Serious security flaws discovered in Android phones, Samsung and HTC ignore issue - Page 2

Sounds like you might be an Agnostic.

You mean they don't share the same belief.

Actually, I believe that is our ultimate destiny. Depends how you roll though, "magick" can lead to various forms of "deity", the other path I think is simply One with God.

What you say just proves that you and your wife both lack common sense and are careless and/or oblivious to the security flaws in Android.

Do expound, I am interested.

Looks like there was a typo there. Here, let me fix that for ya':


True to form, 'Designz comes to the table with <no> constructive input, just a personal attack on someone who doesn't like Android. Geee, who could have seen that coming.

<sarcasm>Thanks for that completely useful contribution.</sarcasm> And going with a blind theology jab to derail the conversation? Wow, that's the best you can do? However, since we're already off-topic, I'll play.


Even with a little opinion coloring it, since it's a fact that malware is already a significant Android problem, I'm not seeing how you can object to that. If there's some data you have that contradicts that, please do share with the rest of the class. But that doesn't really warrant a personal attack, does it? (And yes, I say 'attack' because the tone of your comment was hostile).


With the exception of the unfortunate "bums" label, this is also set of facts supported by multiple independent studies. Android buyers, by and large, are attracted by the price tag and the fact that they believe they'll be able to access more "free" content. Mind you, that's not <every> Android buyer, just the lion's share - by every study done. So, how does that correlate to creationism exactly?


Oh. My. God. ... That creationist bast@rd spouting his young-earth nonsense about ... uhhh ... understanding that people with little disposable income might want a less expensive phone option ... and ... uhh ... posing the question of why anyone else would pay much or anything for a product they believe is sub-par, when there's a better option available?

Yeah, that's creationism all they way.

AbsoluteDesignz, why do you come here? You apparently don't like the content the site provides, and (as is evidenced by your posts) you aren't interested in contributing. Now, if you're just looking to stir up arguments, more power to you, I'm sure you'll find plenty of folks who will oblige (hey, I might even play from time to time), but you're going to have to do better than nonsense like this. You just look silly with posts like these. Like momma' used to say, not all attention is good attention, child.

Can't believe my eyes. How can you get this conclusion that iOS is more secure than Android ? DED is screwing the reality as always.

The original paper said that there are holes in the permission model as some third party software is written so badly that it exposes its privileged services to third party. Yes this is serious, and Google acknowledges this, and it will get addressed. Still the permission system is solid.

In comparison, iOS doesn't have any such model. Any application in AppStore can access virtually any service. The only "security" is that Apple is testing apps if they are not calling any private API or call functions it probably shouldn't call. No details are available how this screening actually works. Based on time they spent on each app review it is probably mostly based on automated scan of the code. But in C language it is relatively easy to obfuscate any functionality you want. In fact you have no idea what the applications that you download from AppStore actually does. The permission mechanism in Android (even with some third party created holes) is still better than no mechanism at all.

Both companies remove rogue applications from their markets, once they discover any problems, Android is no different from iOS there. Yes, it is possible to publish blatant malware in Android Market, which might get filtered by AppStore screening, but Android still has the permission system while iOS sometimes warns you if some functionality is used for the first time, but that's all. Looks like a draw at best to me.

The problem with iOS apps calling private API is well documented, including Apple's reaction (denial of the problem, and removing the person who pointed them to this from the iOS Development Program).

iOS is no more secure than Android. Both have pretty solid base (BSD vs Linux) and both are facing privacy problems in high level API and both are not totally bullet-proof.

It just means that your wife is a normal women and doesn't care about all that stuff as long as it makes calls and sends text messages. It's not her fault for being uninformed. However it will automatically be your fault if something wipes her phone or steals her details and spends her shoe money

You were doing pretty good until this particular claim. Where are all these studies that prove most Android buyers choose it because they think they can get free content? Since every study has proved it then they shouldn't be difficult to find. Even finding a few different "independent studies" that supposedly prove most Android buyers base their purchase solely on price is probably a stretch. IMHO it's more of a favored talking point by a few posters than a demonstrated fact.

Ah, but you see, she is quite knowledgeable about technical matters and nothing will be my fault - not that anything will happen - as I did not influence her decision in any way.

Ok, you got me on improper qualification. I can't say every study indicates this. Moreover, the results I lean on are largely derived from collected survey data in conjunction with analytics from tracking firms and the hardware vendors and software developers themselves, rather than just direct responses to the opinion surveys. Although if you talk to any relatively-competent marketing guy (or girl), those derived numbers are the more important metrics. The data derived indicates the <actual> habits of the users, rather than questionable responses to survey questions.

