back to article Android at 10: How Google won the smartphone wars

It was an anniversary that prompted much reflection. The Platform had completely triumphed and was now ubiquitous, relied on by people all over the world. You could find the Platform in almost every conceivable kind of device, from cars to TVs. Although Apple had once been the pioneer, it now had to settle for life in the …

Anonymous Coward

The Dystopian Future Today

"For Windows 2003 to become Android 2017, merely add the obvious: Android is far bigger and far more invasive than a PC could ever be. Google's dominance over our personal lives is far greater than Microsoft's ever was. The clunky laptop in the corner did not track your every movement or read your emails. It didn't try to be "smart" – or at least if it did, the derision ensured it did not try for long."

.....Makes for depressing reading... Puzzled how you sound so cheery?

"staying on top might prove much harder for Google... explore in part two."

.....Please tell us the 'data-monster' dies by choking on its own vomit?

49
0
Anonymous Coward

'tell us the 'data-monster' dies'

It'd be great to imagine Fake-News killing off Google & Facebook. But that only happens in novels. Fake-clicks didn't kill them. Slurp revelations didn't even wound them. What will it take?

19
0
Anonymous Coward

Re: 'tell us the 'data-monster' dies'

It'd be great to imagine Fake-News killing off Google & Facebook.....What will it take?

"It's just that Google was in the game, at a time when others didn't realise what the game was."

I'm a long- experienced business strategist by trade and in this quote Mr Orlowski nails EXACTLY how companies win in formative and evolving markets, not just tech, any evolving market. Not by being clever, just by being quick, organised and willing to take well judged commercial risks. But this is also how Google & FB will eventually lose, just as Microsoft lost the phone war, the tablet war, and many other wars.

Dominant players get complacent, nothing new ever matches up to the scale and glory of their core business, it never gets the resources, energy, effort. And, in a dominant business, even for new products nobody ever has the hunger of the new kids, who live or die by their efforts. New ventures need multiple approvals from middle and senior managers who are incumbents, and see no value in attaching their name to possible failure. Look at how the old Motorola (pre-Google) struggled and failed to innovate, and the original V3 had to be developed in secret to stop it being crushed by the bureaucracy. Nowadays, these big companies promote ideas like "fail fast" and internal incubators - yet those all fail because they're still part of that dominant player, who no longer needs to, or can, innovate. Google trial lots of new things, yet look how they failed so spectacularly in social media, precisely because they didn't realise what the game was until it was over.

Sometimes companies win, and then lose, because surviving and growing is a different to winning the market in the first place. Friends Reunited, for example, or perhaps even AOL. Look at how Tesla have won the premium EV market, whilst the motor industry sat on its arse, most not knowing what the game was, or thinking that it hadn't yet started. In that case, although Tesla have already won, there's further separate battles that I think they will lose - that they won't scale the business successfully, or be able to capitalise and build on their current winning position. But Tesla will probably live on in name, and will be fondly remembered as the company who defined the EV as a desirable, attractive car with great performance, decent range, and widespread charging support.

Almost by definition, big companies lose because, like an elderly jaywalker, they simply don't see the fast car that wipes them out. So it will be with Google, Facebook. They won't go quickly or quietly, but they won't have anywhere to go as something most people won't see until it's done makes their core platform a lower value, low growth operation.

60
1
Silver badge

Re: 'tell us the 'data-monster' dies'

"Almost by definition, big companies lose "

What's really worrying here though is what they will be replaced by, in general they will be overtaken by someone even more evil....

18
1

Re: 'tell us the 'data-monster' dies'

What would make their demise interesting would be how people will get years of stuff they've uploaded back out of the platforms, or maybe, like MySpace and Orkut, they'll just hang around like dusty old attics.

6
0

Re: 'tell us the 'data-monster' dies'

Do not agree. The future is AI and Google is well ahead of the others where the puck is going. MS keeps skating where the puck was already at.

