and off-guard, but due to the high apple prices, they tend to have money sitting around to be taken.
as a virus i disagree
I think you're partly right
I'm using a Samsung Jet for a few years now which provides some of the functionality of a smart phone while in fact its not a real smart phone. In that sense that the only thing I can add are Java midlets or Samsung 'widgets' (the latter being small icons which provide some functionality and can be placed on the screen).
And while I have full control over my phone its not a mere issue of installing / removing an application as is done on, say, Windows. Nor do I want to; I use my phone as a phone, camera, keeping appointments and notes (at least till I get home) and sometimes as music player & navigation device. And yes, on occasion I also surf the Net.
So yes, I agree with you that having a (semi) locked down environment can be good for security. I see the same on Windows 7 or Linux; I use both OS's using a non-admin account and if I need to perform an admin task I either need to provide a password (Windows) or use 'sudo' (Linux; either on the cli or on X).
However; there is a down side to all this... Fake security being one. With market places and such you put your trust fully onto 1 single party; yet when they screw up the eventual damage could be huge. And with that I mean damages not restricted to just your phone.
Second; its not so much about freedom but the way people use their environment. If you use Windows in the way I described above you're pretty safe when it comes to malware and spyware. In fact; while I keep 'Search & Destroy' around I haven't seen anything worth removing since I started using Windows 7. And although I mainly use SeaMonkey I also use IE9 on a frequent basis, esp. when I'm browsing MS (related) websites (TechNet, Office.com, MSN, etc.). Which means I sometimes also end up on 'other' websites, yet no issues so far.
So why would you want to give up your freedom? Its easier to simply make sure that it will never come to getting the ickyness in the first place.
I've never been crippled by anything on Windows. I've always used a firewall, antivirus and common sense. My machine runs fast enough that I don't notice any speed issues. I've only ever had 1 trojan, which was for a JVM I don't use.
it's a virus jim but not as we know it
same as the old world of desktop if your antivirus had drained your battery life and if viruses could access your physical location and call premium rate numbers.
For a consumer, security is an order of magnitude more important on mobile than it was on desktop, and the obvious route to profiting from handset malware means it will be far more aggressive. If your solution to viruses is reactive (ie. antivirus), rather than proactive (ie. OS security and app curation) then you're going to have problems.
Enjoy your freedom and your Malware. There's no suspicious apps in the iTunes App store. LOL!!!
Never heard of 'Handy Light' then I take it.
ASLR as canard
Yes, we need better security. But it's not primarily code integrity and malicious takeover that should be the focus. The main theme with apps and appstores is that you can't always trust the program, yet it often inexplicably gets far more access than it strictly should get to your personal data. And that includes location data, even signal strengths and such.
But this is actually well-known and is called virtualisation. It's why unix is so much more easily securable than M$DOS. The programs don't get to talk to the hardware directly. For modern devices they shouldn't even talk to the OS, as they do, from a shared per-user space. They should be thorougly sandboxed individually. We know how to do this, and how to do this quickly.
So ASLR is a nice buzzword and all that, but rather orthogonal to where effort should be focused: Strong sandboxing on program level, perhaps even with another layer of sandboxing to provide "role based grouping", like how some apps would like to work together on the same data, for say some project at work, but not with another dataset pertaining to your private life, a different job, a different project at the same job.
After that you can worry again about clever ways to patch up for individual apps' failures to properly sanitize their input. Frankly, the other way around as is happening now and inexplicably is being hailed as the greatest (because latest) thing evar, does make very little sense. Strengthening a superstructure on a failing foundation will necessarily remain a rather futile endeavour no matter how successful the strengthening taken solely in and of itself seems. The foundation needs fixing first.
Your sandboxing sounds remarkably like the discretionary access controls built into every version of Windows since the early 90s (on the NT ancestral line) and every version of UNIX ever. Trouble is, non-geek users can't be bothered to learn how to use it so instead they just learn how to switch it all off.
Computed security is a *user* problem. We know how to design secure systems and we've been pretty good at implementing them for decades. The problem is in coming up with a UI that lets the "I refuse to read the manual, because it should be obvious" brigade actually configure the security.
