Well, this is what competition is about. Every company tries to protect its core market, and move into another company's market. As long as they're not stealing code, or copyrighted material, it's fine. How well it does, is something we'll find out.
and I wish that some of you guys could keep these discussions to serious matters instead of the done to death Note 7 problems. That just gives this site a bad rep everywhere.
I don't mind competition as long as the result is as secure as Apple's products. We know Android is openly insecure, that's how it's designed. What I don't understand is why any medical related company would even think twice about working with any Android based mobile device when they should know the patients information will not be secure.
Can't speak for whatever Samsung is doing but no we DON'T know Android is openly insecure, altho I would completely agree that in practice iOS is generally MORE secure in many areas. I think you're basing your opinion on a few largely click-bait articles on your favored blogs rather than any vetted studies.
Android security issues are generally due to some specific OEM's changes/modifications to stock Android, worsened by failing to maintain those customization's with monthly Google supplied security updates even if the OS itself doesn't get updated. It's not necessarily Android with security issues but the way it's used by some companies.
The world's most secure smartphones are built on Google's Android operating system, all of them AFAIK. But that doesn't equate to ALL Android phones being as secure as the best of them.
Check out http://iase.disa.mil/stigs/mobility/Pages/index.aspx This is the DoD list of approved STIGs (Security Technical Implementation Guide). If your device doesn't appear on this list, it generally isn't approved for use on any US government system. Does that make it secure? It makes it securable to a level that the DoD is willing to accept risk for. iOS 10 is on that list and has been there since at least iOS 6-7. There are two Android-based STIGs, one for an LG implementation and one for Samsung as long as it uses the Knox implementation (I remember reading that the Knox software was broken so I'm not sure if this implementation is still being used). Blackberry is still listed but most of its implementations have to do with their BES servers. The rest of the STIGs are mainly for MDM systems.
The US Government started to go away from custom, proprietary computer hardware to OTS systems probably 20 years ago because of cost factors. I've sure there are still custom systems in use that might use Android, but it's not the same Android that's being used in 95-99% of consumer computer systems.
Apple worked with DISA to provide technical input for their STIGs. Download them and you'll see what is necessary to provide and maintain an acceptable level of security not only for DoD but also for DOE and other US government departments. The STIGs include the necessary MDM configurations. This work has been done over many years and, incidentally, I was involved in the early work of begging getting Apple to participate in these as well as SCAP configurations. (You'll need to look that one up.) I worked for a DOE contractor for 33 years making sure a variety of systems were secure. I retired 3 years ago and haven't kept up with this field for obvious reasons.
My comment about Android being openly insecure was a bit sarcastic but all you have to do is look at how it's being implemented and how easy it is to hack on the vast majority of devices and you'll see that my exaggeration isn't that far off. Of course, programmers can take any version of unix and make it secure but many times security gets in the way of usability and since usability sells, many companies have dropped security so they can sell products as well as grab data to sell on the side (Google's primary business model). The one company that appears to put security first, and stand behind it, is Apple. Just talk to the FBI......
Very well argued, and it looks like we largely agree that the security issue isn't Android but any particular implementation of if by OEM's. It's a tough balancing act to offer user convenience features like product research, travel plans, daily commutes, universal reminders/notes and the like while minimizing the use of that person's use history to do so.
I'm not disagreeing but I did read your article and have some comments. I'll leave their comments about standard Android security, especially that provided by Google, without comment. (Sorry for the long comment.)
BlackBerry DTEK50
BlackBerry describes the DTEK50 smartphone as the “world’s most secure Android smartphone.” The DTEK50 includes features such as periodic application tracking, which automatically monitors the OS and apps. This feature also notifies you when your privacy could be at risk and informs you as to what actions you can take.
The DTEK50 also has the ‘Password keeper’ app which allows you to store all your important passwords in an encrypted space, which itself is protected by a single password which.
Sounds like Secure Enclave. Paired with Blackberry’s BES Server, it should be very secure—as long as Blackberry stays in business
Boeing Black
Boeing Black is the fruit of a collaborative effort between Boeing and BlackBerry. Designed with government agencies in mind, Boeing Black is capable of encrypting calls. It also comes with a self-destruct feature which ensures that any attempt to break into the device sets off the auto-deletion of all data and software, making the phone inoperable.
The self-destruct feature is built into every iPhone.
