What should have been done with Microsoft/Windows years ago, and what should be done with Google/Android now, is for a consortium of people and organisations who suffer losses as a result of malware-based crimes, to mount a massive class action against companies that consistently fail to release or update malware-resistant products, or app stores.
The release of malware-friendly products does enormous damage to an industry that has become a central part of the global economy. This should NOT be tolerated in any shape or form. If that means putting big corporations out of business, and destroying 'shareholder wealth', then so be it. Those businesses will soon be replaced by others who behave in a much more responsible way towards their customers.
The release of malware-friendly products does enormous damage to an industry that has become a central part of the global economy. This should NOT be tolerated in any shape or form. If that means putting big corporations out of business, and destroying 'shareholder wealth', then so be it. Those businesses will soon be replaced by others who behave in a much more responsible way towards their customers.
Why stop there? Go a step further, let's all kill ourselves so we don't get sick and avoid the medical costs.
As previously stated, hundreds of millions of phones in Asia do not in fact get updated!
Those that don't have Google Services certainly don't reap the benefits of those updates. That may also explain why most Android malware targets users in eastern Asian countries like China and Russia as opposed to US Android users.
As previously stated, hundreds of millions of phones in Asia do not in fact get updated!
So stop spreading this total BS! There is more to the world than the narrow view of the West.
100's of millions? A citation might be nice.
Are you referring specifically to China or Asia in general? China is its own problem if they won't permit Play Services, but even there some 30% of devices would still get AppVerify via Google Play if the OP was correct with his claim and figures. Is an Android device that doesn't offer Play Services even a Google Android device? Anyway I'm not aware of a problem using Play Services throughout Asia. Sounds like more drama. Maybe you have more information to offer?
Updates through Play services can't fix stuff OUTSIDE of Play services. The handset vendor is still needed then--but instead, they abandon their devices and push the next one!
Updates through Play services can't fix stuff OUTSIDE of Play services. The handset vendor is still needed then--but instead, they abandon their devices and push the next one!
Yes sir it can, VerifyApps scans even applications originating outside the Play Store. That's one of primary reasons for it.
Whenever I quote long passages from another source I'll usually italicize it for obviousness. As far as being too long the post was for Daniels' benefit. I don't expect others to take the time to read it since most don't care about any inconvenient facts anyway. They already learned all they want to know about it from DED's article.
Updates through Play services can't fix stuff OUTSIDE of Play services. The handset vendor is still needed then--but instead, they abandon their devices and push the next one!
Every Google Android device with 4.0 and below (a large chunk of them) have a security hole that will never get fixed by updates to Google Play Services since the flaw is part of the underlying architecture and can't be fixed without re-writing portions of the OS.
Updates through Play services can't fix stuff OUTSIDE of Play services. The handset vendor is still needed then--but instead, they abandon their devices and push the next one!
DING DING DING
We have a winner. Funny to see the uninformed responses claiming you're wrong. Google Play Servics IS NOT the Android kernel, and it can't make changes to the kernel to correct security flaws.
Only Android JB has fully implemented this feature.
So 80% of current Android devices aren't affected then. How many of the remaining 20% that still have the "security flaw" have resulted in harm to the user because of it? Anything you can point to or is it one of those theoretical attacks the security companies like to pump with little to no real world harm?
We have a winner. Funny to see the uninformed responses claiming you're wrong. Google Play Servics IS NOT the Android kernel, and it can't make changes to the kernel to correct security flaws.
We have a winner. Funny to see the uninformed responses claiming you're wrong. Google Play Servics IS NOT the Android kernel, and it can't make changes to the kernel to correct security flaws.
But it sure can help prevent any user harm that might have come from apps taking advantage of them. If the malware can't do the damage it intended then you're back to talking about what might have happened. Malware designed to take advantage of a security hole but prevented from hitting the target because of improved security features. Sounds like a stalemate for the most part.
So 80% of current Android devices aren't affected then. How many of the remaining 20% that still have the "security flaw" have resulted in harm to the user because of it? Anything you can point to or is it one of those theoretical attacks the security companies like to pump with little to no real world harm?
80%? Where did you get that figure from. According to Google, it's 64%. And as I'm sure you remember, Google changed the way they calculate the percentage of users on each version. They used to count ALL devices. Now they only count devices that SPECIFICALLY visited Google Play within the previous 7 days (in other words, the user visited the Store). Of course, when Google made this accounting change we suddenly had an increase in reported users on newer versions and a decrease on older versions.
So that 64% is also suspect since it doesn't count ALL devices in actual use, like it used to.
Why do I have to provide proof of harm? I don't get malware on my PC, but I'd have to be an idiot to ask someone for "proof" that people with PC's are getting infected.
