Android update process gives malware a leg-up to evil: Indiana U Researchers from Indiana University Bloomington have tagged a vulnerability in the way Android handles updates, which they say puts practically every Android device at risk of malicious software. As ThreatPost explains, the vulnerability uses the update process to “ramp up the permissions given to malicious apps once Android …
Theoretically this might be weakness but there's 2 things stop it being a major problem.
1) the long lamented fact that manufacturers tend not to bother pushing out more than 1 os update if any to old devivces.
2) on the rare occasions that Updates to android have been available for my phone, all apps have had to be reinstalled anyway.
So in effect the only real risk is the standard one that the average user just accepts the permissions requested witout reading/understanding the implications.
My Desire S went from Gingerbread to ICS, but this wasn't over the air, and it wiped the phone in the process. My wife's Xperia Mini never got off of Gingerbread.
I won't claim that these two phones are representative, but they do balance out your examples.
My Nexus 7 gets all the updates, and I slightly regret letting KitKat on.
You seem to be a knowledgeable Swiss Cheese gourmet. Have you tried the one made in Redmond, WA?
Talking about permissions? How would you call the OSes made by Microsoft over the last 20 some years that had no API to separate both applications and their permissions manifested to the user before the install? Those would qualify as big Swiss Cheese holes without any cheese left at all.
We all should face a fact that Android is the new Windows.
It's not the OS's fault (mostly). It's the openness and ubiquity.
All OS-es are exploitable and the ones with >70% market share are a desired target.
Android security is mostly smoke and mirrors.
Most Android phones and tablets are vulnerable from day 1 , because they come with older Android versions for which exploits exist.
It is a fact of life and one should simply acknowledge it and plan accordingly.
Do you _really_ need all those games and bells and whistles ?
Maybe paying 1$ for official version of some app is not that stupid when cracked versions exist ?
Hint: crackers also have to earn money to make ends meet.
Example: I bought a new Samsung Galaxy Chat recently. It comes with Android 4.1 .
Is this a safe Android version ? Don't think so.
Sadly no official upgrade exists and I will not install anything unofficial , so I am stuck.
Agreeing with you on the openness of Android and the unfortunate negative consequences of it that almost every OEM and ARM chip manufacturer to substantially mess things up. Thinking about one Chinese at the moment, Allwinner, that require bloody MS Windows to make their version of Android to upgrade. In general, there's the idiotic proprietary blobs, Linux kernel mess etc. And it's not only the vulnerabilities which are not that many for Android that get on people's nerves...
I would like to yet see or hear someone getting a trojan on a device or someone getting hacked due to the fact that the device was vulnerable. Well, I mean not from Kaspersky or MacAffee or Microsoft, I mean from someone that actually got it.
"We all should face a fact that Android is the new Windows."
Or perhaps we should view Android as the old Windows. Having now replaced my Android tablet by a Windows tablet, I now have a reliable and regular upgrade process independent of the hardware manufacturer. I now have a tablet PC that works ... like a PC.
Desktop can be a bit fiddly with an 8 inch screen and a fat finger but I've got used to it and my accuracy has improved. ModernUI works like a tablet interface. I use each as the mood takes me. For stuff like Kindle say, I have a choice of "Windows 8" version for Modern and "Windows 7" version for desktop.
"I see you didn't refute the AC's claim about mobile OSs at all. Why?"
How about because an OS is an OS? Its purpose is to provide an interface for applications to the hardware on the device. The distinction between "Mobile" and "Desktop" is getting sillier and sillier everyday. With 8 inch Windows 8 devices and (for the moment, at least) 21 inch Android AiOs, they're all just computers at this point.
You're right about the mobile and desktop thing. Fully functional x86 Linux distros and Windows can exist in mobile devices - at least in tablets.
But the whole mobile device economy is dominated by mobile phones and tablets, and mobile devices with the x86 Windows are in the minority.
The reality - however - is that there is malware for Android, but the Winphone (and RT) malware stats are still zilch, nada, zip, zero. While eulampios can froth about all the malware Windows has had (and still has), those malware statistics are meaningless in the mobile operating systems Microsoft is flogging, just like the Android malware doesn't concern my laptop with Mint.
"The reality - however - is that there is malware for Android, but the Winphone (and RT) malware stats are still zilch, nada, zip, zero."
First, I hope that you're prepared to back that statement with facts as I suspect that there is malware out there, you just haven't heard about it yet. Second, if there is malware out there, there will be far more targeting Android since it's a broader target, just as Windows has been the primary target in the desktop world due to its broad deployment.
For years, Apple touted how much more secure the Macintosh OS was over Windows when the reality was, they weren't anymore secure, just that no one really bothered to target Macs. Once their marketshare began to rebound, viruses suddenly started to appear on their vaunted systems.
"First, I hope that you're prepared to back that statement with facts as I suspect that there is malware out there, you just haven't heard about it yet."
I'm quite sure all the people with vested interests (Antivirus industry, pro Apple/Android users) would make a meal if the aforementioned MS operating systems would get infected. I cannot prove that malware doesn't exist - but I cannot prove that gods don't exist either.
I don't think that even these MS operating systems are 100% secure - nothing is - but so far I haven't heard of anyone even rooting them.
I also prefer Linux Mint, more precisely, LMDE. However, as far as Android is concerned and as many people have said many times before, it would be fair to count the actual number of devices that got trojans installed not the numbers of trojans ready to be installed.
There is very little evidence of anybody ever getting at least a tiny fraction of those nasty trojans advertised by the AV companies. Despite some individual ludicrous report(s) claiming to routinely intercept the traffic these mystical trojans engage in while using some undisclosed magical methods. I myself cannot present these numbers and can only judge by sampling the population available to me and compare it with the results seen with MS Windows malware. This is my statistics. Pretty much, it's a zero vs virtually everyone.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
