 EGeezer
Premium Member
join:2002-08-04
Midwest
kudos:8 ·Callcentric
|
EGeezer
Premium Member
2016-Mar-11 1:28 pm
Attack on Zygote: a new twist in the evolution of mobile threatsHere's a nice writeup from Securelist, with information on technical as well as non-technical levels. ... Since the first article (August 2015), things have changed for the worse – the number of malware families of this type has increased from four to 11 and they are spreading more actively and becoming much better at “rooting”. According to our estimates, Trojans with superuser privileges attacked about 10% of Android-based mobile devices in the second half of 2015. There were also cases of these programs being pre-installed on new mobile devices coming from China. ...
Article here; » securelist.com/analysis/ ··· threats/--
If no mistake have you made, yet losing you are … a different game you should play
- Yoda |
|
 trparkyAndroid... get back here
MVM
join:2000-05-24
Cleveland, OH
kudos:4 ·AT&T U-Verse
|
I have been saying that this was going to become a problem in the past yet people on this site all told me that I was wrong, I was Chicken Little screaming that the sky was falling, etc. The reason why this has become such a problem is that most if not all of the Android OEMs don't care about their devices past the point of you forking your money over for them. They're too busy coming up with "The Next Big Thing" to care one bit about your year old device. They figure that they already have your money. They don't care, they don't have to. Reminds me of that old comedy skit... "We don't care. We don't have to. We're the Phone Company." After you spent nearly $700 to $800 (be it an LG, HTC, or Samsung device) for the phone don't you think you deserve to get updates for your money? The Android experience as it exists today is like buying a Windows computer and being told by Microsoft that you won't get Windows Updates because well... we don't care. Even Microsoft isn't that stupid and we all know how utterly stupid Microsoft has been as of late. There's no excuse here, the Android OEMs don't care about you past the point of you handing your money to them and I think that's wrong. If you ask me, the whole Android ecosystem is looking like the days of Windows before the advent of Windows Update. Millions of devices, vulnerable to being exploited, and yet no software patches in sight. Android... a security nightmare. --
Tom
Tom's Tech Blog |
|
 ·Cox HSI
|
to EGeezer
Problem is these companies offer a wide variety of phones at different price points. Then add their own custom interface. You figure the phones are only on the shelves for about a year, since they pump out new ones so fast. Then if your phone is discontinued your SOL with updates. What they need to do is offer some type of Vanilla upgrade path after they drop support for the phone. |
|
trparkyAndroid... get back here
MVM
join:2000-05-24
Cleveland, OH
kudos:4 ·AT&T U-Verse
|
It seems that the Android OEMs come out with new devices everytime the traffic lights turn red. The thing I can think of as a reason is because they feel that they absolutely need to have a new device to beat their competitor over the head with it only to be beaten over the head by their competitor three months later. That's no way to run an industry, that's stupidity. --
Tom
Tom's Tech Blog |
|
·Cox HSI
|
said by trparky:It seems that the Android OEMs come out with new devices everytime the traffic lights turn red. The thing I can think of as a reason is because they feel that they absolutely need to have a new device to beat their competitor over the head with it only to be beaten over the head by their competitor three months later.
That's no way to run an industry, that's stupidity.
Well... Not everyone can afford a luxurious iPhone. So they have to sell cheaper phones in bulk to make decent profit, which means several different cheap versions. Also lets face the facts, Android users are cheapskates compared to Apple users. They have the majority of the market, but the Apple app/entertainment ecosystem is much more profitable. Just like buying 400 dollar Celeron computers at WalMart VS. a 2,500 dollar Macintosh at the Apple Store. If the user base initially buys cheap and uses mostly freeware why is the company going to offer extended support for their products? |
|
trparkyAndroid... get back here
MVM
join:2000-05-24
Cleveland, OH
kudos:4 ·AT&T U-Verse
|
I'm looking at Samsung here. They have the S Series which consists of the regular S and the S Edge device. Then they have the Note series. That's three device classes each year. And then the three device classes are broken down even more because some come with the Exynos chip and some come with the Qualcomm chip depending upon where you live. That's a lot of hardware to support each year. --
Tom
Tom's Tech Blog |
|
| trparky |
Now if they standardized the hardware down to one chip design to be used worldwide they would cut their development costs by half. There's a lot of things that Samsung could do to cut the costs of developments and make it easier to make software updates. Heck, even the cheaper phones sold as prepaid device could use the same hardware (chip, RAM, and Flash memory) but in a smaller package. That way they can use the same software builds on the whole device lineup and add in only what's needed for a specific device (SPen, etc.). --
Tom
Tom's Tech Blog |
|
·Cox HSI
|
to trparky
said by trparky:I'm looking at Samsung here. They have the S Series which consists of the regular S and the S Edge device. Then they have the Note series. That's three device classes each year. And then the three device classes are broken down even more because some come with the Exynos chip and some come with the Qualcomm chip depending upon where you live. That's a lot of hardware to support each year.
