[personal profile] abortrephrase
There's been rather a lot of talk about vulnerability in recent HTC Android phones, and rather less about the lock screen flaw on the Samsung Galaxy S II for AT&T.

The summary version of the former, for those who don't want to read that whole article or who don't understand it: recent HTC phones include an always-on logger which has access to pretty much everything on the phone. This logger can be accessed by any application on the phone which has the basic "internet" privilege, which is pretty much everything.

So it's a giant gaping hole just waiting for someone to exploit. As best I can tell from the discussion online it's not remotely-exploitable, if you have one of these phones it isn't immediate-panic-stations time, but it does mean that any application you install could be siphoning data off and sending it elsewhere, without needing to ask you first.

The latter requires physical access to the device and may only be relevant to the AT&T variant. It's a simple trick which lets anyone who can get their hands on the phone get in to it even if you've set a security lock.

Both of these demonstrate a risk that comes with Android: there are many fingers in the pie, and you can't be sure where all of them have been. Code on an Android phone will have come from a mix of Google, the device manufacturer, and your mobile operator. You have to trust that all of them get it right, and it is demonstrably true that this is not always the case.

It's an argument in favour of the Apple/Microsoft model wherein only the OS supplier mucks about with the internals, neither the OEM or telco can modify the system beyond installing simple apps with no elevated rights. It may be that Google wind up trying harder to dissuade OEMs from altering the system, we'll have to wait and see how that pans out.

In the meantime it's a pity that Windows Phone 7 isn't getting more carrier love. Obviously they don't like the "can't make mandatory customisations" thing Microsoft is insisting on, just how Microsoft are going to bootstrap to the point Apple is at where the carriers need them more than they need the carriers is another interesting question.

Such a shame the Nokia N9 -- which is even getting television advertising, rather odd for an end-of-line device like this -- is dead on arrival.

(no subject)

Date: 2011-10-03 06:10 am (UTC)
redcountess: (Default)
From: [personal profile] redcountess
Is this vulnerability on other phones, eg. 3.1 on my Xperia X10i?

(no subject)

Date: 2011-10-03 06:12 am (UTC)
ideological_cuddle: (Default)
From: [personal profile] ideological_cuddle
No, it's purely a HTC thing. HTC customise Android extensively, and the more recent phones have this hole in them.

(no subject)

Date: 2011-10-03 10:17 am (UTC)
pir: (Default)
From: [personal profile] pir
Or an argument for Nexus phones, which only have Google doing code (well, beyond some device drivers and such).

(no subject)

Date: 2011-10-04 06:17 am (UTC)
thorfinn: <user name="seedy_girl"> and <user name="thorfinn"> (Default)
From: [personal profile] thorfinn
Or possibly the Motorola Mobility range now that they've been Googleborged, depending on how that goes structurally.

(no subject)

Date: 2011-10-04 06:21 am (UTC)
ideological_cuddle: (Default)
From: [personal profile] ideological_cuddle
If you take Google at their word on this, Moto won't mean effectively-Nexus.

The "you should go Nexus" argument would carry more weight in the non-geek consumer space if AOSP Android weren't kind of bland and unpolished. Will be interested to see how Ice Cream Sandwich improves on this, but then they were saying Gingerbread was going to do the trick, too.

(no subject)

Date: 2011-10-04 06:35 am (UTC)
thorfinn: <user name="seedy_girl"> and <user name="thorfinn"> (Default)
From: [personal profile] thorfinn
Moto not being Nexus is probably a good thing - the question is, does being owned by Google counter the financial dis-incentive to provide OS upgrades including security fixes to end users? Depends on what they do with the bean counting and the details of who controls product decisions, I expect. No clear answer at present, I would say. :-)

As far as bare Android goes... Well, yeah. AFAICT Google don't deal with understanding the motivations of normal humans very well, in anything they do.


Abort, Rephrase, Ignore?

October 2011

2 345678

Most Popular Tags

Style Credit

Expand Cut Tags

No cut tags