Three new malware strains infect 20k apps, impossible to wipe, only affect Android

1234689

Comments

  • Reply 101 of 166
    gatorguygatorguy Posts: 24,176member
    capasicum wrote: »

    Also, nobody ever said all Android devices have that option enabled. Daniel was talking about all Android devices that Google counts towards devices sold. Those include devices sold in China.

    And since you want examples, here are a few:
    ]Huawai[/B][/I][/SIZE] [SIZE=16px]devices ship[/SIZE] [SIZE=16px]without[/SIZE][SIZE=16px] Play Store in China[/SIZE][SIZE=16px]. All those use alternative stores, don't they? Care to check China sales rankings? Oh, you don't count those towards Android? But Google does. That is creative accounting.

    I thought Google had turned to only counting those devices that checked into Google Play as activated devices. Thus those in China cant be counted unless Google play is accessible to them.
    Google doesn't report sales which they couldn't know and instead counts unique activations (and also reports active devices which I'll get to in a moment) which actually means much more as far as the platform and especially developers is concerned. So how do they count these activations you might ask? When a smartphone owner first pays a visit to Google Play. If there's no Google Play available to that device, ie certain Chinese or Amazon phones for instance, they don't get included in the count. They couldn't.
    http://techcrunch.com/2013/04/03/android-activations-tweak/

    Makes absolute sense to do it this way too. It doesn't matter to the Google Android ecosystem how many devices are sold with some form of open-source AndroidOS without access to Google Play and its other services. That number would only serve someone's curiosity and no more, meaningless for the most part. But it DOES matter to developers and how they target their market when they know many Google Android handsets are out there and where, the general screen size and the OS version. All that is determined from Google Play.

    The other number Google talks about on occasion is "active devices". That means unique devices that have used some Google service over a defined period, typically 30 days. I wouldn't be surprised if Google uses a wider date range when they announce the big numbers if they don't stipulate, tho normally they do. In any event each device gets counted only once (unique identifier) even if they use the same service thousands of times that month. Sometimes they'll further break things down and announce "active GMail users", "active Google + users" or perhaps "active Google Photo" user numbers. They all are counted in the same manner.

    So when Google says there are '1.4 billion active Android devices" they're counting those that have used one of Google's services at least once during that time period, proof that they are being actively used and engaging with Google. I've not ever read that this number would be restricted to only those running the officially supported Google Android but it could be. If not tho I could see the possibility of something like an Amazon handset included in the "active" count assuming it registers as using the open-source Android OS, and there's probably others that would qualify. But if Chinese users can't access any Google services as Daniel has quite assuredly told us then basically none of those handsets are included in Google's "1.4B active Android users" . That follows the logic.

    I certainly understand your confusion when Google announces two different numbers. Once is counting Google Android activations via google Play visits while the other is a count of unique users of a Google service.

    So there's nothing at all "creative" about the numbers. If an Android device is using Google services its a perfectly valid number to report since it means something: That person is actively engaging with Google
  • Reply 102 of 166
    Quote:
    Originally Posted by Gwydion View Post





    Still waiting any proof of your claim.



    UT i suppose that it is just an invention and you're just making things up.

     

    Well, my statement is: "There is not a single statement by any Alphabet/Google/Android executive that they count only Play Store devices against sales."

     

    Obviously such statement is a bit hard to prove. But let me try :)

     

    Google executives always provide two numbers. One comes from analysts who watch the market. Those analysts count China and the whole world. They don't split it to Android with Play Store and without it. The other number is Play Store active users.

     

    Never even once did a Google executive provide a link between those numbers. There are a couple of articles on the internet that try to make the connection. But all they have is a speculation.

     

    Here's what we have up to now:

     - Play Store active accounts are around 1 billion

     - iOS are, say, 0.5 billion (1 billion devices sold almost a year ago, but obviously not all of them are active).

     

    How come iOS controls 15% of the market and Android controls 80%? Simple math that doesn't add up. Unless the 80% includes all kinds of Android flavors. 

     

    Maybe the market is split 15% iOS, 30% Android (Play Store), 50% Android forks, 5% for the rest. Maybe, I can only speculate.

     

    So, if my speculation is correct, then Daniel talks about 50% of the smartphone market - people, who buy non-Play Store devices.

     

    Quote:

    Originally Posted by Gatorguy View Post



    Google doesn't report sales which they couldn't know and instead counts unique activations which actually means much more as far as the platform and especially developers.

    Is TechCrunch the blog of Google executives? As far as I see this article only provides a speculation on the topic. Not facts. I think you are overly  enthusiastic and turn speculations of third parties into facts.

  • Reply 103 of 166
    richlrichl Posts: 2,213member
    Quote:
    Originally Posted by capasicum View Post

     

    Is TechCrunch the blog of Google executives? As far as I see this article only provides a speculation on the topic. Not facts. I think you are overly  enthusiastic and turn speculations of third parties into facts.