Here's my gripe. The bulk of Android users are probably using lesser capable devices and going through a 2nd tier network like Virgin, Boost, Cricket, ect. Then you got the flagships with Octa Core, 4 gigs ram. Now tell me how this is gonna benefit me in the app market if the majority of users are using shitty 2nd rate hardware on 2nd rate networks? No wonder the apps are more polished for iPhone. This is why all content will always be better on the iPhone. Even if you have a 10 gigahertz Octa Core Snapdragon with 8 gigs of ram that does circles around the iPhone, it won't do you much good. The software publishers are going to take a good look at the overall market and decide that a tiny amount of flagships is not enough to invest in a killer app, or game. |
|
trparkyAndroid... get back here
MVM
join:2000-05-24
Cleveland, OH
kudos:4 ·AT&T U-Verse
|
And the sad part is that those people who bought those "lesser capable devices" are going to be the ones that suffer the most with the lack of proper software support and updates. Considering just how many exploitable Android devices are out there it's really surprising that there isn't some massive Android-based botnet out there doing God knows what. --
Tom
Tom's Tech Blog |
|
|
EGeezer
Premium Member
join:2002-08-04
Midwest
kudos:8 ·Callcentric
|
to trparky
To me, it's more of a deficiency in the operating system and marketing strategy of Android vendors. Unlike real operating systems, Android is almost an operating system, but little more than a 'content delivery' application that's limited in its hardware support.
But I don't think it's all the fault of the operating system developers. A great part of the blame can be assigned to hardware purveyors who have convinced the buying public (and Android developers) that the best marketing strategy is to have the public buy a new device every six months to get proper function and security.
--
If no mistake have you made, yet losing you are … a different game you should play
- Yoda |
|
|
your moderator at work
hidden : Trolling
|
 sivranVive Vivaldi
Premium Member
join:2003-09-15
Irving, TX
kudos:2 |
to trparky
Re: Attack on Zygote: a new twist in the evolution of mobile threatsEven with more carriers going "contract free" I don't think most people are paying full retail for their phone. Except people like me who have to search high and low for a phone that meets their needs, and end up buying off ebay or Amazon... said by trparky:If you ask me, the whole Android ecosystem is looking like the days of Windows before the advent of Windows Update. Millions of devices, vulnerable to being exploited, and yet no software patches in sight. Android... a security nightmare.
I believe you were also saying before that this situation is a) all Google's fault and b) Android is insecure by design, so what do updates matter anyway. At least I'm pretty sure it was you, linked a video with some very technical details on why Android is swiss cheese, period. --
Opera reborn -- »vivaldi.com |
|
trparkyAndroid... get back here
MVM
join:2000-05-24
Cleveland, OH
kudos:4 ·AT&T U-Verse
1 edit |
I may have said that about Windows being insecure by design, yes. But then again everyone knows that. Android may be insecure by design of the license. Google put nothing in the Android licensing that stated that anybody had to maintain the devices they sold. No clause that states that they must keep them updated, no nothing. Here. Take Android, do what you want with it. In reality, I do think that it's all Google's fault here. They are letting the Android OEMs run roughshod over them and there's nothing in the Android licensing that gives Google any recourse against the OEMs. That's a major licensing issue that I wish Google would solve so that Google has the clout to be able to go to the OEMs and the carriers to say "Hey idiots, do your damn job! Get those security updates out now! You're making Android look bad!" --
Tom
Tom's Tech Blog |
|
| trparky |
to EGeezer
Disclaimer: Yes, I do own an iPhone and I like my iPhone. Yes, my avatar is a picture of the Apple logo chasing Andy the Android but it's all in jest, a joke really. OK, so with all of that being said, I'm not here to be an Apple fanboi I'm simply here to state the obvious. The security landscape of Android is a mess because the OEMs don't care. Plain and simple. You can't argue about that. The fact that it takes six to eight months to get a update to a device (if you're lucky) shows this to be true. If you're unlucky your device doesn't get any updates at all. Again, no room for argument here. In plain and simple terms, the security landscape of Android is a mess; no one can argue about that. --
Tom
Tom's Tech Blog |
|
| |
said by trparky:Disclaimer: Yes, I do own an iPhone and I like my iPhone. Yes, my avatar is a picture of the Apple logo chasing Andy the Android but it's all in jest, a joke really.