6
12
Silver badge

Re: 'tell us the 'data-monster' dies'

@AC - About big companies - Successful big companies have a leadership that plays to win. They understand their strengths and weaknesses. What happens in many is the leadership plays not to lose.

8
0
Anonymous Coward

Re: 'tell us the 'data-monster' dies'

Successful big companies have a leadership that plays to win. They understand their strengths and weaknesses.

As the relevant AC, I'd like to say that I've got a lot of experience of different companies, and in almost all companies, when they stop to think about it, they do have a good idea of what they are good and bad at. But the incumbent mindset is unable to adjust to the analysis they undertake. Take UK energy suppliers - awful customer service, slow to react, pathologically process focused, competition-fearing, low innovation, risk averse. I've worked with the directors of one of these companies, they know all this, but they simply have a mental block about the fairly radical steps needed to overcome them. There's change initiative after change initiative - but nothing really changes. There's board away days with world famous gurus, every £1,000 a day consultant they can find, but they can't see that they are the problem, and that their behaviour is the shadow that all the middle and senior managers emulate.

One other thought, in the longer view perspective, there's very, very few companies that survive and are continuously successful. Many are successful for a few years, or even decades, but what do you now hear of the East India Company, for example? They were so successful that at one point they ruled a quarter of the world. Even within the past hundred years, this pattern is repeated. A tiny number of businesses prolong this period by reinventing their business model, but that's in effect becoming a portfolio investor rather than running a company - GE are a good example of that.

So, understanding SWOT is easy, but getting the directors of a successful company to back change is very, very difficult. How obvious was it to us that Uber was in trouble and needed radical top down change? Yet Travis the man couldn't see the need, or more likely he couldn't see how. Google et al don't see that tax dodging, and obsessive lobbying already are liabilities - by the time they do, they won't know how to stop. In the longer term, I don't believe there are any successful companies - they come they go, some thrive, then fade. None live forever, but unlike animals they can't live on through reproduction. And M&A merely moves corporate assets around, it doesn't enable the corporations to live on.

27
0
Bronze badge

Re: 'tell us the 'data-monster' dies'

The future is AI<P>

The future was AI in 1947, and still will be in 2047.<p>

To paraphrase the Goons: "Artificial Intelligence? We need the real thing!"

18
0
Silver badge

Re: 'tell us the 'data-monster' dies'

What would make their demise interesting would be how people will get years of stuff they've uploaded back out of the platforms, or maybe, like MySpace and Orkut, they'll just hang around like dusty old attics.

Well, in a catastrophic event, like a bankruptcy, the bills don't get paid, the servers get turned off, and then all the assets get sold. Chances of seeing your data again from those servers = nil. But that's unlikely, and I'd guess that these giants will fade away, there would be plenty of chance to get your data out, and advanced warning of a controlled cessation of services. Ignore the warnings, though, and your data goes.

A related question, is what happens to your cloudy data if another corporation buys the fading business and therefore has access to all the unencrypted data within it. Ignoring any theoretical rights, what PRACTICAL rights will users have regarding their data and privacy? The data is probably already held outside the EU, the original agreements with the service provider may or may not carry over, there may be no opportunity for redress through any fair legal system or arbitration route. The buyer could well be

intending to ream out every cent of value by abusing the data for all it is worth. Potentially, the buyer could be a non-investor owned corporation with very low transparency, possibly allied to (eg) the Chinese government, and their behaviour might make people think Google had behaved like a saint....

5
0

Re: 'tell us the 'data-monster' dies'

It rather reminds me of the National Cash Register (NCR) company, who sat complacently on their mechanical design and manufacture, as the digital age steamrollered them flat.

2
1
Silver badge

Re: 'tell us the 'data-monster' dies'

It rather reminds me of the National Cash Register (NCR) company, who sat complacently on their mechanical design and manufacture, as the digital age steamrollered them flat.

I believe NCR were doing a more than adequate job on the move to digital, up until AT&T bought them and crushed them to death? They were one of the five last mainframe makers, they had a successful line in EPOS, they were the leader in ATMs. I suppose it may have been the same outcome if AT&T hadn't bought them, but we'll never know that.