Just as an aside, I was talking to the CEO at the company I do most of my contract work for (mobile & online social/causal software development), and to quote him "People lie when they take surveys...". He was telling me that they did a recent survey, and to get the information they needed for product development, they asked the standard questions about what users thought, what they wanted and and why (which are the parts that people lie about - they give the answers they think are expected, or answers that they think will affect the outcome the way they want, or think they want). Then, and this is the important part, they ask people quantitative questions about what they they actually did with their product and how they did it. Apparently that makes for a great filter to get rid of the responses to the first part that don't jive with <actual> user behavior to find out the real reasons for the why of things.

Back on track however ... As much as I hate statistics, it serves my purpose here , so I'll try to quote some numbers.

The data I'm referring to (I'm thinking in particular of some Neilsen reports I read a short while ago) indicated that about a third (36% is the number I'm remembering) of Android buyers are in it for the initial price, right off the top. That's pretty clear cut from where I sit - a third of Android buyers are looking for the low-cost option. As for content consumption, that's where you factor in the usage habits, only 15% of Android users purchase 3rd party apps or content for their smartphones (in comparison, 40% of iPhone users purchase 3rd party app content). Reading between the lines, that indicates that Android users are <significantly> less willing to spend on paid content [than iOS device users].

Neilsen also put the 'feature' justification for buying Android at something like 68%. In other words, for that 68% of Android buyers, the features (i.ow. software) available on the device at purchase time was a significant factor. The feature-driven buyer is buying the functionality they want so they don't have to add it on later - or don't think that they can add it on later. (Although if you ask me, I'd rather get the device that executes a reduced set of core functionality very well, instead of a device with an extended set of less-than-optimal functions - but that's just me and my $0.02. )

There were additional reports that showed for recently (in the past 30 days, as of the report) downloaded iOS apps, 91% were free. In contrast, over 98% of recently (again, most recent 30-day window) downloaded Android applications were free. On top of that, according to Mixpanel analytics, of the 'freemium' apps (the apps that are initially free to download, but have in-app purchasing), iOS users convert to paid users (i.o.w., they buy the in-app content) at a rate of four-to-one over Android app users.

In simple terms, Android users are less likely to buy an app, and if they do, they're less likely to spend additionally on app-related premium content.

The metrics derived from analytics and surveys (at least what I've seen so far ) all read the same. Android buyers are significantly influenced by the initial price tag (and it logically follows that if that's the case, then followup spending, or lack thereof, will trend in a similar manner). It's also been shown quantitatively that Android users (again, not for every single case, but in large part) aren't spending as much for software (content) after the purchase as well. If they wanted and were able to, an Android device user <could> spend just as much on the phone and aftermarket software as an iOS device user - it's available - but for the most part, they don't.

Edit: So to address the question, while nobody can speak to the true intentions of the users (even the users themselves in many cases :P), their actions speak volumes as to what those intents may be. It appears that the intent is to spend less on the device initially as well as on the follow-up consumption, when it comes to Android devices (although interestingly enough, the average Android user consumes <more> data than the average iOS user).

You seem quite interested in various analytics. One of the best and most up-to-date sources for the Android platform is here:

http://www.appbrain.com/stats/

Some of your statistics seem at odds with today's postings.

In any case, nicely detailed response, and a well-thought out argument. I won't disagree that Android users are accustomed to getting some of the most popular paid iOS apps for free on their platform. That by itself would account for a good piece of the paid vs. free discrepancy IMO. How many people paid for the Apple version of Angry Birds, yet use the Android one at no charge?

Did I hurt your feelings by offending a pro-Apple troll?

Also I've detailed why I am here many many times.

You can ignore my posts btw. Feel free to.

I know you like to troll everything that isn't Apple, but they may very well pull an Apple move here and pretend it doesn't exist until they issue a fix for it .


Thanks for a fun read.

I suspect that 99% are not astute users! I doubt they want to know anything about cyber security or do any research on the origins of an app before downloading it, installing it, and granting it permission to do whatever it wants. I think assuming users are "astute" makes about as much sense as handing an infant a loaded gun so it can protect itself.

Don't bother, he's a fanboy. He forgot starting his brain

You're missing the point. The core issue is that HTC and other makers SHIP MODIFIED VERSIONS with tons of vulnerabilities compared to the stock OS. Imagine what the Telcos do

I think the fundamental difference is the customer the device is targeted for.

The iPhone is targeted for the consumer/end user, Android for the carriers first, then advertisers and the consumer is a distant third.

And wonder of wonders, when it comes to privacy and security there is an ocean of difference!