OK, so with all of that being said, I'm not here to be an Apple fanboi I'm simply here to state the obvious. The security landscape of Android is a mess because the OEMs don't care. Plain and simple. You can't argue about that. The fact that it takes six to eight months to get a update to a device (if you're lucky) shows this to be true. If you're unlucky your device doesn't get any updates at all. Again, no room for argument here.
In plain and simple terms, the security landscape of Android is a mess; no one can argue about that.
The open, powerful, and flexible nature of Android means there are risks. Just like freedom, you risk that people you may disagree with also enjoy those same freedoms. Those freedoms also come with anyone releasing devices and not necessarily properly supporting them. That's life. iPhones are inflexible, rigid, limited and inflexible overrated toys that only brand-loyal people seem to be enamored by. I have both - a iPhone 6s provided by work, and my Note 5 provided by me because I detest the iPhone's inflexibility and rigidness. Also, I value security and privacy and the Note 5 allows me to install a wide array of privacy/security tools on it. iPhone? Not so much.. I will take my Note 5 and soon Note 6 which I can tweak the heck out of ANY DAY over any rehash, underpowered, sloppy iPhone. My work provided one lives happily in my desk when I am not on-call. |
|
trparkyAndroid... get back here
MVM
join:2000-05-24
Cleveland, OH
kudos:4 ·AT&T U-Verse
1 edit |
I'd have to disagree with you on that the "security and privacy" part. On the iPhone I can restrict access to many parts of the system using the built-in app permission restriction system in place. I can tell iOS that I don't want an app to have GPS access, camera access, address book access, etc. As of now you can't do that on Android unless you root the device and install the Xposed Framework which obviously most people don't know how to do or can't do because of system restrictions like locked bootloaders, etc. Am I one of those rabid Apple fanatics? No. I like my iPhone, I like using it. For me, it works. Is there things about the iPhone experience that annoys me? Yes. Were there things about the Android experience that annoyed me? Yes. There are Pros and Cons to both platforms and we could argue about them for days. That's not the point of my posts in this thread, all I intended to do is bring up some facts about the Android world which as far as I'm concerned it looks like the days of Windows before Windows Update came along that greatly improved the distribution of security patches back in the day. You like Android and I'm not at all going to try and convince you that one platform is better than the other. However, I will state the facts. I also disagree with your statement of Android being an "open platform". I really don't think it is. Most, if not all, devices come with a particular "distro" of Android installed on it by your OEM and you're pretty much forced to run that "distro" of Android whether you like it or not. And this is even more so since many devices are coming out with locked bootloaders where you can't install a new OS on it or risk bricking it. How is that better than Apple? At least with Apple you get regular updates whereas with the Android OEMs you don't get them. It's not at all like Linux in which if you want updates you simply fire up the terminal, type a few commands, and away you go downloading whatever updates there are and you're free to install them as you see fit. The Android OEMs trap you in a jail just as much as Apple does, it's just a different kind of jail. --
Tom
Tom's Tech Blog |
|
| |
to Itguy2016
Samsung shot itself in the foot with the note 5 by taking away the removable battery, trying to mimic Apple. The removable battery was one of the main selling points of the note series. |
|
FickeyTerrorists target your backbone
join:2004-05-31 |
to trparky
said by trparky:...On the iPhone I can restrict access to many parts of the system using the built-in app permission restriction system in place. I can tell iOS that I don't want an app to have GPS access, camera access, address book access, etc. As of now you can't do that on Android unless you root the device and install the Xposed Framework which obviously most people don't know how to do or can't do because of system restrictions like locked bootloaders, etc... While not as "dumbed down for the masses" as iOS, restriction on Android is possible without root: » www.androidpit.com/how-t ··· locationOf course, Xposed with root is preferable in that it offers more powerful granularity and even the ability to feed apps false/random info. --
Government controlled healthcare? Name one thing government does efficiently and effectively! -sig since 2009 |
|
| |
to EGeezer
said by EGeezer:Here's a nice writeup from Securelist, with information on technical as well as non-technical levels.