     

    Did you even scroll down to the bottom of the page? There's a link to Google's website.

     

    Fact: Google only counts devices with Google Play in their stats.

  • Reply 104 of 166
    Quote:
    Originally Posted by RichL View Post

     

     

    Did you even scroll down to the bottom of the page? There's a link to Google's website.

     

    Fact: Google only counts devices with Google Play in their stats.




    Well, stats about the distribution between different Android-with-Play-Store versions. Nowhere does it state that "Google only counts Android-with-Play-Store towards reported sales".

  • Reply 105 of 166
    gatorguygatorguy Posts: 24,176member
    capasicum wrote: »
    [SIZE=16px]Is TechCrunch the blog of Google executives? As far as I see this article only provides a speculation on the topic. Not facts. I think you are overly  [/SIZE][SIZE=16px]enthusiastic and turn speculations of third parties into facts.[/SIZE]
    You don't see what you don't want to? That's not at all abnormal. We all do that at least once in awhile.
  • Reply 106 of 166
    So much arguing over the semantics of 3rd party Android stores. It's irrelevant.


    The bottom line, as I stated previously, is that Android will NEVER approach iOS for security and will remain an utter mess for years to come. The only reason so many are nitpicking about these 3rd party stores or reminding us that Google Play devices have side loading disabled (until the user overrides it) is they don't want to discuss the OVERALL state of security in Android.

    Classic deflection by people trying to avoid the REAL issue. Android is a joke for security.
  • Reply 107 of 166
    gatorguygatorguy Posts: 24,176member
    So much arguing over the semantics of third party Android stores. It's irrelevant.


    The bottom line, as I stated previously, is that Android will NEVER approach iOS for security and will remain an utter mess for years to come. The only reason so many are nitpicking about these 3rd party stores or reminding us that Google Play devices have side loading disabled (until the user overrides it) is they don't want to discuss the OVERALL state of security in Android.

    Classic deflection by people trying to avoid the REAL issue. Android is a joke for security.
    Certainly a valid opinion to have.
  • Reply 108 of 166
    gwydiongwydion Posts: 1,083member
    Quote:
    Originally Posted by capasicum View Post

     

     

    Well, my statement is: "There is not a single statement by any Alphabet/Google/Android executive that they count only Play Store devices against sales."

     

    Obviously such statement is a bit hard to prove. But let me try :)

     

    Google executives always provide two numbers. One comes from analysts who watch the market. Those analysts count China and the whole world. They don't split it to Android with Play Store and without it. The other number is Play Store active users.

     


     

    Wrong, Google executive only provide ONE number. And they don't count devices without Play Services

     

    And your claims was that they were caught being creative.

     

    Backpedaling?

     

     

     

    Quote:
    Originally Posted by EricTheHalfBee View Post



    So much arguing over the semantics of third party Android stores. It's irrelevant.





    The bottom line, as I stated previously, is that Android will NEVER approach iOS for security and will remain an utter mess for years to come. The only reason so many are nitpicking about these 3rd party stores or reminding us that Google Play devices have side loading disabled (until the user overrides it) is they don't want to discuss the OVERALL state of security in Android.



    Classic deflection by people trying to avoid the REAL issue. Android is a joke for security.

     

    Read wrong, corrections:

    Deflection? Then we can discuss about Android security. But that has nothing to do with the wrong claims made by the author of this editorial

  • Reply 109 of 166
    gatorguy wrote: »
    Certainly a valid opinion to have.

    Not an opinion. FACT.

    Android is a security mess compared to iOS.
  • Reply 110 of 166
    gatorguygatorguy Posts: 24,176member
    capasicum wrote: »
    Well, my statement is: "There is not a single statement by any Alphabet/Google/Android executive that they count only Play Store devices against sales."

    Obviously such statement is a bit hard to prove. But let me try :)

    Google executives always provide two numbers. One comes from analysts who watch the market.
    There's some disconnection there I believe. An analyst watching the market is not the same as as officially announced numbers from Google ( or Apple or whoever) themselves. As a regular reader of AI you should know that.
  • Reply 111 of 166
    gatorguygatorguy Posts: 24,176member
    Not an opinion. FACT.

    Android is a security mess compared to iOS.

    oh. . OK then. . . A security mess compared to iOS. Gotcha.

    Surprise! I actually agree with you, if you're referring to Android security in general and particularly on your average handset (which I assume you are), that it is not up to Apple standards. Of course any of the mobile OS's are more secure than their desktop brethren aren't they?

    With that noted some specific Android handset implementations can be as or even more "secure" than an iPhone. I'm sure you do some reading outside of AI and have noted a few articles about them. It's not Android, it's how it's implemented. But I get your drift. Perception is often considered reality.
  • Reply 112 of 166
    gatorguygatorguy Posts: 24,176member
    If that's the case then why aren't Android phones, more specifically the Android OS, banned in China, also?