If you're talking about Android then it's already done. Apps talk to a JVM via APIs, which talks to the OS, which talks to the hardware. If you've got a rooted phone then you can revoke an app's permissions to location data, SMS or anything you think it does not require access to. To remove the "inexplicable" accesses, those permissions are listed on the Market before you download the app, and also when you install an app from an external source.
My onion doesn't have just one layer.
Early nineties? Er. How easy was user switching back then? We had to wait for them to copy some ideas off of osx to make that somewhat less painfully unusable in practice (unless you had indecently recent hardware, maybe). And even if it actually would have performed, it took but one byte to break the whole thing down again. Unix has had reasonable user separation since several decades before that, and before that yet others had it too. Mentioning redmond is just painful in this respect, so wrong as they b0rked up in the face of prior art.
And then the kicker: If it's a user problem it is because the users neither understand nor can use the tools we give them. So that's not a strong argument before you're contradicting it yourself. If they won't read the manual it's because "we" (redmond et al.) insisted they didn't need to. It's a core concept to their entire marketing! Meaning your handwaving makes you sound like an uninformed twat deliberately missing the point as well as failing to be constructive entirely.
But that's not what I was arguing. I mean, yes, we have the tech, we know how to do this. But we haven't deployed it in a way that makes sense on small devices. Or even on big devices. I must admit it took me a while to understand just why $someone (several someones, in fact) was raving about wanting to run his browser (only) on a different user account, but this should become the rule, not the exception. So much so that "average" users have this without noticing they have.
This is possible, we just haven't done it yet. Rather than blaming world+user, we might as well get to it and implement it. Amazingly, do you know who's making good headway here? You'll never guess. Maybe they haven't realised it either. We'll see soon enough.
Looks like this article has DOS'd Rob's site :)
Is security owned by the manufacturer or OS developer?
The big problem is the halfway house where Google writes an operating system but users rely on the manufacturers to deliver the fixes.
Google needs to start acting like MS (in one respect!) and deliver security updates directly.
Imagine if you bought a Dell PC and every time a Windows patch came out you had to wait for Dell to package it up before you got it. Then after a year Dell drops your PC from the supported list and you're at risk of every newly discovered exploit.
I'm generally a Google fanboi, but they are wrong on this one - it's time they took full responsibility for their software.
Couldn't agree more
The lack of updates is going to mark Android out as the one to avoid. Bugs will always come to light and get fixed but unlike Google, RIM, Apple and MS can get fixes out to end users.
So how many people will continue to be willing to invest in expensive but difficult to update hardware? Potentially not many. So Android will have to become disposable, therefore cheap, therefore low spec...
True. There must be a way to allow OEMs to skin the phones and add their own apps without affecting the underlying OS.
The networks really want to be able to skin handsets so as to emphasise their brand. Google in effect said "Do whatever you want, here is the source code". But Microsoft seems to have said "This is what it's going to look like and you can't change it". That allows MS to push updates direct to users.
The networks and handset manufacturers may not thank MS for this; no skinning by the networks, less sales of handsets as updates from MS keep older ones going. But end users will benefit.
RIM and Apple do their own thing anyway, though I agree with Stallman concerning Apple's walled garden.
This is a problem that's easily solved. What Google need to do is police the Android Marketplace more heavily, allow any app but make sure the app is safe before it gets out there. Then still allow users to install apps through other stores or manually. That way everyone is happy, all apps can be catered for and if you stick to the official market place you are guaranteed a reasonably level of security.
It depends what is meant by safe. The apps can only use the permissions they're given, but they can use them for good or evil.
Excellent, common sense idea.
Fuzz, This is the most intelligent thing I've read on here for ages.
It seems to me that a walled garden approach is the best for the great unwashed, be that the Apple App Store, a tightened up Android Market or whatever.
For those who want all the freedom they feel they need and are prepared to manage their own security, jail breaking/rooting an iOS or Android handset isn't exactly hard.