5
0
Gold badge
Gimp

" just about good enough, and its parent was prepared to cross subsidise it hugely."

That's exactly how Windows was developed and how Microsoft won on the desktop.

Expect the same "We are not a monopoly, other options exist" BS from Google ad infinitum.

And yes, all your data belong to us.

"Do no evil." Who are they f**king kidding.

9
2
Silver badge

Re: 'tell us the 'data-monster' dies'

@AC - I do not think we really disagree overall. The problem of a company is that it is hard to continuously find aggressive leaders who will play to win. Somewhere around the third or fourth CEO companies often pick] an excessively cautious CEO whose mindset is not to win but not to lose. If the board does not quickly realize this the excessive caution gets ingrained in the organization and they develop a pathological aversion to risk over time. The aversion to risk allows a competitor to grab profitable markets before the lumbering dinosaur is even aware of them.

An example is Slurp. Gates was a driven leader who made Slurp a dominant software slinger. Ballmer tried to continue this in his tenure; the Nokia purchase is sign he was willing to take big risks. Nadella seems to be trying 'safe' bets such as SaaS and the cloud. He failed to understand Ballmer's Nokia purchase as an attempt to secure a future for Slurp on mobile devices. Nadella's strategy seems to be a 'me too' vendor in SaaS and cloud. The problem is for both is that SaaS and cloud are largely DOA in consumer space; very few consumers are thrilled at constantly paying subscriptions for something they use irregularly. So Slurp is now competing more directly with entrenched vendors in both who will fiercely fight any Slurp incursion. They are also largely fighting over the same customer base. Other than Office, Slurp's SaaS and cloud options are not sufficiently different to warrant being the automatic first choice vendor.

3
1

Re: 'tell us the 'data-monster' dies'

There are plenty of incumbents who have been around for many decades and haven't blown it and are making plenty of money. The collapse of incumbents is a juicy narrative, not a universal truth. It depends. Nothing lasts forever but there are many things around us that have apparently lasted for a lasted for a long time.

1
0

Re: Where is the anti virus to kill the Google virus? Bring it on!!

Google must die! Google deleted all of my photos on Picasa when I left YouTube. Recently it deleted all of my contacts and phone numbers on my mobile and much more! Grrrrrr!. As I see it, Google is in the top category of virus, it removes or alters programs on your computer! It installs it's own programs on your computer or phone and makes changes. Under another name there would be anti virus programs to get rid of it - bring them on!

0
0

Re: 'they come, they go... '

"... they come they go, some thrive, then fade. None live forever..."

Really excellent points here. But we should not be complacent. I think there is something to be concerned about. Yes, the East India Company was huge - so were Standard Oil and Bell Telephones - and yes, all these declined. But they weren't truly multinational ("globalised") in the way that Google and Facebook et al are today. The US was able act to split Bell into baby Bells. But the same trick in today's circumstances is starting to look unlikely.

While the issues of undue political influence and the erosion of the corporate tax base are widely acknowledged, western powers are looking disturbingly impotent, constantly divided and distracted and beset by lobbying. Nothing is being done to counter the threat. Nothing really viable seems even to be in the pipeline. Very soon it might be to late. Perhaps it already is.

0
0
Anonymous Coward

Horsecrap

"and every word above that describes Windows in 2003 also applies to Android today."

Android isn't insecure, it's very secure. This doesn't fit very well with the clickbaiters and anti-virus industry desperate to cash in, but it's the truth.

Android gets monthly patches, delivered in a timely manner to 1st party devices, (if you were stupid enough to buy 2nd party, or even 3rd paty device, that is not Google, nor Android's fault).

Android has had proper application sandboxing from the outset, it's had a very good permissions based system, it's had a application store locked down by default. Windows had NONE of these things.

With more active Android devices that Windows, you would thin malware would be widespread, however pretty much every story in the media is purely hypothetical, here in the real world, nobody ever sees real world problems.