    China looks to be primarily (near exclusively?) forked versions of Android, and not usually referred to as Android anyway. Xiaomi uses MIUI for instance for it's Chinese market handsets, which appears to be an Android offshoot with Chinese based services. Some of the lesser Chinese companies (at least less known in the West) would like to claim they aren't using Android at all, having created their own original OS that just looks a lot like Google Android or sometimes iOS. :D
  • Reply 113 of 166
    Quote:

    Originally Posted by Gatorguy View Post





    oh. . OK then. . . A security mess compared to iOS. Gotcha.



    Surprise! I actually agree with you, if you're referring to Android security in general and particularly on your average handset (which I assume you are), that it is not up to Apple standards. Of course any of the mobile OS's are more secure than their desktop brethren aren't they?



    With that noted some specific Android handset implementations can be as or even more "secure" than an iPhone. I'm sure you do some reading outside of AI and have noted a few articles about them. It's not Android, it's how it's implemented. But I get your drift. Perception is often considered reality.

     

    More deflection. "some specific Android implementations". Of course, you're referring to outliers (like the US Military creating a highly customized and 100% locked down version of Android for their own use). But that's not representative of the other 99.9% of Android devices out there, so why bring it up?

     

    Android is a mess for the following reasons:

     

    1. Updates. It's not a question of IF an exploit will be found, it's a question of WHEN. Being able to patch an exploit quickly after discovery is the single biggest factor in reducing any damage through a security exploit. Something I mentioned in the other thread but nobody wanted to discuss it because Android is a complete failure in this area (outside of Nexus devices, which also comprise a very small percentage of all Android devices).

     

    2. Variations in hardware. Companies that manufacture components provide libraries for inclusion into Android. This is another 3rd party source of code that Google has no control over, yet is 100% essential to whether or not a device operates (your smartphone is useless if you can't access the CPU/GPU or cellular modem). And manufacturers aren't quick to update these libraries for older devices.

     

    3. New hardware/features. In the never ending quest to to differentiate themselves, many makers try to introduce features not actually a part of Android (fingerprint scanners, pen input or Huawei's version of 3D Touch). This introduces yet another chunk of code that Google has no control over.

     

    4. Touchwiz. Or any other custom software that OEMs add to again try to differentiate themselves. Further modification of the Android source code to add their own twist to Android and more code that's out of the control of Google.

     

    5. 3rd party libraries. These are used in both iOS and Android (Unreal gaming engine is a perfect example). While both operating systems use these, they are far more prevalent on Android. The sheer number of libraries just for advertising is mind boggling. Again, more choices of code that's not under Google control.

     

    6. AOSP. The source code for Android is free for anyone to look at (Android, not Google Play Services). What the Linux fans (and Microsoft haters) have been saying about open source is only partially true - having thousands of programmers examining your code means bugs are found quicker and incorporated into the gold master code. Except that hackers can also look at this code to gain valuable insight into the underlying architecture of Android to help them spot areas to exploit. Just because your bank has a vault, doesn't mean you want outsiders to come in and "look around".

     

    That's all I can think of for now.

  • Reply 114 of 166
    gatorguygatorguy Posts: 24,176member
    More deflection. "some specific Android implementations". Of course, you're referring to outliers (like the US Military creating a highly customized and 100% locked down version of Android for their own use). But that's not representative of the other 99.9% of Android devices out there, so why bring it up?
    OEM's are finally starting to come around IMO. Hopefully even more of them will follow Blackberry's example (Silent Circle is another) and roll out Google's regular monthly security updates to their Android handsets each and every month just as Google is doing with the Nexus models.
  • Reply 115 of 166
    gwydiongwydion Posts: 1,083member
    Quote:

    Originally Posted by EricTheHalfBee View Post

     

     

    More deflection. "some specific Android implementations". Of course, you're referring to outliers (like the US Military creating a highly customized and 100% locked down version of Android for their own use). But that's not representative of the other 99.9% of Android devices out there, so why bring it up?

     

    Android is a mess for the following reasons:

     

    1. Updates. It's not a question of IF an exploit will be found, it's a question of WHEN. Being able to patch an exploit quickly after discovery is the single biggest factor in reducing any damage through a security exploit. Something I mentioned in the other thread but nobody wanted to discuss it because Android is a complete failure in this area (outside of Nexus devices, which also comprise a very small percentage of all Android devices).

     

    2. Variations in hardware. Companies that manufacture components provide libraries for inclusion into Android. This is another 3rd party source of code that Google has no control over, yet is 100% essential to whether or not a device operates (your smartphone is useless if you can't access the CPU/GPU or cellular modem). And manufacturers aren't quick to update these libraries for older devices.