Turing Phone
The Turing Phone is made of Liquidmorphium, an amorphous alloy of zirconium, aluminium, copper, silver and nickel. According to its manufacturer, the Turing Phone is “unbreakable.” It runs Android 5.1 Lollipop, along with Turing’s own security-focused UI on top, for end-to-end encryption.
Built on top is what worries me. Turing Phone is the Sailfish OS smartphone by Turing Robotic Industries. “At first the device was to run Android 5.0 which was abandoned in favour to licensed from Jolla the Sailfish OS with the Turing UI.” (wikipedia, so not Android) I wonder if this company stole Alan Turing’s name.
Blackphone 2
Released by Silent Circle, the Blackphone 2 is the company’s Silent OS, an operating system based on Android, but with enhanced privacy features.
Solarin
Solarin is manufactured by Israeli startup Sirin Labs and is priced at over $14,000. According to Sirin Labs, the phone features “the most advanced privacy technology, currently unavailable outside the agency world.”
It features 256-bit AES encryption which is similar to what some militaries use to secure their communications. Solarin also has a physical security switch, located on the back of the phone, which can be activated as needed.
Does this mean it’s only secure when the switch is turned on? It is Android based.
FreedomPop Private Phone
Utilizing the same hardware components that are on the Samsung Galaxy S2, this smartphone from cellular company, FreedomPop, is Android-based and focused on privacy. Nicknamed the “Snowden phone,” it features 128 bit enciphering when calls are made and an anonymous browsing process. It can be purchased anonymously with BitCoin.
Sectera Edge
Definitely not a looker, Sectera Edge nonetheless is a favorite of the U.S. Department of Defense. Created by General Dynamics, it runs a significantly modified version of Windows and features a button-based keyboard and a price tag of over $3000.
Typical overpriced Microsoft device. I’ve seen people using Windows phones but I can count them on one finger.
That being said, Google’s highly anticipated and heavily promoted Pixel has already been hacked–by a team of Chinese hackers at the 2016 PwnFest. It took the hackers less than a minute to hack the phone. Google is working on a patch for the vulnerability.
Frustrated with Google’s seeming resistance to providing ample security measures on Android phones, The Tor Project recently announced the release of its prototype for a Tor-enabled smartphone. Ars Technica describes it as “an Android phone beefed up with privacy and security in mind, and intended as equal parts opsec kung fu and a gauntlet to Google.”
Ok, so I am commenting. There are specialized phones being produced that use Android, however none of them show up on the DISA list. This could be because they are used by the CIA, NSA and others who are outside the control of DoD. Even so, my suggestion that the vast majority of Android based phones have no idea what security is is backed up by this article. I didn't include the comments about iOS 10's purported lack of security with local iTunes backups because that has nothing to do with the actual iPhone/iPad.
I know this article is about medical use on mobile devices but every device that stores personal medical information has to come under the control of HIPAA regulations and the basis of true HIPAA approval is a solid and secure OS, which the vast majority of Android based phones do not have.
Well, this is what competition is about. Every company tries to protect its core market, and move into another company's market. As long as they're not stealing code, or copyrighted material, it's fine. How well it does, is something we'll find out.
and I wish that some of you guys could keep these discussions to serious matters instead of the done to death Note 7 problems. That just gives this site a bad rep everywhere.
I don't mind competition as long as the result is as secure as Apple's products. We know Android is openly insecure, that's how it's designed. What I don't understand is why any medical related company would even think twice about working with any Android based mobile device when they should know the patients information will not be secure.
Can't speak for whatever Samsung is doing but no we DON'T know Android is openly insecure, altho I would completely agree that in practice iOS is generally MORE secure in many areas. I think you're basing your opinion on a few largely click-bait articles on your favored blogs rather than any vetted studies.
Android security issues are generally due to some specific OEM's changes/modifications to stock Android, worsened by failing to maintain those customization's with monthly Google supplied security updates even if the OS itself doesn't get updated. It's not necessarily Android with security issues but the way it's used by some companies.
The world's most secure smartphones are built on Google's Android operating system, all of them AFAIK. But that doesn't equate to ALL Android phones being as secure as the best of them.
