Boffins tag Android app privacy fails A group of researchers from universities in Luxembourg, Germany and the US say they can dramatically improve the detection of privacy leaks between Android processes. The researchers, led by Li Li of the University of Luxembourg, are looking for ways to identify apps that send private data outside the app's own domain without …
My immediate question is: which Android versions, and how does this affect the security?
It's still possible to buy a brand new phone running ICS which will never, ever be upgraded. What does that do to the security of email, banking, and other information that is commonly access via a smartphone?
Since Android apps frequently grant themselves ( with a click-through acceptance of course) permissions that open access to everything on the phone, for the slightest ( or no) reason, this highly technical and academic analysis remains just that, academic. There's not a lot of point bothering about loose window catches when the door is wide open.
Maybe one day, when all this BS is sorted out, I can finally upgrade from my perfectly useful and adequate 'dumbphone'. At the moment there's just too much BS involved with these 'smart' phones for me to actually want to carry a small computer around, considering I only really NEED to have a means of telephone contact in case of crisis or impatient domestic arrangements. Everything else is just a toy, really. Yes, I do think it would be nice to have a camera on me at all times, but from what I've seen of the quality I'm not missing much, especially at the prices I'd be willing to pay for an entry-level device.
Please sort it out guys, then I might jump on board. Get the privacy and permissions sorted, the horrific tablet user interfaces, the mediocre cameras, the charging every day, it all leaves me cold. Until then, my little charge-once-a-week GSM phone remains all I need.
I used to have a small PDA device, which I used to keep work notes digitally and an appointments diary and send them to my PC. Sadly the world (and pro users in particular) turned against these devices and poured scorn on them, preferring to just put everything on the phone. We have many people now who just use their mobile phone instead of a watch, an alarm clock, a camera, PDA, diary, satnav and a fixed phone.
So that those of us who either don't want to be slaves to Google\Apple or who want a device that's really actually good at the thing is is meant to do (for a reasonable price) are left with nowhere to go.
We're stuck with Google\Apple devices that watch our every move and in return provide a good snaps camera, a reasonable PDA, a poor alarm clock, a lousy calendar and a terrible phone.
"Maybe one day, when all this BS is sorted out, I can finally upgrade from my perfectly useful and adequate 'dumbphone'. "
I'm similar, but not quite as much of a stuckist :-)
I love my android tablet, but there is a maintenance requirement that I have no desire to deal with on my phone.
My phone is an old symbian Nokia E63 which I don't intend to replace until it dies (at which point I'll be looking for another E63)
P.S. The E63 has ssh/putty, a camera, and a decent web browser by the still supported UC browser.
Not bad for a phone that came from 'the back of my brothers sock draw', and costs 2p per text, 3p per min voice, 1p a meg data (with 300mb free for a month when you top up £5) and no monthly fees!
By DEFAULT.
Thankfully you can turn this off, but I suspect that many will discover this AFTER their small measures of security have been horribly and intentionally compromised; and remember, Google is a US company. No such thing as privacy there, their legal system makes that extremely clear time and again.
Would nice if the register provided some help in how to reduce or fix these issues, highlighting them is all very well but readers are no further forward in trying to reduce the leakage that inevitability happens. This isn't unique to any specific vendor because peoples private data is treated very badly by pretty much any company or organisation that holds it.
Simple. Buy an iPhone.
Seriously, as trollish as that comment may sound, there is no other way of looking at this than as the product of extremely bad design. Google dun bad. I understand there are other reasons you may not want to buy an iPhone, but on the basis if this issue, it's an answer.
Apple get criticised for it because of the implied delay, but they have a history of identifying which features benefit from careful planning, not rushing those features, and elaborating them with care before release. They did so with copy and paste (since copied wholesale by Android) and then multi-tasking and the result is superior OS control for preventing bad actors (Android's approach by contrast was more akin putting a bucket of money in the middle of the street and saying "now now everyone, be sure to only take what you need and leave enough for others" ). They erred on the side of caution and user control with app permissions, and compared with Android have generally got that whole area right. And they have taken the same approach with inter-app communications and data sharing (e.g, there is virtually non - except between apps owned by a single company and via registering to be able to receive process certain mime types). They knew it was something low on the feature list and that it has huge security implications. Few users really miss it/need it. Indeed Apple even restricted the shared clipboard facility when they realised there was a security threat. And if previously reliable sources are correct they are now ready to put a comprehensive framework in place at this years WWDC.
Generally the result is iOS, though more restricted, is proving to be far more secure (obvious major snafu's like the goto:fail cert bug aside - but at least such security issues when identified are quickly addressed with an update available to all users).
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