Whilst Windows has been the malware cesspool since the beginning of the Internet, and continues to be, even in Windows 10, whilst Android security problems are pretty much non existent..

24
74
Anonymous Coward

"BankBot Android malware sneaks into the Google Play Store - for the third time"

Just the latest news...

http://www.zdnet.com/article/bankbot-android-malware-sneaks-into-the-google-play-store-for-the-third-time/

Smartphone malware is designed in different ways than desktop one.... take away your pink Google glasses, in the real world people run into troubles with Android.

But of course they are "fake news", aren't they?

32
8
Silver badge

Re: Horsecrap

Forgive my ignorance - does "1st party" here refer to the rather small number of android handsets from Google themselves?

If so does that make Samsung a 2nd party, or a 3rd?

Genuinely curious...

27
1
Silver badge

Re: "BankBot Android malware sneaks into the Google Play Store - for the third time"

But of course they are "fake news", aren't they?

The OP was extreme in their position, but surely still has a valid point that the prevalence of actively exploited security problems on the Android platform does seem to be far behind the endless problems associated with Windows?

23
7
Silver badge
Boffin

Re: Horsecrap

"Android security problems are pretty much non existent.."

In 2003, the vast majority of applications installed (legitimately) on a Windows PC were still installed from physical media. The "internet" was still a relatively new territory, and Microsoft - in their usual style - were completely wrong-footed when it came to the challenges that this might bring, namely the ability to piggy-back viruses and other nasties onto the back of emails, attachments etc that could then propagate themselves across networks and via email by plundering address books.

Fast-forward to 2017, and the benefit of over a decade of experience. Android was built with a connected world in mind, and as a result is fundamentally more secure to the attack vectors that plagued early 2000s Windows PCs. However, if you want to install any software on Android, your options are either to get it from the Play store, or turn on sideloading capabilities and download it from another source. This latter option is considered risky, to the point where the argument has been posed to remove the ability. And the former option? Well,

I'll just leave this here...

In short, the attack targets have moved on in accordance with direction technology has taken, based on profit and easy of access - and considering that it costs a mere $25 to submit as many apps as you want to the store of the highest-market-share mobile OS, coupled with said store's front-line policing being purely algorithmic, it is not surprising that, to quote, "It's 2017 and you can still pwn Android gear with [insert attack vector here]".

Security is, and always will be, a consistent predator-prey type chase - and anyone who claims that a system's security problems "are pretty much non existent" is either using something that is completely disconnected from everything, or has drunk the cool-aid of their vendor of choice.

21
5
Silver badge
Windows

Re: Horsecrap

A better comparison would be Windows Phone, which was kept well updated, and as far as I know did not suffer from malware. WP 8.1 was possibly the best OS Microsoft ever made. Too bad Microsoft broke everything that was good about it in the phone version of Windows 10: after having now used it for a couple of months, I can say they lost the phone wars deservedly...

22
1
Silver badge
FAIL

Re: Horsecrap

Android isn't insecure, it's very secure. This doesn't fit very well with the clickbaiters and anti-virus industry desperate to cash in, but it's the truth.

Android gets monthly patches, delivered in a timely manner to 1st party devices, (if you were stupid enough to buy 2nd party, or even 3rd paty device, that is not Google, nor Android's fault).

If Windows could only be updated on Surface, and OEMs took their own sweet time before sending out their own versions of those updates, and those OEM machines sold by shops who offered computers on credit held things up too by having to update their own bloatware as well before giving the go-ahead, nobody would be dare be silly enough to call Windows a secure OS. But that's what you're doing here.

19
0
Pirate

Re: Horsecrap - MyffyW

Bought from Google - 1st party

Bought direct from Phone manufacturer or Carphone Warehouse etc unlocked - 2nd party

Bought subsidised from phone company - 3rd party

7
8

Re: Horsecrap

"Android gets monthly patches, delivered in a timely manner to 1st party devices, (if you were stupid enough to buy 2nd party, or even 3rd paty device, that is not Google, nor Android's fault)."