     

    3. New hardware/features. In the never ending quest to to differentiate themselves, many makers try to introduce features not actually a part of Android (fingerprint scanners, pen input or Huawei's version of 3D Touch). This introduces yet another chunk of code that Google has no control over.

     

    4. Touchwiz. Or any other custom software that OEMs add to again try to differentiate themselves. Further modification of the Android source code to add their own twist to Android and more code that's out of the control of Google.

     

    5. 3rd party libraries. These are used in both iOS and Android (Unreal gaming engine is a perfect example). While both operating systems use these, they are far more prevalent on Android. The sheer number of libraries just for advertising is mind boggling. Again, more choices of code that's not under Google control.

     

    6. AOSP. The source code for Android is free for anyone to look at (Android, not Google Play Services). What the Linux fans (and Microsoft haters) have been saying about open source is only partially true - having thousands of programmers examining your code means bugs are found quicker and incorporated into the gold master code. Except that hackers can also look at this code to gain valuable insight into the underlying architecture of Android to help them spot areas to exploit. Just because your bank has a vault, doesn't mean you want outsiders to come in and "look around".

     

    That's all I can think of for now.


     

    In conclussion, a platform that is more open than another is less secure. Shocking.

  • Reply 116 of 166
    gwydion wrote: »
    In conclussion, a platform that is more open than another is less secure. Shocking.

    Translation. "I don't want to talk about the sorry state of Android security, so I'll deflect the conversation and spend inordinate amounts of time discussing whether or not Android devices have 3rd party side loading enabled or disabled."
  • Reply 117 of 166
    gwydiongwydion Posts: 1,083member
    Quote:
    Originally Posted by EricTheHalfBee View Post





    Translation. "I don't want to talk about the sorry state of Android security, so I'll deflect the conversation and spend inordinate amounts of time discussing whether or not Android devices have 3rd party side loading enabled or disabled."

    Translation, almost all of your points have nothing to do with Android. They have to do with open platforms like Android, Linux, Windows or, even OS X. Now we can start to talk about those points and, the really important one, how Android updates are done but the other ones doesn't have a shit with Android being a security mess or not, they are shared by almost all operating systems

     

     

    And, second time I explain to you, those point has nothing to do with the author of this editorial making wrong and false claims.

  • Reply 118 of 166
    tmaytmay Posts: 6,309member
    Quote:

    Originally Posted by Gatorguy View Post





    oh. . OK then. . . A security mess compared to iOS. Gotcha.



    Surprise! I actually agree with you, if you're referring to Android security in general and particularly on your average handset (which I assume you are), that it is not up to Apple standards. Of course any of the mobile OS's are more secure than their desktop brethren aren't they?



    With that noted some specific Android handset implementations can be as or even more "secure" than an iPhone. I'm sure you do some reading outside of AI and have noted a few articles about them. It's not Android, it's how it's implemented. But I get your drift. Perception is often considered reality.

    "some specific Android implementations"

     

    Strictly speaking, disingenuous; getting to pick and choose an implementation is wonderful as an argument, but in the real world, Apple only has iOS versions, and jailbreaks, and Android OS is, to say the least, greatly varied. One could as well argue that Enterprise and Defense implementations of iOS devices are at a higher level of security than the the general population, and likely better than Android OS beginning with hardware, but again, that isn't the real world.

  • Reply 119 of 166
    gatorguygatorguy Posts: 24,176member
    tmay wrote: »
    "some specific Android implementations"

    Strictly speaking, disingenuous; getting to pick and choose an implementation is wonderful as an argument, but in the real world, Apple only has iOS versions, and jailbreaks, and Android OS is, to say the least, greatly varied. One could as well argue that Enterprise and Defense implementations of iOS devices are at a higher level of security than the the general population, and likely better than Android OS beginning with hardware, but again, that isn't the real world.
    You're talking about devices not available to the general public? I'm not. Anyone can buy a Priv. Anyone can buy a BlackPhone. Both are available to the "general population". They're not in the least disingenuous choices IMHO.

    Regarding Blackberry's entry I'd probably wait for the second version myself.. In general brand new entries have come with growing pains. 2nd gen is normally a big improvement. From a security standpoint tho Blackberry does understand it and what it requires.
  • Reply 120 of 166
    gatorguygatorguy Posts: 24,176member
    What? 

    Stop talking. You don't know your head from your ass.

    I would have assumed you were aware of Google's interest and efforts to patch things up with China. Pinchai himself mentioned it back in February so its not exactly breaking news.

    http://arstechnica.com/gadgets/2015/09/report-google-will-comply-with-censorship-laws-to-get-play-into-china/
    http://venturebeat.com/2015/09/10/googles-return-to-china-wont-be-easy/
Sign In or Register to comment.