The vulnerability is the attacker's way into your system. If you've rooted and blocked that vulnerability, then the attacker can't use that way into your system.
Remote code execution is least of the worries on Android. Today I downloaded an app and I read their privacy policy. They will read my browser , all the packages installed on my phone and my precise geolocation. Why did they need those permission just to show you ads.
People don't really read terms and conditions. You can get pretty much any information from users because they reading is inconvenient.
1. There is an exploit that leaves complete control of your phone to anyone without you even having to look at the screen.
2. Some applications want to use too much permissions on your phone. You probably don't want to install them.
And the second is a bigger problem? Really?
Android is the most transparent and detailed about what applications can actually do on your phone from any such system I've ever seen. People make concious (stupid, but concious) decisions to still use apps and ignore the presented information. This exploit removes all control a user may have.
By making this comparison in the first place, you are confusing the discussion already. Yes, Android can and should improve when it comes to user control. But this is a problem that leaves hundreds of millions devices exploitable even without depending on user ignorance. This exploit and the issue you mention are not even related.
>Android is the most transparent and detailed about what applications can actually do on your phone from any such system I've ever seen.
Not anymore they're not [1][2], permissions now fall into large buckets.
iOS is probably the best as far as privacy sensitive permissions go. You're prompted at request time instead of at install, so you know the context of why it needs a permission (like GPS or contacts). You can also revoke a permission after granting it. You can't do that in Android.
iOS has better usability on this, but Android's permissions are still far more detailed and fine grained. If Android adopted some of iOS user control features, which seems to be happening [1], it would be almost perfect.
I definitely agree that Android's user interface is a problem, and that transparency is hindered because of these changes. Nonetheless, a user can still know what an app can do to a degree of detail far exceeding other systems. Android's technical capability here exceeds other platforms, so let's hope they'll make it usable soon.
Yeah, I'm deeply upset by the permissions-control changes. It's not so much simplifying for normal folks that I object to do much as not having an option to let me see the detail.
Google are getting worse and worse, becoming more like an Apple or Microsoft. But where else is there to turn?
> Android is the most transparent and detailed about what applications can actually do on your phone from any such system I've ever seen.
So you haven't yet taken a look at iOS? iOS is pretty transparent. I would say far more so than the broad, vague permissions model Android is currently using and the even vaguer one they're moving to with their "L" release.
Additionally, with iOS, you can also go back and granularly review app privacy settings and adjust them, if desired. You can't do that on vanilla Android.
In terms of impact right now, the app permissions thing is a much bigger problem, yes. People get scammed by apps every day, whereas this doesn't appear to be being exploited in the wild at all.
That is not the point. Both are very serious issues. But one is a usability+curation problem, and this is an unpatched security exploit. Combining the discussion on these things in this thread is confusing and unhelpful to both issues.
The biggest different is that (to some extent) this vulnerability requires no user intervention (at least not in an active capacity), whereas the app permissions issue is one where the user has actively chosen to accept something.
Leave aside, terms and conditions. These days, the Play-Store doesn't even show all the permissions requested by an app! The Internet permission, arguably one of the critical ones, doesn't even register!
I was talking about the prompt itself. It now doesn't show all the permissions [1].
Quoting:
"These days, apps typically access the Internet, so network communication permissions including the “full Internet access” permission have been moved out of the primary permissions screen."
Why is the technical manifest APK implementation relevant to why you don't expect to see it in the store? Google have the APK, it's not like they can't look and tell you what it says.
Because its a shit ton of metadata and it only makes sense to compare permissions when they know what version you already have which the device is better at doing.
I've been looking for a task-based alarm app (i.e. solve math problems before you can disable it) that doesn't require any more access than knowing whether or not I am currently in a call (to reduce or mute the alarm). So far, all the apps I have found require some combination of the following priveleges:
- Identity
- Wi-fi
- Location
- Photos/Media/Files
- Camera/Microphone
- Device & app history
- In-app purchases
- Device ID & call info
Only the last is required (and only the "call info" part). I can't imagine anyone who would ever want an alarm app to track their location or have access to their identity information, but perhaps such people exist.
I'd prefer no ads, so I'm willing to pay for a no-ads version. But ONLY if the app is not a power grab by the developer so that any conceivable monetization strategy is available to them in the future. If I can't find such an app I'll just have to use the built in Android alarm (which isn't task-based, sadly).
Which is the sole reason I install CyanogenMod - to regain control over what apps can do with my phone.
It's not just "techie" people that have these concerns - my wife insisted that one of the criteria for her new phone be that a CM build be available for exactly the same reason.
You don't need to install CM, just root the device and install XPrivacy. You can open very small holes without having to grant full permissions (e.g. read file /sdcard/xxxx instead of read/write to the whole sdcard)
1) A terrible, terrible User Interface. As a connoisseur & past perpetrator of bad UIs I know one when I see one & the XPrivacy UI is awful. The gui of the App itself is obtuse, consisting of an enormous laundry list of Android API function calls with no clear explanation of what impact they have on the user's data. Meanwhile, the prompts shown to the user when an App asks for access to a resource which is marked as requiring a prompt to the user are atrocious: Now you have to decide whether or not to allow some opaque Android function call but you'd better decide quickly because there's a timer running out on the screen in front of you: If you don't decide before the timer runs out then the App will get one-time access to that resource.
Did I mention that this is a terrible UI? It could be the poster child of UIs written by software engineers for people that are exactly like them.