Check out http://iase.disa.mil/stigs/mobility/Pages/index.aspx This is the DoD list of approved STIGs (Security Technical Implementation Guide). If your device doesn't appear on this list, it generally isn't approved for use on any US government system. Does that make it secure? It makes it securable to a level that the DoD is willing to accept risk for. iOS 10 is on that list and has been there since at least iOS 6-7. There are two Android-based STIGs, one for an LG implementation and one for Samsung as long as it uses the Knox implementation (I remember reading that the Knox software was broken so I'm not sure if this implementation is still being used). Blackberry is still listed but most of its implementations have to do with their BES servers. The rest of the STIGs are mainly for MDM systems.
The US Government started to go away from custom, proprietary computer hardware to OTS systems probably 20 years ago because of cost factors. I've sure there are still custom systems in use that might use Android, but it's not the same Android that's being used in 95-99% of consumer computer systems.
Apple worked with DISA to provide technical input for their STIGs. Download them and you'll see what is necessary to provide and maintain an acceptable level of security not only for DoD but also for DOE and other US government departments. The STIGs include the necessary MDM configurations. This work has been done over many years and, incidentally, I was involved in the early work of begging getting Apple to participate in these as well as SCAP configurations. (You'll need to look that one up.) I worked for a DOE contractor for 33 years making sure a variety of systems were secure. I retired 3 years ago and haven't kept up with this field for obvious reasons.
My comment about Android being openly insecure was a bit sarcastic but all you have to do is look at how it's being implemented and how easy it is to hack on the vast majority of devices and you'll see that my exaggeration isn't that far off. Of course, programmers can take any version of unix and make it secure but many times security gets in the way of usability and since usability sells, many companies have dropped security so they can sell products as well as grab data to sell on the side (Google's primary business model). The one company that appears to put security first, and stand behind it, is Apple. Just talk to the FBI......
Very well argued, and it looks like we largely agree that the security issue isn't Android but any particular implementation of if by OEM's. It's a tough balancing act to offer user convenience features like product research, travel plans, daily commutes, universal reminders/notes and the like while minimizing the use of that person's use history to do so.
I'm not disagreeing but I did read your article and have some comments. . .
I know this article is about medical use on mobile devices but every device that stores personal medical information has to come under the control of HIPAA regulations and the basis of true HIPAA approval is a solid and secure OS, which the vast majority of Android based phones do not have.
Oddly Apple's Cloud is not HIPAA-compliant, uncertified for storage of patient data unlike several of their competitors, Amazon, Microsoft and Google included. For whatever reason Apple will not (or I assume STILL will not) commit to a BAA. Security may not be that reason.
Ha -- share health data with Samsung? No way. Same goes for Google and all the other Android clowns.
I hope Microsoft gets back in the smartphone business and finally offers a compelling product, because right now that's the only plausible way I can see any kind of serious competition emerging for Apple.
Well, this is what competition is about. Every company tries to protect its core market, and move into another company's market. As long as they're not stealing code, or copyrighted material, it's fine. How well it does, is something we'll find out.
and I wish that some of you guys could keep these discussions to serious matters instead of the done to death Note 7 problems. That just gives this site a bad rep everywhere.
I agree while noting that Android users bash Apple when it implements features that originated somewhere else. There is hypocrisy in both camps.
Far from it. take away iPhone and none of this exists. If Apple does something slightly similar the knockoff users scream "copy!" White typing from their fake iPhone.
problem is Samsung steals, has nothing to do with "competition". You don't see this outside of Apple markets.
I agree that we wouldn't have smart phones as we know them without the iPhone. I remember seeing all the naysayers predict that the iPhone will fail because it doesn't have a keyboard, they didn't like x or y, etc. That said, there are some features that did come out on the other platform that later came out on the iPhone. I can't say I know of many as I'm an iPhone user but there are some.
Apple releases some new feature, the no original Idea Samesung will follow with the exact same features on their next phone. It's so laughable at this point. I'm zero surprised at all about this.
Here's 3 pages of stuff alone! http://samsungcopiesapple.tumblr.com/
How about Samesung's own 132 Page document of things to copy from iOS!!!
http://www.theverge.com/2012/8/8/3227289/samsung-apple-ux-ui-interface-improvement
This is how they've gotten where they have over everyone else making Android phones. They just copy the iPhone making a Android version of it.
Well, this is what competition is about. Every company tries to protect its core market, and move into another company's market. As long as they're not stealing code, or copyrighted material, it's fine. How well it does, is something we'll find out.
and I wish that some of you guys could keep these discussions to serious matters instead of the done to death Note 7 problems. That just gives this site a bad rep everywhere.