The important thing is that individual end users have to take the proactive decision to root,
Of course, the more rabid elements of the open source community won't agree as they see it as fundamental that all users should be exposed to risk they don't want to be exposed to. Presumably those same people would ban seat belts and voluntary health screening for others as being in some way a restriction of their personal freedom. It's strange how that personal freedom to choose only seems to belongs to freetards.
A big problem with that idea
The users should have the choice to install any apps without having to root or jailbreak their device.
Of course you can strongly recommend they stay within the safe garden, but if circumvention is needed another can of worms is opened.
As far as I am aware rooting or jailbreaking in all cases invalidates the warranty. Certain interested parties are also trying their damnedest to make it illegal to do so in some jurisdictions as well!
Poor Rob Cottingham
I think you just DDOSed Poor Rob Cottingham. opps
I think WE just DDOSed Poor Rob Cottingham. oops
there, fixed that for you.
Same old, same old
"Welcome to the new world of mobile, same as the old world of desktop?" I think that last remark says it all for me.
I have AV software on my PC and likewise I have AV software on my Android devices, none of these devices suffer from performance issues because of it and I treat my phone like I do my PC when it comes to security, downloading and installing what looks safe based on reputation and reviews and number of downloads etc. Bit of common sense from those wild west days of the PC.
I do wonder how long the market will react taking this into account, what with samsung shifting more units that Apple and general Android saturation being higher than iPhones, how long before there are less apps developed for Apple first (if at all in some cases) as developers concentrate on the higher saturated platform, only time will tell I suppose.
Re Rob: Same old, same old
There was a recent study the showed that iPhone/iPad users were more likely to PAY for apps than their equivalent on the Android side of the fence.
If the devs are interested in revenue then guess which market they will develop for?
On the subject of PC AV and suffering no performance issues... Ha Ha.
I have this dual core Thinkpad. It virtually becomes useless on a Wednesday morning when its AV scan is taking place. I can't change the time it runs because some MCSE in IT has locked it down with a group policy.
So wednesday's I 'do dev stuff' on a Linux Netbook. Even that single core Atom is more responsive than the Widows laptop in that period. I really dread the advent of AV software for phones.
'Sorry darling I can't make that 999 call because the phone is running its Anti Virus check'
I have exactly the same issue on a Wednesday, productivity slows down so much that a good day is considered as being able to read an item on the staff intranet and send a couple of emails. Good forbid I even think about firing up Photoshop.
Thankfully as I'm in complete control of my home network, all the kit gets checked last thing at night and on a staggered shedule so as not to interfere with my bandwidth more than anything else.
I see your point about the iUsers vs 'Droidusers when paying for apps, shame as I have bought a few droid apps (AV being one of them) and found the whoel purchase experience easy to use. I wonder if that will change over time as I have seen a lot more quality apps appearing on the Droid marketplace now compared to a few months ago when it mostly free crap not worth installing.
(Nuke icon as I think that is what happens to our network on a Virus Wednesday)
531 minutes for voice
Holy crap! 531 minutes for voice calls alone! I don't come close to that with my cell phone and land line combined. My messaging time is zero and I only have 1 game I play (a fishing game). I'm either pathetic or not willing to waste my time gabbing about unimportant nonsense.
Welcome to the new world of mobile, same as the old world of desktop?
Not quite, I've never dropped my desktop in the toilet...
obviously not trying hard enough then
Android the new Windows?
If Android gains a significant majority then won't it be Windows all over again, as miscreants focus their energy on it?
This will actually be a good chance to finally test the claim that Windows is inherently less secure.
proven and hard to disprove
>>miscreants focus their energy on it?
These are not the only miscreants to blame, the designers of MS Windows OS are even more mis-creative in that regard.
Remember a common vector in the most effective and great malware on Windows? It was RPC. RPC is entirely Redmond's stupidity. Another one is "user-friendliness" + design flaw to judge about a file (attachment) based on its extension. Memento ILOVELETER with 5 *10^7 machines affected?
The site's hanging in there
Thanks for the concern, El Presidente and roomey. It's been bobbing and weaving, but we're still around. :)
>>we have the makings of a serious mobile security problem, particularly for Android users, just as Android seems set to become the Windows of the mobile world, in all the good and bad senses that brand implies.