... Since the first article (August 2015), things have changed for the worse – the number of malware families of this type has increased from four to 11 and they are spreading more actively and becoming much better at “rooting”. According to our estimates, Trojans with superuser privileges attacked about 10% of Android-based mobile devices in the second half of 2015. There were also cases of these programs being pre-installed on new mobile devices coming from China. ...
Article here; » securelist.com/analysis/ ··· threats/ Marshmallow and all upcoming Android have permission based control on APPs. Also Android versions from Marshmallow forward have advanced, by default encryption. This is a non-issue anymore. Keeping Android in the lead again, especially for people that like flexibility and control. Removable batteries are gone, forever. There is never a reason to remove a battery. I need to charge my Note-5 only 2-3 times a WEEK these days so why would I care about a removable battery? iPhone is so far behind these days in so many areas that I think the only reason anyone would stick with them is brand loyalty or possibly a lack of desire/technical knowledge to have a more granular configurable device with a much wider array of flexibility. I have both the iPhone 6s (work provided) and Note-5 and have to say the iPhone is pretty much relegated to my desk drawer. It's just not a very good device in comparison. |
|
trparkyAndroid... get back here
MVM
join:2000-05-24
Cleveland, OH
kudos:4 ·AT&T U-Verse
|
I'm sorry but I'd have to disagree with you on that, yet again. The big thing that I have a problem with when it comes to Android is the lack of updates from the Android OEMs. That is an absolute deal killer for me hence the reason why I own an iPhone. However, if you had mentioned a Nexus devices I would have agreed with you but you had to go and mention your Note 5 which is made by Samsung who has been known to not support their devices with software updates properly. If I were to ever go back to Android (which I highly doubt) Samsung is and forever will be a company that I will not EVER buy a phone from. --
Tom
Tom's Tech Blog |
|
| trparky |
Now there's news that the new Samsung Galaxy S7 (and Edge) comes with a locked bootloader regardless of which carrier you choose in the US. » www.extremetech.com/mobi ··· s-ragingYou talk about Apple having a jail but Android OEMs are guilty of doing the same thing; they're locking down their bootloaders and preventing users from loading their own "distro" of Android leaving you completely at the mercy of your OEM and your carrier to deliver updates to you. Which, as I mentioned earlier, the OEMs have shown little or no interest in keeping their devices up to date. --
Tom
Tom's Tech Blog |
|
| trparky |
Combine that with a recently found Snapdragon kernel code exploit and you have a recipe for some serious damage. Software update? What software update. Your Android OEM doesn't give a damn about you, they already have your money. "We don't care. We don't have to. We're the Phone Company." --
Tom
Tom's Tech Blog |
|
FickeyTerrorists target your backbone
join:2004-05-31 |
to trparky
C'mon trparky, take it down a notch. While the Snapdragon exploit is interesting, and most bootloaders are locked, the sky is not falling. Samsung is not the only manufacturer, Qualcomm is not the only chip maker, and updates are routinely issued from Samsung, LG, Motorola, HTC, etc. Also, developers frequently find ways around locked bootloaders for popular handsets, essentially allowing folks to get their patches/updates directly from Google (or Cyanogenmod, etc). The Snapdragon issue is already patched in AOSP for anyone who wants it, and Tmobile may still offer a shortcut around the S7 bootloader.
So, for those who want real freedom, control, & security on their handsets, it may take a little effort but there's no comparison to Android. Apple makes a fine product, but it's way too limiting for those who desire something other/beyond what Apple says we should have.