I don't mind competition as long as the result is as secure as Apple's products. We know Android is openly insecure, that's how it's designed. What I don't understand is why any medical related company would even think twice about working with any Android based mobile device when they should know the patients information will not be secure.
Can't speak for whatever Samsung is doing but no we DON'T know Android is openly insecure, altho I would completely agree that in practice iOS is generally MORE secure in many areas. I think you're basing your opinion on a few largely click-bait articles on your favored blogs rather than any vetted studies.
Android security issues are generally due to some specific OEM's changes/modifications to stock Android, worsened by failing to maintain those customization's with monthly Google supplied security updates even if the OS itself doesn't get updated. It's not necessarily Android with security issues but the way it's used by some companies.
The world's most secure smartphones are built on Google's Android operating system, all of them AFAIK. But that doesn't equate to ALL Android phones being as secure as the best of them.
Check out http://iase.disa.mil/stigs/mobility/Pages/index.aspx This is the DoD list of approved STIGs (Security Technical Implementation Guide). If your device doesn't appear on this list, it generally isn't approved for use on any US government system. Does that make it secure? It makes it securable to a level that the DoD is willing to accept risk for. iOS 10 is on that list and has been there since at least iOS 6-7. There are two Android-based STIGs, one for an LG implementation and one for Samsung as long as it uses the Knox implementation (I remember reading that the Knox software was broken so I'm not sure if this implementation is still being used). Blackberry is still listed but most of its implementations have to do with their BES servers. The rest of the STIGs are mainly for MDM systems.
The US Government started to go away from custom, proprietary computer hardware to OTS systems probably 20 years ago because of cost factors. I've sure there are still custom systems in use that might use Android, but it's not the same Android that's being used in 95-99% of consumer computer systems.
Apple worked with DISA to provide technical input for their STIGs. Download them and you'll see what is necessary to provide and maintain an acceptable level of security not only for DoD but also for DOE and other US government departments. The STIGs include the necessary MDM configurations. This work has been done over many years and, incidentally, I was involved in the early work of begging getting Apple to participate in these as well as SCAP configurations. (You'll need to look that one up.) I worked for a DOE contractor for 33 years making sure a variety of systems were secure. I retired 3 years ago and haven't kept up with this field for obvious reasons.
My comment about Android being openly insecure was a bit sarcastic but all you have to do is look at how it's being implemented and how easy it is to hack on the vast majority of devices and you'll see that my exaggeration isn't that far off. Of course, programmers can take any version of unix and make it secure but many times security gets in the way of usability and since usability sells, many companies have dropped security so they can sell products as well as grab data to sell on the side (Google's primary business model). The one company that appears to put security first, and stand behind it, is Apple. Just talk to the FBI......
Very well argued, and it looks like we largely agree that the security issue isn't Android but any particular implementation of if by OEM's. It's a tough balancing act to offer user convenience features like product research, travel plans, daily commutes, universal reminders/notes and the like while minimizing the use of that person's use history to do so.
I'm not disagreeing but I did read your article and have some comments. . .
I know this article is about medical use on mobile devices but every device that stores personal medical information has to come under the control of HIPAA regulations and the basis of true HIPAA approval is a solid and secure OS, which the vast majority of Android based phones do not have.
Oddly Apple's Cloud is not HIPAA-compliant, uncertified for storage of patient data unlike several of their competitors, Amazon, Microsoft and Google included. For whatever reason Apple will not (or I assume STILL will not) commit to a BAA. Security may not be that reason.
Apple doesn't store data regarding health on their servers. All of the data goes directly to wherever the work is being done. This is deliberate on the part of Apple.
Comments
Ok, so I am commenting. There are specialized phones being produced that use Android, however none of them show up on the DISA list. This could be because they are used by the CIA, NSA and others who are outside the control of DoD. Even so, my suggestion that the vast majority of Android based phones have no idea what security is is backed up by this article. I didn't include the comments about iOS 10's purported lack of security with local iTunes backups because that has nothing to do with the actual iPhone/iPad.
I know this article is about medical use on mobile devices but every device that stores personal medical information has to come under the control of HIPAA regulations and the basis of true HIPAA approval is a solid and secure OS, which the vast majority of Android based phones do not have.
I hope Microsoft gets back in the smartphone business and finally offers a compelling product, because right now that's the only plausible way I can see any kind of serious competition emerging for Apple.