OK, so there is no difference already between the malware from the Google Market that you install with your own hands (e.g., thinking that this SexyLeg is cool and indispensable app) , and when your own Windows system does it without your knowledge on its own (thanks to tons of "user-friendly" features, design flaws and vulnerabilities, 0-day and not)
Google police the Android Appstore?
Probably better if they didn't.
I wouldn't be averse to a third-party though actually vetting apps and offering to sign code for (or provide links to) those which were deemed safe. That would be good.
I discovered my work laptop AV (McAfee I think) maxing out its core when I selected multiple files to delete in windows, as it desperately tried to scan them ("scan on access") and it essentially DOS'd me as the computer pretty much froze for 30 seconds as it tried and failed to scan them. So, bogged down my cpu and then didn't actually protect me anyway (failed with a time-out).
No wonder AV is held in low regard. Throw in a low-power cpu and you're out of luck.
I can't understand why companies insist on installing McAfee on work computers. It must be very cheap compared to the alternatives. Although Microsoft Security Essentials is free, so it can't be cheaper than that.
Anyway, I find it impossible to do any work on a computer with McAfee installed. I'm a Java developer, and as soon as I access a JAR file in some way, McAfee starts scanning it, and since a JAR file is actually a ZIP file with a few hundred .CLASS files inside, this takes a while.
Along with other goodies the Windows domain admins force through domain policy, like overwrite swap file on shutdown, the user experience is severely affected due to performance issues.
When I worked as the manager of a software development department of a mobile operator, I had to ask IT to remove all the developer workstations from the domain, because the domain polices crippled them.
"third-party ... actually vetting apps"
The details of that would need to be thought through...
Who will be prepared to put their reputation (or liability) on the line to certify someone else's app as 'safe'? Surely they will want to be paid in respect of that risk and their efforts as well?
At last, some debate
There's some of the usual knee jerk reactions on both sides, but this forum looks like its actuall tackling Android's deficiencies wrt Google's handling of app security head-on.
I'm a confirmed apple user in this one, apple's H/W + S/W business model means they're able to police the whole infrastructure - its the big advantage of the walled garden everybody keeps wither crowing or wailing about - and to be honest, when you consider the sheer number of malware items out there for windows (tried spybot recently? Eek) , and the fact that android numbers are advancing far faster than iOS in sheer user base terms, then the vulnerability of google's platform to social engineering attackes (persuade dumb user to download and install unsigned APK with promise of angry birds expansion...) means android could well be in deep trouble soon.
Once the antivirus companies get their hands on your device, your performance _will_ degrade, I guarantee it. How could any tool which scans the files you access do otherwise? It's all used electrons, lost battery power and CPU cycles.
Google: lift your game, and lock the app store and the platform (installing unsigned binaries) DOWN, before you create mobile windows.
Anyone else appreciating the irony that Microsoft's Windows Phone O/S may get this right?
Keep the debate up, people, and don't descend into fanboi vs fandroid mudslinging.
Your argument doesn't actually address the question asked. Nobody asked IF Windows had security vulnerabilities. The fact similar things haven't happened on *nix/OSX doesn't mean they lack such holes, UNTIL people try to find them as fervently as they do on Windows, and fail. Until a non-Windows system has similar majority share to attract the miscreants, we won't have an asnwer.
You also point out only one aspect of malware creation, OS's software vulnerabilities. It is an important one. And various *nix system do not lack those, not as serious (remote code execution et al) and as numerous as in MS Windows though.
MS Windows also has vulnerabilities in its design. These are more heavily used to infect and spread the said malware.
The fact that the code is closed makes it harder to keep it more secure.
Compare the number of vulnerabilities in th Adobe Reader and the various OSS alternatives, like xpdf, evince, and kpdf.
I'd question the presumption that Android users, in general, are making a conscious choice for freedom over security.
In tech circles, perhaps - we tend to be overly obsessed with software freedom.
But using that great tech journalist standy of anecdotal evidence, I'd say the majority of people I know with Android phones basically wanted a cheaper iPhone, or were sold one as a contract upgrade. As one told me 'it's a Samsung iPhone' - for them, iPhone was basically a generic word for smartphone.