2) It's not actually secure. Because it injects code into the address space of the target App, an App that is "XPrivacy aware" can overwrite that code with it's own code and eliminate the protections that XPrivacy claims to provide. (Technically the App has to load a binary library in order to do this, but many Apps need binary libraries so the user is likely to give permission to issue a loadLibrary() call & once that's happened all the XPrivacy guarantees are dead letters.)
XPrivacy also requires the entire XPosed framework to be installed & I'm not entirely sure I trust that either. I doubt it's ever been audited by a security professional of any stripe.
IMO, you get a much stronger privacy guarantee from either CyanogenMod or one of the other Android forks that build on the AppOp API that Google inadvertently shipped with previous Android versions.
I got so tired of testing all the flashlight apps. Some had ads, other required too many permissions. In the end I wrote my own, in a couple of hours. It's ad free, and doesn't require anything:
That is what I am talking about. I downloaded a silly entertainment app. It has no need to my browser history, my geolocation and all the apps I have installed on my phone. But it still requires those permission to show me ads.
Yeah. It would be really nice if stock android included the permissions editor thingy, where you can revoke permissions that applications claim to require. I know dumb users will use it to break stuff, but tuck it behind a secret code and four warning screens or something.
AFAIK Android did ship with something like that recently but they killed it, not that I saw it personally. I reckon they killed it due to people shooting permissions randomly.
What I want to see is a trust rating for an app when I install it which analyses the required permissions, the company's reputation and the privacy implications.
Thanks for the link. I was under the impression that functionality required root. Unfortunately, the Play store says that app isn't compatible with my device. Perhaps it's because I'm using Android 4.4, while that app's description mentions 4.3.
At least, in your case, you can opt not to download/install. You can read those terms and you can choose either to install or not. Yes, nobody does, but maybe it is time to do it.
Let's not mix apples with oranges.
Privacy will always be a issue when you want an ``enriched experience'' from that app (although in some cases, privacy it is just being abused from other malign or commercial value).
This is very problematic for Android. It was a question of time before such an issue crept up that left a large amount of legacy devices fully compromisable remotely. This is the biggest problem of relegating software updates to a complex and unwilling group of people, instead of a single party.
The biggest problem in solving this issue is: "who is going to solve it?". The software fix should surely be made by Google's Android team, but a software fix is not a solution. It needs to be distributed as well. And you can count on that not going well at all.
It appears that the equivalent of NoScript for Android WebViews could be quite useful in protecting against this sort of thing, although no doubt there would be a massive backlash against it since I'd bet most of the time this is being used for showing ads...
Trying to spread Stallman's ideas by FUD does not help spreading Stallman's ideas. Stop doing that.
I don't get why free software zealots hate Android so much. It is by far the most "free" popular operating system ever made. Never has there been a user facing operating system in the possession of 100s of millions of people, for which you can readily download and study the large majority of code running the system on these devices. It is even possible to purge some devices of non-free code (including blobs) completely, if you so desire [1].
> Never has there been a user facing operating system in the possession of 100s of millions of people, for which you can readily download and study the large majority of code running the system on these devices.
This is going to be completely off-topic, but most Android installations don't really qualify as "free" as they lack essential freedom to tinker with the code and put it back on the device. Vast majority of Android-based phones are purportedly severely tivoized, and many vendors actively fight any attempts to work around those limitations. That is, having an ability to read the source code doesn't make the software free.
So, on the contrary Android family of OSes (with the exception of AOSP and Replicant) is one of the mostly tightly locked-down computing platforms that has one of the core practices of not letting users accessing anything more than device vendor had allowed. Unsurprisingly, this is frowned upon from many zealots.
That is why I put "free" in quotations. Furthermore, many devices sold do allow you to at least put open source equivalents on them on these devices; many flagship phones allow this with some know-how. On the scale of freedom from 0 to 10 (0 being a Lumia, 10 being the computer that RMS uses), I'd say most Android devices are a 3, with many devices being able to go up to a 6 and some devices going up to an 8 with Replicant.
Nonetheless, people fail to recognize the freedoms that Android does give you, and only criticize the freedoms that it doesn't give - the reasons why it's not a 10. If not for Android, I'd wager we would not be able to go beyond 2 (≈ iOS) on the freedom scale when buying mobile phones. That would be bad, and it seems zealots fail to recognize this (that's probably why they are zealots in the first place).
Richard Stallman has said a lot of things but as per any extremist you need to take all opinions in context to reality.
I used to agree with him but the thousands of hours of arguing with free software make me disinterested in the proposition. I'm willing to trade some of the perceived freedom advantages for practicality and gain more time to so what I want to do, which isn't incidentally wondering why the 50th autoconf run didn't work building gnumeric with a patch because it had a bug.
The problem is that most people aren't even aware they're trading anything. That you consciously made that decision means the movement has already accomplished an important step.
Besides, gnumeric bugs will sound great when Google bans your account for deity knows why :)
Most people aren't interested in the mechanism of anything, just the results. They don't make the concious decision not through education but through apathy and the desire to get from A to B via the shortest path.
As for Google; backups. If my account gets toasted it's a couple of hours inconvenience to set everything up and little else.
What if I told you, that most people do not trade anything?
I may have a theory that each time you use GPL you are trading away 17 karma points, but that does not it true.
If all you need is internet blocking then: https://play.google.com/store/apps/details?id=com.googlecode...
It works great and very easy to use.
For more comprehensive blocking: https://play.google.com/store/apps/details?id=biz.bokhorst.x...
It's more difficult to use but you can control everything.