What about real boogeymen?


Nope, but it was detected and removed rather quickly. Guaranteed removed for all non-jailbroken phones.

That's powerful stuff.


The whole CarrierIQ thing was WAY overblown. CarrierIQ wasn't the problem - the cell phone carriers were and are. CarrierIQ makes diagnostic and analytics software for cell phones. Like most tools, especially powerful tools, the more powerful they are the greater the potential for misuse. Unlike all the other manufacturers that circled the wagons and started finger pointing, Apple fully disclosed the limited scope of the CarrierIQ software, and was the only manufacturer that disabled it when the user decided to opt out.

Let me repeat that for you lest you miss it - even on editions of iOS that have the CarrierIQ software, opting out of anonymous analytics disables it.

Yup, iOS and Android philosophies are identical


Just like with Mac OSX, there are vulnerabilities that are patched all the time. Big surprise - software is complex these days. When iOS has the same number of active exploits and root kits as Android, you might have a point.

Hell, when iOS has ONE active exploit that isn't some researchers proof of concept or theoretical exercise come back to us.

Then again, since Android has more marketshare than iOS, that must be it - virus and malware makers just aren't motivated to target iOS


You should, since there are documented instances of multiple, different trojans infecting thousands of phones even today. At the time I did that search, there were four unique trojans alone on the first page - each infecting at a minimum several thousand phones.

You can trot out trite examples of vulnerabilities. While interesting from an academic standpoint, just like marketshare numbers, the quantity of vulnerabilities in and of themselves really aren't that meaningful. Until there are active exploits that demonstrate that Apple's system as a whole has systemic and endemic issues - the same as the Android ecosystem has demonstrated - I won't be concerned. Just like I have no compelling reason to run antivirus software on Mac OSX. I also won't be recommending Android to non-technical users with good conscience. At this point between the extra bloatware being stuffed on phones by manufacturers and the shenanigans being pulled by carriers, Android is a cesspool of inconsistent user experiences, malware and questionable support. Have more than half the android phones shipped had one system update, let alone two? You can fuss about "walled gardens" and curation all you want - all I know is it works pretty damn well. Three years and three major OS updates later, my 3G is finally at the end of it's line. Not even Google's direct Android phones can boast that level of support. Sure, you can get newer versions of Android on some phones if you are willing to "get dirty", but it's not supported or automated like iOS updates are.

Bah. You may be happy with a tech oriented and high maintenance system like Android, but I've had my fill of that crap with Windows. Luckily just like you can choose Android for the reasons you like, I can choose iOS because it has none of those attributes. Isn't life great?!?

Until a carrier bypasses it with their crapware.

Did you even read the article referenced by AI at all?

The difference between Android and iOS - carriers can tinker with Android all they want. After all, it's "Open"

iOS is closed - no carrier meddling. I'd wager a small fortune that's the real reason Verizon took so long to come around. Apple is the first (and so far, only!) phone manufacturer that won't let ANY carrier modify the phone or OS in any way. Every iPhone on Every carrier works the same way, and there is no carrier specific software loaded on any iPhone.

That's kind of the point of the original article, and why you see only an occasional blurb about some proof of concept vulnerability getting squashed on iOS vs. pages of reports of multiple instances of separate and unique malware.

And people claim Steve Jobs was the king of the reality distortion field?

Er, by what is going (or not going on) in the real world?

Anyone who is the least bit honest with themselves can see the stark contrast of active malware on Android vs. iOS.


So because DED wrote an article about malware on Android, there really isn't malware or underlying architectural issues on Android?

Wow - Google should pay DED to write more articles on Android to provide it malware protection. That would be much easier than trying to establish a minimum baseline for configuration and security management - stuffing the proverbial genie back into the bottle.

Wow. I hope DED charges them appropriately for these magical powers that you seem to be attributing to him.


"Sure it can be bypassed - but it's still solid!"

A solid bucket with holes in it still leaks. It may be great to stand on, but not carry water.

Seriously, did you even read what you wrote?


Until the complexity of that mechanism causes most users to simply ignore it - much like UAC in Windows. From http://securitywatch.pcmag.com/apple...curity-models:


So, from a purely technical perspective you are correct. Android offers more choices and control. The problem is, more can be less as has been aptly demonstrated by UAC on windows, and the level of malware infection on Android. Whether geeks want to admit it or not, consumer devices are created for consumers to use - and thus the human factor is as much or more of a factor than the purely technical issues.

