MobilityLeaks: Simmons Drops Mic
On 12/4/2012 9:04 PM, Ram wrote:
Doug Simmons, hopefully your Android is not one of the victims: Security Threat Report 2013
Sent from Windows Mail
Doug Simmons: Ram my man, Android is as open, and therefore as vulnerable to malware, as you choose to make it.
Among these choices: rooting your phone, enabling sideloading, unlocking your bootloader, installing custom roms from XDA, blithely zipping through and ignoring the warnings of what apps you’re installing will be granted access to when installing them, not using the Verify Apps feature of Jelly Bean that check apps you try to install — whether it came from Google Play or from some Chinese piracy site — against a database Google has been building of apps known to be malicious in some manner.
And if something gets onto Google Play that you install that turns out to be bad news, Google does have a remote kill switch they can use to force uninstalls. This happens, but it happens very infrequently because these are extremely rare and isolated events in reality.
In the other direction I can encrypt my phone (full FDE like WP8 I believe), I can have a variety of ways to keep my phone locked unless I’m the guy trying to unlock it including facial recognition, I can just use the apps that came with the phone or only install apps from vendors I trust, if I’m a business I can use Google Apps to set BES-like restrictions on my employees’ Android phones and so forth. And if I’m so inclined, which I’m not, I can install some antivirus that I’m guessing Sophos offers and other vendors that make what you’d call linkbait exaggerations were it about WP.
No, I did not get hit by whatever Sophos is vaguely warning about in this promotional video knocking Google for their own gain using a content distribution service provided by Google.
By the way Ram, can you name a piece of malware that is sitting on Google Play right now that I can install, get mislead by and subsequently screwed somehow? You know, something like Skype 2.0 (at the time owned by Microsoft) which left contacts vulnerable to other apps? You can’t do it, but can you even get someone in our audience to do it? Probably not. Will you concede that?
Yes, Android should have prevented Skype’s mistake from affecting users, you could say both Skype and Android were to blame for that incident, but it was rapidly patched on both sides because of a prolific and large developer interest behind Android (and heavy embarrassment lying on Microsoft and Skype).
For example, along with the military (ours and others), the National Security Agency likes Android apparently, but they wanted to bump up its security a few notches, tweak it a bit before . Because Android is an open source operating system (possibly the reason they favored it in the first place), they were able to modify it to their satisfaction, dubbing it Security Enhanced Android, not just to use themselves but to release to the public (why not). I could build and flash it right now but I’m happy with Paranoid Android and if I want security I can just use my company Blackberry that does virtually nothing other than email and make calls with its stupid reversed shift and alt keys (who’s idea was that?).
I’m not knocking Microsoft for not being open-source — in fact Microsoft Research makes major contributions to the world of open source, like, to give you a recent example, a compiler that takes programs written in a single-threaded manner and magically cranks out a multi-threaded binary so that the application can take advantage of multi-core processors without having been written for them. That’s pretty badass. I bet you didn’t even know about that, let alone run a story on it. Instead you, the guy who bought a phone that can break if I send it an evil text message, throw this Android-bashing bullshit at me, your idea of time well-spent.
Malware in mobile is overblown. Most get affected the same way in mobile as they do on the desktop by doing stupid stuff like clicking on obvious troll links.
Interesting Murani. Perhaps you could explain to me why dealing with PC malware is almost a daily routine for me and cleaning up mobile malware has never touched my to do list. In fact I rely on my phone to find out about PC malware that I have to in turn deal with.