I have a Nexus 4 phone and a Nexus 7 tablet kicking around at home somewhere. They are both 1st party devices. Where are their monthly patches?

38
3
Anonymous Coward

Re: Horsecrap - MyffyW

Sorta

1st party = Nexus or Google Pixel

2nd party = Samsung, LG, Huawei, etc devices on an OTA upgrade path from the OEM

3rd party = a customised version of 2 sold to you by a carrier, with special uninstallable carrier apps skins bootup logos etc.

The patches trickle down from 1 (Google) to 2 (OEMs) to 3 (Carriers), with a large drop-off rate along the way.

10
0
FIA

Re: Horsecrap

Android gets monthly patches, delivered in a timely manner to 1st party devices,

Android has recently started receiving monthly patches, as previously the state of Android fixes even for hardware from Google was woeful. I believe you're guaranteed these for up to 2 years?

(if you were stupid enough to buy 2nd party, or even 3rd paty device,

Android powers consumer devices, to expect consumers to all be fully versed in the intricacies of IT security is naive; and also does little to actually address the issue. People quite rightly expect to buy things that 'work'.

If your ADSL router ends up as part of a botnet is it because you're stupid for not buying XYZ? As it's consumer hardware shouldn't you have a reasonable expectancy of it being fit for purpose?

To decry unknowledgeable people as stupid doesn't really help the issue, the vast majority of Android devices aren't 'first party' and don't receive timely security patches. This is getting better, but is still not great.

that is not Google, nor Android's fault).

Who's fault is it if not Googles? Android is (primarily) a data capture platform for their advertising business, it's users are not the main customers. Security only became an issue to Google when it stood a chance of impacting their bottom line.

I'm not saying this is a bad thing, they're an ad broker after all and most companies don't spend on things like security until there's a demonstrable ROI.

However it does mean that easily updatable and patchable weren't primary design consideration in the early days, and the subsequent efforts are taking time to be broadly accepted. (For example, Android is based upon the Linux kernel, and for various reasons Linux doesn't have a well defined and version stable binary interface to it's driver layer; which means any new kernel version require more effort on the part of OEMs for driver validation. This acts as a disincentive to OEMs to update often as it increases cost, often on devices that have already been sold).

here in the real world, nobody ever sees real world problems.

What do you base that on if you don't believe the media? Do you just mean 'I don't know anyone?' (in which case your sample size isn't really representative), or have you actually carried out or are aware of some decent research into the matter?

18
0
Silver badge

Re: Horsecrap - MyffyW

Bought from Google - 1st party

Bought direct from Phone manufacturer or Carphone Warehouse etc unlocked - 2nd party

Bought subsidised from phone company - 3rd party

No, I think you're missing the point.

Google-branded phone with unmodified Google Android - 1st party.

OEM-branded phone with the OEM's own customization and skinning - 2nd party.

OEM-branded phone bought subsidized from airtime provider with customization by OEM and by airco - 3rd party.

What's relevant is the number of customizations that would have to be re-applied to an Android update in order to upgrade the device. The closer to Google your device was sourced the more likely it is to see an upgrade.

6
0
Anonymous Coward

"endless problems associated with Windows?endless problems associated with Windows?"

Are you comparing oranges with apples? A desktop operating system has inevitably a far larger attack surface than a mobile OS, for the very reason it is much more versatile. Very few will accept the limitations mobe apps have on a desktop.

Desktops don't get replaced every two years like a mobe, and many of them run more critical software than any mobe.

There are also good chances your find more valuable data on a desktop (or server), and they are more useful as members of a botnet.

Windows adds to that a legacy of old protocols and applications which is really time to kill once for ever, but there are also too many systems that may be crippled by that. iOS could kill all 32 bit applications at once, Windows can't do that.

What do you prefer? Your local hospital crippled by a malware, or by a Windows update that causes any old application to stop working?

