Apple touts secure design of iOS as Google chief admits Android is best target for malicious hackers

245

Comments

  • Reply 21 of 84
    rob53rob53 Posts: 3,241member
    Quote:

    Originally Posted by SpamSandwich View Post



    I just can't waste time reading these puff pieces anymore. Next.

    Your comment shows the sad side of website posters. You have tons of posts yet refuse to read articles that actually contain documented information in them. You might as well read the news and financial websites since their stories are much more informative. /s

  • Reply 23 of 84
    chipsychipsy Posts: 287member
    Quote:
    Originally Posted by rob53 View Post

    Google is simply following Microsoft's process of not really caring about malware, spawning a huge third-party malware prevention industry.

     

    There is already a significant third-party malware prevention industry (but is that necessarily a bad thing, never hurts to have a backup plan right?). There is no doubt that at this moment in time iOS is better off when it comes to malware but I wouldn't say Google doesn't care about malware. If that was the case they wouldn't have introduced Bouncer, App Verification and Security Enhanced Linux. App verification is btw being expanded in the next Google Services update. It will now also investigate apps after installation (more continuous) making double sure no malicious code is added or malicious content is downloaded by the app after installation.

  • Reply 24 of 84
    hill60hill60 Posts: 6,992member
    Quote:

    Originally Posted by Zaim2 View Post

     

    The quote the article is based on has been debunked: http://techcrunch.com/2014/02/27/no-googles-sundar-pichai-didnt-say-androids-openness-makes-it-less-insecure/


     

    That link has interesting wording:-

     

    no-googles-sundar-pichai-didnt-say-androids-openness-makes-it-less-insecure

     

    So he meant more insecure?

  • Reply 25 of 84
    hill60 wrote: »
    Why?

    It's good to have some balance after all the crap about Apple patching the "glaring" goto flaw, which was never actively exploited by anyone conducting man in the middle attacks.

    Because, speaking for myself, I don't need to come here to be exposed to propaganda... no matter if it's pro- or anti-Apple.
  • Reply 26 of 84
    Well I'm not exactly surprised, that's one of the negatives of having an "open" operating system. The fact that it isn't easy to upgrade Android to the latest version is the main problem.
  • Reply 27 of 84
    hill60hill60 Posts: 6,992member
    Because, speaking for myself, I don't need to come here to be exposed to propaganda... no matter if it's pro- or anti-Apple.
    Because, speaking for myself, I don't need to come here to be exposed to propaganda... no matter if it's pro- or anti-Apple.

    Ignore the editorials then.

    Just another quirk of this rather enjoyable forum, like the strange edits and crashes that occur.
  • Reply 28 of 84
    Apple's design of iOS "with security at its core" ...

    If all Apple code has the same "security at its core" of the gotofail snippet, then Apple has a huge problem in software security quality assurance.

    Think about why it is impossible to find such bad code in AOSP.
  • Reply 29 of 84
    Quote:

    Originally Posted by hill60 View Post

     

     

    Why?

     

    It's good to have some balance after all the crap about Apple patching the "glaring" goto flaw, which was never actively exploited by anyone conducting man in the middle attacks.


     

    How could you possibly know this? The point of the flaw is that it was undetectable when exploited.

     

    This whole article is FUD, based on a translated statement that turned out to be completely incorrect. The only valid point it has is to remark (once again, and probably the fourth time I've seen it be a headline article) that manufacturers should ship OS updates quickly. I don't think anyone disagrees with that but how many times can you repeat that as an Apple pro point?

     

    I'm also impressed with "security more important than freedom" given a famous quote bandied around in the USA. A little bit of irony in the headline too.

  • Reply 30 of 84
    gatorguygatorguy Posts: 24,176member
    zaim2 wrote: »

    Thanks for the article link. I didn't realize that his comments had been translated. He was misquoted in a non-English article and then translated back into English?? Anyway since he never said what he was incorrectly reported to have said everyone as you were, nothing to see here. :D
  • Reply 31 of 84
    gatorguygatorguy Posts: 24,176member
    hill60 wrote: »
    That link has interesting wording:-

    no-googles-sundar-pichai-didnt-say-androids-openness-makes-it-less-insecure

    So he meant more insecure?

    You didn't read the article huh. :rolleyes:

    EDIT: Props to 9to5 for updating their original report with the corrected quotes.
  • Reply 32 of 84
    Very good article that touches all the important parts, especially the security by obscurity 'motivation'.
  • Reply 33 of 84
    I just can't waste time reading these puff pieces anymore. Next.

    But you can waste time commenting on them.
  • Reply 34 of 84
    Because, speaking for myself, I don't need to come here to be exposed to propaganda... no matter if it's pro- or anti-Apple.

    And you can waste time commenting on how you don't need to come here-scintillating.
  • Reply 35 of 84
    gatorguygatorguy Posts: 24,176member
    rob53 wrote: »
    http://www.pcworld.com/article/2099421/report-malwareinfected-android-apps-spike-in-the-google-play-store.html (not an Apple-friendly website)
    "In 2011, there were approximately 11,000 apps in Google’s mobile marketplace that contained malicious software capable of stealing people’s data and committing fraud, according to the results of a study published Wednesday by RiskIQ, an online security services company. By 2013, more than 42,000 apps in Google’s store contained spyware and information-stealing Trojan programs, researchers said."

    If 42K is 5% that would mean 840K apps. http://www.appbrain.com/stats/number-of-android-apps says there are 1.1M so your figure looks reasonable. The problem is 42K malicious apps in the designated Android app store is still way too many, no matter how your spin statistics. This doesn't include all the malicious apps found in the "open" Android stores. When you compare Android's number to the number found in the (real) App Store, there's no comparison because if there are any in the Apple App Store the number is probably below 10. Google is simply following Microsoft's process of not really caring about malware, spawning a huge third-party malware prevention industry.

