Google finds serious flaws in Android code Samsung added to Galaxy S6 Edge

2

Comments

  • Reply 21 of 58
    lwiolwio Posts: 100member
    Working as designed.
    They've flogged the phones got the money.
    Want it updated with the latest droid and avoid all (cough) these nasty security problems? Just buy our new phone.
    Rinse and repeat.
  • Reply 22 of 58
    slurpyslurpy Posts: 5,355member
    Quote:

    Originally Posted by Brakken View Post



    Somehow, this news never seems to make it into CNN, Cnet or mashable. I would never imagine it's because Apple's competitors leave skid marks in their undies everyday, and that their only hope of survival is to besmirch Apple.



    The psychologically interesting thing is how far people go to ignore what they know to maintain a position.



    The only way out for Goog is to dump Andyroid and replace it with a new OS, one built and designed like iOS. Sams should try integrity.

     

    Well, they're definitely trying their best to clone iOS. Marshmallow basically copies the iOS privacy/permissions methodology (fine control over every app's permissions), implicitly admitting that Apple had it right all along, but without anyone from Google having the balls to come out and say it. 

  • Reply 23 of 58

    Ha Ha Ha Ha Ha HaHa Ha HaHa Ha HaHa Ha HaHa Ha HaHa Ha HaHa Ha Ha

     

    Gave me a good laugh

  • Reply 25 of 58
    apple ][apple ][ Posts: 9,233member

    I've probably said this before numerous times, but if I owned any type of business that had employees, I would forbid all employees from using or owning any Android phones, because of multiple reasons, with just one of them being that they pose security risks. Employees would also be forbidden from using Android phones on their free time, as work related communication might also occur outside of work hours.

     

    I would definitely disciminate against Android and their users in my business. My business, my rules.

  • Reply 26 of 58
    sirlance99sirlance99 Posts: 1,278member
    apple ][ wrote: »
    I've probably said this before numerous times, but if I owned any type of business that had employees, I would forbid all employees from using or owning any Android phones, because of multiple reasons, with just one of them being that they pose security risks. Employees would also be forbidden from using Android phones on their free time, as work related communication might also occur outside of work hours.

    I would definitely disciminate against Android and their users in my business. My business, my rules.

    So in this pretend business of yours, what about your clients that had a Android device exchanging information? How would you handle that?
  • Reply 27 of 58
    It doesn't interest Samsung to offer s good product, secure code, or to do anything ethical.

    Theyve demonstrated time and again that they are a business that is only interested in the definition of business: profit.

    What they fail to do is maintain s profit while also recognizing that they are humans serving other humans.

    It is a failure that is already coming back to haunt them. But they'll never see this. They'll just rush out the next "first!" Product with s decent enough design that some people may give them money for.

    They'd sell you cyanide in an aspirin bottle of it was legal.

    One of the actual evil companies out there.
  • Reply 28 of 58
    gatorguygatorguy Posts: 23,393member
    False. Nothing was "forgotten" or omitted: "Samsung and Google have worked to patch the most serious bugs found"

    Reality remains.
    Google does a good job of quickly responding to most security issues in Android. Like Apple they also get them out to their own smartphone owners efficiently and directly, bypassing carriers altogether. Most recently Google has added a regular schedule of monthly bug and security fixes directly to their smartphones, every month. The problem is only a very few Android phones are sold by Google in their Nexus line and those are the only ones they can do this with. The OEM's receive base Android code which they then customize and add to for their own hardware and "special" features making it impossible for Google to directly update. If the very latest software and security updates are most important to you, and I think it should be, you have two choices in my opinion: an iPhone or a Nexus.

    But with that said, and for all the doom and gloom and hand-wringing (and perhaps wishing :\ ) you've presented for us, the Android sky is not falling. Not yet. There's a good chance that even tho it hasn't happened, someday one of these so far overblown risks that security companies try to scare us with and AI is happy to promote will hit a few million users smack in the face That's when the OEM's may actually get it. Lookin at you Sammy.

    When (not if IMO) it happens Nexus and iPhone owners will be happy they made the choice of product they did while some of the other companies will get the backlash they'll deserve.
  • Reply 29 of 58

    Remove and forbid installation of the Chrome browser on iOS for the final rollout of 9.1. Problem solved. Tough love. Keep us safe Apple.

  • Reply 30 of 58
    davidwdavidw Posts: 1,606member
    Quote:
    Originally Posted by irnchriz View Post



    the author forgot to mention:



    Conclusion



    A week of investigation showed that there are a number of weak points in the Samsung Galaxy S6 Edge. Over the course of a week, we found a total of 11 issues with a serious security impact. Several issues were found in device drivers and image processing, and there were also some logic issues in the device that were high impact and easy-to-exploit.



    The majority of these issues were fixed on the device we tested via an OTA update within 90 days, though three lower-severity issues remain unfixed. It is promising that the highest severity issues were fixed and updated on-device in a reasonable time frame.



    I'm all for android bashing as I am not a fan of it whatsoever but don't sink to this level. iOS and OS X have had security issues before which took Apple a while to patch also, how do you think they jailbreak iPhones? Security holes..