And would you really like a Windows where you can't install applications but from its Store, which is something MS is trying to achieve? Or applications sandboxed in ways that make exchanging files and data a nightmare?

7
0
Anonymous Coward

Re: Horsecrap

Yep, of course. If you buy a network agnostic Samsung you are 2nd party and rely on how long it takes Samsung to pull their finger out, if you buy a network locked Samsung phone you are a 3rd party customer at the mercy of your network too.

Its not rocket science,but clearly too many cretins can't work it out, and want to pay 3rd party prices for a flashy phone at rock bottom monthly rates powered by network subsidies, and expect 1st party support that you get only from Apple or Google.

4
7
Anonymous Coward

Re: "BankBot Android malware sneaks into the Google Play Store - for the third time"

They don't actually take about how many people actually got affected by this, or what permissions the app asked for.

I know the answer, sod all real end users, a handful of security "experts" and the permissions are extreme to say the least, including needing to grant access to text messages and draw overlays on the screen.

You would have to be a total cretin, or a security "researcher",(essentially the same thing) to fall for this.

How many numpties stupid enough to fall for this even know what a crypto currency is????

Quite clearly if you believe this story, then you too are buying i to the mountains of horseshit news that ZDNet and the others are desperate to push in an era of trying to generate revenue from anywhere.....

Is it fake news, yes of course, there are small elements of the story that are true to attempt to add some credibility, but sod all in the way of any factual data to back up the claims

2
17
Anonymous Coward

Re: Horsecrap

LineageOS. Both those devices are now over 5 years old. Thank yourself lucky you didn't buy apple, they would have dumped you well before the 5 year mark, and an dumped apple device doesn't get ANY system updates.

Your 5year old nexus devices however will have been updated to run the latest web browser and WebKit library for other apps to use) the latest email and gmail apps, and every other store updatable system app too, google would have squirted down the latest SSL libraries via Google play services too and would have sent you play protect (on device scanning for malicious apps).

So yes, you got a hell of a lot more than a apple user would above got, your updates were delivered seamlessly without you noticing or needing a full OS update to get them.

Are you missing out on kernel fixes, yes, but it's unreasonable to expect them on a device that cost less than £250 5 years ago.

2
5
Anonymous Coward

Re: Horsecrap

I stopped reading at "Android has recently started receiving monthly patches,"

Android has been delivering monthly security updates for over 5 years... I can't be bothered to read the rest, it's also clearly also made up, or read from some corner of the internet that fits with what you want to believe is true.

2
10

Re: Horsecrap

"I have a Nexus 4 phone and a Nexus 7 tablet kicking around at home somewhere. They are both 1st party devices. Where are their monthly patches?"

While Apple does a much better job than Google on updates/patches, old iphones can be unsupported - try putting IOS11 on a Iphone 5.

4
0
Anonymous Coward

Re: Horsecrap

I think google does a much better job than Apple personally. On 1st party devices, Google support in on par with apple, but android has a much better architecture for delivering updates. Apple need OS flash to fix a keyboard bug, Google deliver the system app via the play store, no OS update needed.

2
6

Re: "endless problems associated with Windows?endless problems associated with Windows?"

How does a desktop OS have a larger attack surface? It is the exact opposite in every dimension. There is far more mobile software. Mobile OSs are doing far more things than desktop. Mobile phones are mobile so they are exposed to far more physical areas. There is a lot more mobile phones. Mobile phones are changing a lot faster than desktop. Mobile phones interface with a lot more things than desktop.

5
6

Re: Horsecrap

Are you missing out on kernel fixes, yes, but it's unreasonable to expect them on a device that cost less than £250 5 years ago.

And this is exactly the problem. If I had bought a less than £250 Windows PC 5 years ago, I would still be getting kernel updates.

19
2
Silver badge

Re: Horsecrap

Android gets monthly patches, delivered in a timely manner to 1st party devices, (if you were stupid enough to buy 2nd party, or even 3rd paty device, that is not Google, nor Android's fault).