--
Government controlled healthcare? Name one thing government does efficiently and effectively! -sig since 2009 |
|
trparkyAndroid... get back here
MVM
join:2000-05-24
Cleveland, OH
kudos:4 ·AT&T U-Verse
1 edit |
The way I look at it is if Google released a new version of Android there's got to be a damn good reason why they released it. It could be simply bug fixes, performance fixes, or security fixes. If I have a device and it's running Android 5.0.1 and Google released 5.0.2, I want it. If I have 5.0.2 and Google release 5.0.3, I want it. Google doesn't release new versions of Android for their health, they released it for a reason so the OEMs should make every effort to push every new Android version no matter how small the changes are. The thing that I don't get is that the Android OEMs could generate what's sometimes referred to as a DIFF patch. A DIFF patch contains any and all changes between two or more files but only includes the changes be it a subtraction, addition, or a change to an existing line of code. These are the same files that people who choose to compile their own Linux kernel or programs for raw source code use to apply patches to their local source trees. So my question is... Why the hell can't the Android OEMs do the same thing? Take the DIFF patches and apply the changes to their existing code, compile it, and push it out. Oh wait, I forgot, the OEMs feel they must bastardize Android and turn it into what they want Android to be. I vote for taking all of the stupid overlays such as TouchWiz, SenseUI, etc. and throw them into onto the trash heap of history where they belong. Those overlays may have made sense back when Android's GUI was very basic but today's AOSP Android GUI is very polished. There's no need for that added on garbage that only serves to make updating Android on devices that much more difficult. AOSP Android or nothing at all. --
Tom
Tom's Tech Blog |
|
 ·CenturyLink
|
I'll disagree with that. Sometimes Google is adding more "in you face" apps of its own that you can't get rid of. Or it's adding some hardware crap you don't want.
I'd read anything before I updated.
People updating to Marshmallow are having a particularly hard time with the external SD card. You can use it in 2 ways and you have to pick one or the other. Since I have the Moto X Pure, it's fairly straightforward. Apparently others users who like Samsung, HTC are having problems
Google's Nexus line will be getting monthly updates, I've read thru a couple. Motorola unlocked will get quarterly. So says the Moto forum.
These look to be more security than fluff so far.
I'm hoping a sensible reviewer with both pros and cons will review N.
My Moto X Pure came with MM already installed and has had one service update. Most of MM isn't bad, but Google has too much crap in it.
XDA does have an article about kicking Google off the phone.
As for animations, extra wallpaper, and other junk, I delete if I can and disable if I can't. Moto's stuff is mostly gone, too. I prefer my own photos for wallpaper.
I have the choice of Home launchers. I can use Google or Nova Prime Launcher. I prefer Nova. It gets rid of the search bar. I use Duck or Startpage anyway.
It looks very much like N is trying to work around the OEM stuff. Some of the reviews are just coming out as it a beta? copy.
I buy unlocked, I won't buy anything carrier branded. I haven't trusted Google since the Buzz fiasco.
BTW - with my style of usage, Stagefright is really unlikely. I don't game or do social stuff on the phone. Nor do I shop. NCF also disabled as is Bluetooth - those make it easier for the other half's Acura to ignore my phone. The damn car always wants the phone with the most capabilities and he has a TMO Alcatel flip. |
|
EGeezer
Premium Member
join:2002-08-04
Midwest
kudos:8 ·Callcentric
|
EGeezer
Premium Member
2016-Mar-18 12:42 pm
said by carpetshark3:with my style of usage, Stagefright is really unlikely. I don't game or do social stuff on the phone.
I have a Droid RAZR with no sim card that I use as a portable internet device, and don't play games or do social media or shopping/banking on it. It's basically used for weather, runkeeper, to track my biking and walking, looking up stuff when I'm watching a movie or in a conversation etc. There are a few other apps like NASA, Heavens-above, Pandora, tune-in, Pocket ranger and Gasbuddy. I wish I could blow off Google and the other Verizon installed apps, but the phone isn't rooted. The guy who gave it to me said Verizon refused to unlock it even though it was no longer in service. I have friends who go nuts on Facebook and are always complaining that after they 'like' something on FB, they start getting texts and calls from telemarketers peddling stuff related to the 'like'. For whatever reason they either don't get the connection between using social media and receiving unwanted communications, or accept it as the price for their free app. As for stagefright, here's a link to the Israeli research team Northbit's writeup; » www.exploit-db.com/docs/ ··· 9527.pdfThe section "Attack Vectors" gives a high level description of ways through which it can infect a device. --
If no mistake have you made, yet losing you are … a different game you should play
- Yoda |
|
sivranVive Vivaldi
Premium Member
join:2003-09-15
Irving, TX
kudos:2 |
to carpetshark3
said by carpetshark3: Sometimes Google is adding more "in you face" apps of its own that you can't get rid of. Or it's adding some hardware crap you don't want.
Or making the apps you actually do use worse. GMail and Mail apps, I'm lookin at you! If I went back to Android I'd want to either have Blackberry Hub or the Android 4.0 versions of the email apps. --
Opera reborn -- »vivaldi.com |
|
·
·
·
·