     

     

    The issue isn't that Google and Samsung didn't work quickly to patch most of the high risk security holes. Or that security holes were found at all. The issue seems to be that these dozen (or so) security holes were relatively easy to find and shouldn't have made it into the final released version of Android (that Samsung modified)  to begin with. It's as through Samsung didn't bother do any testing, of their modified version of Android, before releasing it because they don't know any better or don't care. 

  • Reply 31 of 58

    It took them only one week to find this many critical vulnerabilities in Samsung phones, most of which will never actually receive a patch for them. How many more could be found with more time and resources (like criminal organizations have)? Now multiply by the number of Android OEMs, then multiply again by a factor that takes into account that Samsung has, by far, the most resources of any other Android OEM.

  • Reply 32 of 58
    cpsrocpsro Posts: 2,998member
    Quote:
    Originally Posted by Gatorguy View Post



    When (not if) it happens Nexus and iPhone owners will be happy they made the choice of product they did while some of the other companies will get the backlash they'll deserve.

    Do those other companies' customers deserve it, too? And why shouldn't Google receive a ton of flak for making it all possible?*

     

    *Google even indemnifies Android licensees in patent infringement cases, helping to push Android on an unwitting public.

  • Reply 33 of 58
    Pretty Creepy how so many of the Samsung Phones have horrible security. Really worrying for a lot of users I'm sure.
    -Ted

  • Reply 34 of 58

    ?Pretty Scary that so many Samsung phones are vulnerable like this. Very worrisome, especially for all the Android Samsung users out there....

    ?



     

  • Reply 35 of 58
    "That could mean the NSA and/or other government organizations will be able to circumvent iOS 9's security safeguards, such as full-disk encryption, and install eavesdropping apps or simply sabotage a device."
    This is more serious, a way of compromising 2/3 of iPhones but DED managed to miss it in his diatribe, why?
  • Reply 36 of 58
    tmaytmay Posts: 5,730member
    Quote:

    Originally Posted by singularity View Post



    "That could mean the NSA and/or other government organizations will be able to circumvent iOS 9's security safeguards, such as full-disk encryption, and install eavesdropping apps or simply sabotage a device."

    This is more serious, a way of compromising 2/3 of iPhones but DED managed to miss it in his diatribe, why?

    This is the part where you provide the link to the quote; please?

  • Reply 37 of 58
    gatorguygatorguy Posts: 23,393member
    cpsro wrote: »
    Do those other companies' customers deserve it, too? And why shouldn't Google receive a ton of flak for making it all possible?*

    *Google even indemnifies Android licensees in patent infringement cases, helping to push Android on an unwitting public.
    That Google indemnifies Android against patent assertions is as it should be and admirable. Apple too indemnifies developers who use their code against IP claims, up to $50. Before delving into what you asked tho what do you mean Google "made it all possible"? The security issues in this case weren't in the Google Android code were they?

    EDIT: Something to consider. Over a billion Google Android smartphones active worldwide. Missing so far are all the news stories about actual harm to even 10's of millions of those users. Hackers stealing their passwords, or banking information, or credit card numbers? If there was real-life harm being done Daniel Dilger would let you know, evidence it ain't happenin'. That says more about the relative security of Android than all these Chicken Little stories IMHO.
  • Reply 38 of 58
    tmay wrote: »
    This is the part where you provide the link to the quote; please?

    http://appleinsider.com/articles/15/11/03/team-claims-1-million-bounty-for-remotely-jailbreaking-ios-91-92
    sorry for not linking to the AI article
  • Reply 39 of 58
    croprcropr Posts: 1,076member
    Quote:
    Originally Posted by Apple ][ View Post

     

    I've probably said this before numerous times, but if I owned any type of business that had employees, I would forbid all employees from using or owning any Android phones, because of multiple reasons, with just one of them being that they pose security risks. Employees would also be forbidden from using Android phones on their free time, as work related communication might also occur outside of work hours.

     

    I would definitely disciminate against Android and their users in my business. My business, my rules.




    I own an app development company and would never consider such a policy.  Who do you think you are that you can forbid employees to use Android phones in their free time.  Such a policy is disrespectful, unethical and in most countries illegal.  It reminds me of totalitarian regimes, I don't want to be associated with.

     

    As an entrepreneur you have to manage a lot of risks.  Security related risks are relevant but not among the most important ones.  You always have to balance the cost and the benefits of your security policy. And by the way there is no OS without security issues.  

     

    I give my employees a yearly budget of 300 Euros for buying a company smartphone and/or tablet, giving them the possibility to buy top line models at strongly reduced prices.  75% of the employees choose a mid tier Android phones like a Moto G + a tablet.  I publish white lists for apps they can install without permission.  Up to now I never had an exploited security issue with Android (or with iOS).   I did have security issues with Windows PCs, not with my Mac and Linux boxes.

  • Reply 40 of 58
    maestro64maestro64 Posts: 5,035member

    What would you expect from and open source OS that anyone is allowed to basterize it in the name to make their product look differenct than anyone elses. This is why MS had the issues and Apple has never had this level of problems.

Sign In or Register to comment.