Sheesh, do Google employees have nothing better to do....?

9
1
Bronze badge

Re: Horsecrap

However, if you want to install any software on Android, your options are either to get it from the Play store, or turn on sideloading capabilities and download it from another source. This latter option is considered risky, to the point where the argument has been posed to remove the ability.

Seems to me the insistence on locking out the very people who *bought and paid for* their devices is wrongheaded in so many ways. You need a security patch the vendor hasn't provided? Tough luck sucker, cough up money for a new one and toss your old one in the toxic landfill. You want to secure your device further than the vendor's (or even Google's) failed attempts at it (such as parental controls for a child's device)? Too bad, you are forbidden the very root access you would need in order to do a proper low-level configuration.

Heck, even on your most cluttered crapware-infested and insecure MSWin preload, you could at least wipe the system and do a clean, stripped-down install of an OS (excluding those abominations with locked-out "secure boot"). Android forbids that *by design*. Properly done, an Android system would have it's OS on a removable flash-storage that could be pulled, reformatted or replaced (much as you could pull and replace a HDD in a PC now). But we aren't "customers" to the Android vendors; we're just sheep to be fleeced.

11
0
Bronze badge

Re: Horsecrap - MyffyW

1st party = Nexus or Google Pixel

2nd party = Samsung, LG, Huawei, etc devices on an OTA upgrade path from the OEM

3rd party = a customised version of 2 sold to you by a carrier, with special uninstallable carrier apps skins bootup logos etc.

Sorry, but I'd place the Google/Nexus devices in "2nd party" as well, considering their inability to keep up on updates as well.

The only thing that would qualify as "1st party" would be anything that can be readily flashed with the latest LineageOS build. If you can't fully control the device, you don't really "own" it, regardless of how much you paid for it.

7
0
Silver badge

Re: Horsecrap

Apple need OS flash to fix a keyboard bug,

Yes, but there were many lies being told around the web about the fix for the keyboard "i" problem being a 1GB full OS download. In fact the 11.1.1 update is already out and is only 44.6MB including a separate SIRI fix.

Yes, it does include a rstart, no big deal in itself and when I used an Android a reboot was usually a pretty good idea more often than not anyway.

2
1
Anonymous Coward

"How does a desktop OS have a larger attack surface?"

1) It does support many more network protocols than a mobe, and related services/deamons

2) It has far more and more complex APIs

3) It runs a broader variety of and far more complex applications (just loot at how an Apache Struts vuln can create havoc...)

4) Applications can interact in many more ways

5) Unlike most mobes they can receive network connections initiated from other machines (and usually mobes are behind the mobile company NAT system, which shields them from direct attacks)

6) User perform more complex operations, involving more complex documents and data (which may be used as attack vectors)

7) As already said, they need to support a lot of old, legacy applications.

8) Unlike a mobe, there are far more concurrent services and applications running

9) The amount of RAM, CPU cycles, and disk space makes far easier to hide malicious code.

10) It does support a far broader range of devices, and thereby needs their drivers

If you believe your mobe OS is alile a desktop OS, ask youself why Google don't run everything on Android...

7
1
Silver badge

@Ledswinger - prevalence of actively exploited ... on Android v Windows

People - including/especially bad guys - go where the money is. At first malware was just to mess with people, the only thing the author got out of it was notoriety. Malware 2.0 came when building armies of bots for spamming became something you could make money with, so malware become monetized. As botnet armies are becoming less profitable for spamming we're starting malware 3.0 now - monetizing via ransomware.

Phones were never useful for spam botnets, so they were irrelevant to malware 2.0. Having a backup of your phone is (ironically) a lot easier for people than a backup of your PC, so malware 3.0 isn't likely to be a factor on phones either.

There are plenty of exploits found every month on phones, but in order to develop specific mass attacks, there has to be some monetary reward waiting. Otherwise the bad guys are going to continue putting their efforts towards PCs instead of phones, since they know there's a payoff waiting on PCs but not really on phones.