I find it hard to square that level of ignorance with a conscious decision based on the warnings of the FSF.
Nor do I see any iPhone users jealous of apps available on Android but not iOS - yet. (i.e. we've yet to hit the point where Apple's marketplace rules restrict a truly popular application).
And lest we forget, if you want to BitTorrent from your iPhone, there's good odds you know how to / are willing to jailbreak your way to freedom.
None of which it to detract from the point that there should be alternative trusted stores and ways of getting apps on, but it my view, based on years of helping relatives and friends with PCs, security should be explicitly opt-out.
Security and non-security
FINALLY, this may be getting some traction. Less than a year ago, when I bleated or whinged for better security in Android phones, I got downthumbed/drummed at times. I've a few areas of concern, and most of them stem DIRECTLY from google's reticence and wanton obtuse attitude.
I want to know why the hell Google doesn't sandbox our contact lists.
I signed up for one of the Korea-based social apps and the damned thing sucked up all my contacts. I had a choice of either use or not use. But, WTF doesn't google let us isolate our contacts so that these damned companies cannot harvest them in the first place. Maybe we only KNOW that a few of our friends are even likely to be in a social hubbing site, but we want to only trial the app. Why should the price of a trial be that every last user unwittingly or reluctantly with a deep wince and groan give up their address book?
Google needs to step up. Also, there need to be laws that tell companies to MAKE their software honor and respect non-invasiveness. All inbound subscriptions to a site that the users has not made extensive use of need to be on a probationary period of sorts. A site should not be all-knowing about a user who "just joins". Rather, it should only accumulate knowledge/details over time, only as the user uses the site. It should not invade the users' devices on initial connection.
Also, our photo albums, notepads and more in the phones could be subject to periodic "synchronization" by sites we THOUGHT we disconnected from our apps install. If we use different apps from one vendor, but delete/uninstall one app, how do we know that code fragments of the ditched app aren't hidden or "associated" to the remaining app that acquires functionality to still rip off information?
Google needs to get off its fat ass and provide native firewalls, intrusion detection, and logging, AND sensible correlation tools to help those of us who want these tools to free and freely keep tabs on whomever is infiltrating our devices. Unfortunately, there are not enough people screaming. The only way to really punish the frackers probing us is to just go cold-turkey for days on end without communicating with ANYONE, just to put hiccups into systems we HOPE we are screwing with for screwing with us.
Yes, i know firewalls and IDS's will such lots of battery power, but some of us are not that far from electrical outlets -- hell even the MUNI light rail cars have two in the passenger area (in the middle, one on each end of the middle jointed areas), most likely so the cleaners and maintenance crews can vacuum and do drilling or sanding work that may be needed. I've seen people charging their phones, and a couple of times, I did, too. So, once we get to a land-based outlet and do more surfing, we can keep the FW and IDS tools running.
Wait, Google makes money from shoving out adverts for paying clients. If they both suspect we are silently dropping adverts, advertisers may fork out less money. THAT has got to be the reason why Google so contemptously and arrogantly refuses to supply native, concerted, high-grade IDS and FW tools to us. As long as they're for-pay, fragmented, dodgy, and a PITA to use, advertisers won't fear them as much, and Google won't have to be too invasive. OTOH, it could be possible that google will ahve in each handset a "god" chip that can just silently separately stream unencrypted data off the phone for facilitating law enforcement, telcos, and corporate-managed/snooped phones.
Maybe I'll just start clicking on ads and then abandoning them, jacking up the advert click rate but having them amount to no payout. It's either that, or quit the smart phone, or find a get-it-done FW/IDS. I want the peace of mind. And, I don't want a smoke and mirrors tool. And, i don't want to FRACKING have to ROOT my phone. Why MUST we ROOT our phones to get more security? Rooting risks the phone being bricked when the carrier does an OTA update and the phone and/or carrier can't reconcile each other, or if the carrier wants to be punative. HiSurfing looks nice, but requires the user to root the phone...
"Unless you're on AT&T, of course, with its penchant for dropping calls."
No, they have a TALENT for dropping calls.