Apples system is set up to be a balance between user controls on the phone (four choices vs. tens of choices) and curation via a single App store vs. "open" and complex. The proof of the effectiveness in the real world vs. theoretical exercises is what we can see happening. We see hundreds of thousands of infected Android phones vs. no known active exploits of iOS devices other than theoretical demonstrations affecting a very limited number of users.


Sure it is - which market? If Google's was the only one, your assertion of equivilancy might have some merit. But it's easy to use market's other than googles, or sideload apps directly. So there is NO advantage for Android - it's purely an Apple advantage.


Or worse, a non-google store or direct loaded app...


Which WILL get filtered by Apple - not just a matter of if, but when.

And with Apple's registration process, malware writers have limited vectors to re-enter the App store after detection. They may get in once or twice, but the cost to keep re-entering goes up rather quickly. Malware on iOS simply doesn't scale past one or two inevitable detections, which is also a significant deterrent to "funny business" in the first place.


That only works if not ignored...


From a purely technical standpoint when you are simply comparing technical details of the OS's alone, maybe. But when you look at the entire ecosystem there is no comparison.


That's not a denial of the problem - denying people writing malevolent code is the solution!

Believe it or not, there really aren't that many people doing bad things out there. The steps you have to go through to obtain an iOS developer account are pretty substantial to malware writers; there are real costs in establishing a credit card and going through the registration process. Once detected, being kicked out means you have to start that all over again.

There are no such restrictions with Android. If your a criminal looking for a no-overhead way to scam people, which platform is naturally more attractive?

Apple's registration process and exclusivity of their single store is a pretty awesome security feature, even if from a purely technical standpoint it's an indirect one. It's like the geeks that dismiss Kevin Mitnick as not being a real hacker since he wasn't particularly technically skilled, but was instead brilliant at manipulating people (soft skills) - they completely miss the point that he was very successful. I'd say the human element is just as important, if not the most important element since these devices are created to be used by humans. Whether you dismiss Mitnick or not, he was effective. Same thing here.


That's where you are completely wrong - as is demonstrated by real, actual and active malware on Android vs. iOS.


Yawn. Get past the purely technical analysis - since it's far from a purely technical problem.


Really? Please detail iOS privacy problems. Apple is by far and away the most privacy focused technology company on the planet. The real issue with the 30%/subscription model isn't the 30% but the fact that whether or not a publisher gets all the gory details about subscribers is up to the consumer. Unlike with Android, I'm Apple's direct customer. My interests are thus their interests. Google is just as interested in my detailed information as the magazine/news subscription driven guys since their entire revenue model is structured around advertising and my detailed demographic information is what let's them sell me as a particular category of eyeball. My interests are not Google's interests.

Your claims against Apple are pretty serious - thankfully they are also completly bogus unless you can prove otherwise.


No technology is completely bulletproof. Thanks for the motherhood and apple pie statement.

Thanks for also emphasizing the importance of more than a purely technical approach. That's why Apple has a multi-layered approach that includes curation, controlled access, and the ability to revoke rouge applications after the fact completely independent of the end user. Tech ideologues might have problems with any of that - and good for them. As a consumer, each of those are desirable features that contribute to the demonstrated stability and reliability of iOS. You can choose Android, I will choose iOS.

Thanks for asking, but no, I'm not really concerned with Apple]['s feelings. But since you bring it up, Apple][, were you offended? If so, I must've missed that post.

Since you're so concerned with my feelings though, let me reciprocate: Did I hurt your feelings by pointing out that yet again you bring nothing to the table and you're useless? (Insofar as your contributions on this site are concerned - I can't speak as to your worth or lack thereof elsewhere.)


Lol, yes you have, and yet you still fail to actually follow through with contributing anything constructive. Speaking of which, where's your useful response to any of the on-topic posts in this thread? Where's your contribution that doesn't involve making inflammatory, inane, and/or completely irrelevant personal comments about individuals you admit or imply you do not know.


Ditto. However, why would I do that, what with all the valuable content you give us?

And by the way, are you a Metaphysical Nihilist? I ask because you sound like one.

(See what I did there? ;P)

So, are we done playing here yet, or shall we go another round?

Just as a completely unrelated aside...

<rant>
I am also not a creationist. If you want to believe that the invisible man in the clouds made dinosaurs 6,000 years ago - good for you. To each, his or her own. But if you want me to believe it, show me proof or GTFO. Don't just tell me it's the most palatable (for you) concept you can some up with, so it must be true. And for the love of all things good and decent, don't try to foul up yet another generation of children by presenting that thoroughly unscientific drivel as 'fact' in our schools. If your belief system is so weak that <other> people simply not believing it somehow diminishes it for you, perhaps you should reconsider that belief. :/
</rant>