The reason people are willing to pay big bucks on the black market for a 0 day on Android (and even bigger bucks on iOS) is not because they want to use it to hack a million phones. They want to use it to hack a few specifically targeted phones. If they can attack the phone and turn it into a tracker or maybe even a listening device, they can make a lot of money with the right target. Let's say they could listen in on some sensitive meeting - they could find out about a merger before it happens and make millions in the stock market. But what would be the point of listening to a million phones, what could you do with that? Nothing, because it would take forever to find the one or two conversations that you could monetize.

7
0
Bronze badge

Re: Horsecrap

But any reasonable European would expect that, on pain of prison sentence for the company directors, the device would receive security upgrades as long as it remains operational - or at least 7 years - because the malware is a threat to others, not just the owner, and the owner is most certainly not a security expert.

However, the EU has dropped the ball on this one. We need to leave the EU, so Boris can go after the Phone manufacturers for us (with a soft pillow)!

5
1
Silver badge

Re: Horsecrap

Android isn't insecure, it's very secure.

Designed by an advertising company with hooks to every aspect of the device it's on, with the sole aim of gathering and sending data to them.

Then they offer the data gathering APIs to all third party programmers to use as they will.

Then there's the poorly vetted app store, the fact that even the devices they themselves make get poor security support after a very short time, or the fact that lots of third party manufacturers are loath to move to newer, safer versions because Alphabet keeps upping the onus on them with each new version...

<sarc>Well, you can't get much more secure than that, can you?</sarc>

4
0

Re: Horsecrap

The OEMs (and network operators) and their customisations are the problem, and the same thing does happen with windows but to a much smaller extent... Various vendors (eg of ATMs or POS systems) provide preinstalled versions of windows which you aren't supposed to update using the standard updates, if you do so the device becomes unsupported by the vendor and it may well break their custom software.

I had similar problems with symbian phones, where operators would provide their own hacked versions with features broken or disabled etc, and often very unstable... Usually you could wipe them and install the stock nokia firmware which i'd done on several occasions.

2
0
Silver badge

Re: Horsecrap

All those security holes Google issues patches for every month are for Android, not for OEM or network operator customizations so you can hardly pin the blame on them. Whatever security holes they create may be unknown to the user since there would be fewer people looking for them versus generic Android bugs that would apply to all phones. If/when OEM customization bugs are fixed the OEM may never tell you that "fix for Touchwiz security hole X" was included in the Android patch that was installed. Which Android OEMs publish CVEs for their own layers (i.e. Touchwiz or whatever) or bundled apps? I'd be surprised to discover many do, they'd rather hide the problem.

I don't think the OEMs have much incentive to look for bugs themselves in the way Google and Apple do, because they don't want end users to know that they may be adding insecurities on top of the ones Google is giving them. If OEMs don't list their fixes - or worse don't bother to even do fixes unless an outsider finds a bug and makes it / threatens to make it public - they can preserve an illusion that OEM or network operator customizations don't add any holes...

3
0
Silver badge

Re: Horsecrap

I think google does a much better job than Apple personally. On 1st party devices, Google support in on par with apple, but android has a much better architecture for delivering updates. Apple need OS flash to fix a keyboard bug, Google deliver the system app via the play store, no OS update needed.

Earlier Nexus devices have stopped receiving updates whereas Apple still support devices of a similar age.

Google putting their keyboard on the App Store is only to try and get people with 2nd party phones to install their slurpboard. That obviously makes no sense with iPhones.

And as Google refuse to make AOSP Keyboard available on the Play Store, Simple Keyboard will have to do.

4
0
Anonymous Coward

Re: Horsecrap

You known also have monthly patches too, but the luxury of closed source means they can silently fix them and. It have to declare them publicly. Because android is opensource, it's all in the open for everyone to see, no hidden behind closed doors shenanigans. This is handy monthly clickbait for el-reg and others, so everyone is happy.

0
0

Page:

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Forums

Biting the hand that feeds IT © 1998–2017