    In reality only .001% of Android app installations are able to evade built-in defenses and cause harm to the user. That's reported according to real usage data gathered from real owner devices. Just because malware may target an OS doesn't mean it's hitting what it's aiming for.
    http://qz.com/131436/contrary-to-what-youve-heard-android-is-almost-impenetrable-to-malware/
  • Reply 36 of 84
    maestro64maestro64 Posts: 5,043member

    The issue here, is the fact that google has no clue who all is using android and what version that maybe using, or how they may have modified android to their own liking. Since they give it away, collect no licensing feed they lack any control all control of what is out in the wild. Also they do not control the distribution of the software so there is no way for them to get update out. 

     

    Yeah, everyone hates a closed system like apple, but it is obvious to me that no one learned a thing from M$ and all the attacks they had to deal with over all the years and all the money it cost companies to deal with M$, same attitude of ship the most over anything else. There is the an old saying if you do not study and understand history you are destine to repeat the same mistakes of the past. The world is going to repeat the fails of Windows in Android. 

     

    But hey IT department will love it since they will all get to keep their jobs since they will be spending time restoring android phones or fighting to keep the hackers out of the corporate network using android phones to hack in.

  • Reply 37 of 84
    Quote:

    Originally Posted by Maestro64 View Post

     

    Yeah, everyone hates a closed system like apple, but it is obvious to me that no one learned a thing from M$ and all the attacks they had to deal with over all the years and all the money it cost companies to deal with M$, same attitude of ship the most over anything else. There is the an old saying if you do not study and understand history you are destine to repeat the same mistakes of the past. The world is going to repeat the fails of Windows in Android. .


     

    Uh, Android has a signed boot chain, signed packages, external packages off by default and a manifest based permission framework.

     

    Perhaps before saying what lessons have been learned, you should actually go take those lessons yourself and learn the differences. Windows XP etc were nightmares for security because users would trivially elevate programs to Administrator as it had to be run so often even for things like deleting desktop icons.

     

    Android by default does not permit Administrator level access. Honestly you're completely wrong.

  • Reply 38 of 84
    Quote:
    Originally Posted by Maestro64 View Post

     

     

    Yeah, everyone hates a closed system like apple, but it is obvious to me that no one learned a thing from M$ and all the attacks they had to deal with over all the years and all the money it cost companies to deal with M$, same attitude of ship the most over anything else. There is the an old saying if you do not study and understand history you are destine to repeat the same mistakes of the past. The world is going to repeat the fails of Windows in Android. 

     


    By most accounts Windows security improved significantly with Vista, but MS didn't become any more closed or open. Vista is simply a much better-designed OS than XP was. It was the first OS by MS to have a modern security architecture with fine-grained access controls, privilege separation, and ASLR.

  • Reply 39 of 84
    MarvinMarvin Posts: 15,310moderator
    zaim2 wrote: »

    This is another example of where news needs to have a cooling off period. We need to try and give it a day or two before reacting to it. This happens all the time:

    Breaking news! Something that you're going to react to totally happened!
    Reaction ensues immediately.
    Original source less than 2 days later: Oh, my bad, it didn't happen after all, never mind.

    It's good that it's happening against Google this time at least but the focus should be on the real world infection rates. The WSJ published a study recently that showed ~7 million Android devices got infected last quarter:

    http://online.wsj.com/article/PR-CO-20140129-904928.html

    This represented 60% of mobile infections. The other ~40% were Windows PCs, which they included in the test. iOS and Blackberry were under 1%.

    It's not really the prevalence of malware that's the problem. If Android is stopping it then that's fine. Google's choice is they'd rather have the wide distribution and the 7 million people affected are acceptable collateral damage to them. They'd rather have an OS that allows you to install a bitcoin app and accept the possibility that malware can steal the coins:

    http://www.eset.com/int/about/press/articles/article/advanced-banking-trojan-hesperbot-which-can-steal-bitcoins-has-new-targets-germany-and-australia/

    With iOS, you don't get the apps but your coins can't be stolen on the platform either. Both choices are good, one has a higher unit volume potential, the other higher quality and security potential.

    Apple could have the best of both using the equivalent of a virtual machine. Think of a VMWare-like sandbox that you would be allowed to install apps from anywhere and run on your phone but that had no access at all to the hardware-level OS and filesystem. This can be used by developers to run self-signed apps. It could take up more space if it copied the entire OS files but it's no more than 4GB and the people needing this functionality would be happy to compromise this much space. This space would have no access to contacts or root level apps and data - possibly limited/throttled access to mobile data. This would allow 3rd party stores and it wouldn't matter if there was a security issue as it would be contained in the VM. Apple would simple say, if something messes up, reset the VM and that's where their support ends.

    Most people won't install the VM and it takes away the desire to jailbreak the OS via security flaws, Apple doesn't need to open source the OS and doesn't need to support 3rd party security vulnerabilities.
  • Reply 40 of 84
    gatorguygatorguy Posts: 24,176member
    Marvin wrote: »
    This is another example of where news needs to have a cooling off period. We need to try and give it a day or two before reacting to it. This happens all the time:

    Breaking news! Something that you're going to react to totally happened!
    Reaction ensues immediately.
    Original source less than 2 days later: Oh, my bad, it didn't happen after all, never mind.

    It's good that it's happening against Google this time

    2nd time is a week too. Remember the story about Google bidding multiple billions for WhatsApp.? Not true either as we found out just a couple of days later. In fact they didn't make any buy-out offer to WhatsApp according to them, much less a multi-$B one.
Sign In or Register to comment.