80%? Where did you get that figure from. According to Google, it's 64%. .
According to the link you pointed me to the ASLR flaw was fixed with 4.0, then further improved with 4.1 Quote: "Android 4.0 Ice Cream Sandwich provides address space layout randomization (ASLR) to help protect system and third party applications from exploits due to memory-management issues." Maybe you didn't use a very good link. If accurate tho add in that 15+% and you get to 80%.
Google changed the way they calculate the percentage of users on each version. They used to count ALL devices. Now they only count devices that SPECIFICALLY visited Google Play within the previous 7 days (in other words, the user visited the Store)..
Google talks about that. According to the Google Dashboard disclaimer "Because this data is gathered from the new Google Play Store app, which supports Android 2.2 and above, devices running older versions are not included. However, in August, 2013, versions older than Android 2.2 accounted for about 1% of devices that checked in to Google servers (not those that actually visited Google Play Store).
Comments
The release of malware-friendly products does enormous damage to an industry that has become a central part of the global economy. This should NOT be tolerated in any shape or form. If that means putting big corporations out of business, and destroying 'shareholder wealth', then so be it. Those businesses will soon be replaced by others who behave in a much more responsible way towards their customers.
Why stop there? Go a step further, let's all kill ourselves so we don't get sick and avoid the medical costs.
As previously stated, hundreds of millions of phones in Asia do not in fact get updated!
Those that don't have Google Services certainly don't reap the benefits of those updates. That may also explain why most Android malware targets users in eastern Asian countries like China and Russia as opposed to US Android users.
100's of millions? A citation might be nice.
Are you referring specifically to China or Asia in general? China is its own problem if they won't permit Play Services, but even there some 30% of devices would still get AppVerify via Google Play if the OP was correct with his claim and figures. Is an Android device that doesn't offer Play Services even a Google Android device? Anyway I'm not aware of a problem using Play Services throughout Asia. Sounds like more drama. Maybe you have more information to offer?
TLDW
bold italics, ha
Yes sir it can, VerifyApps scans even applications originating outside the Play Store. That's one of primary reasons for it.
Whenever I quote long passages from another source I'll usually italicize it for obviousness. As far as being too long the post was for Daniels' benefit. I don't expect others to take the time to read it since most don't care about any inconvenient facts anyway. They already learned all they want to know about it from DED's article.
http://gigaom.com/2014/02/27/google-to-expand-androids-verify-apps-security-for-apps-after-installation/
https://support.google.com/accounts/answer/2812853?hl=en
There, fixed another one of your posts.
Just never with examples, nor disproving the post. . . Wow, I guess I never realized it was that easy to put words in other people's mouths.
You know exactly how to do that since it's you're trademark. Don't get offended when someone returns the favor.
You shouldn't talk about security when you know nothing about how OS's are designed. For starters read this:
http://en.wikipedia.org/wiki/Address_space_layout_randomization
Only Android JB has fully implemented this feature.
DING DING DING
We have a winner. Funny to see the uninformed responses claiming you're wrong. Google Play Servics IS NOT the Android kernel, and it can't make changes to the kernel to correct security flaws.
So 80% of current Android devices aren't affected then. How many of the remaining 20% that still have the "security flaw" have resulted in harm to the user because of it? Anything you can point to or is it one of those theoretical attacks the security companies like to pump with little to no real world harm?
That's not what he said though.
But it sure can help prevent any user harm that might have come from apps taking advantage of them. If the malware can't do the damage it intended then you're back to talking about what might have happened. Malware designed to take advantage of a security hole but prevented from hitting the target because of improved security features. Sounds like a stalemate for the most part.
So that 64% is also suspect since it doesn't count ALL devices in actual use, like it used to.
Why do I have to provide proof of harm? I don't get malware on my PC, but I'd have to be an idiot to ask someone for "proof" that people with PC's are getting infected.
According to the link you pointed me to the ASLR flaw was fixed with 4.0, then further improved with 4.1 Quote: "Android 4.0 Ice Cream Sandwich provides address space layout randomization (ASLR) to help protect system and third party applications from exploits due to memory-management issues." Maybe you didn't use a very good link. If accurate tho add in that 15+% and you get to 80%.
Google talks about that. According to the Google Dashboard disclaimer "Because this data is gathered from the new Google Play Store app, which supports Android 2.2 and above, devices running older versions are not included. However, in August, 2013, versions older than Android 2.2 accounted for about 1% of devices that checked in to Google servers (not those that actually visited Google Play Store).
No harm no foul. Theoretical security issues are far removed from real world maliciousness. You know that.