Bob
20th January 2016, 23:07
"I can't take it anymore for one simple, but really fundamental, reason."
Last summer at the outbreak of Stagefright (a flaw that enabled attackers to compromise Android devices by simply sending a text message), Android enthusiast Lorenzo Franceschi-Bicchierai wrote "In many ways, Android is great. I love its open source ethos and the ability one has to customize it. But I can't take it anymore for one simple, but really fundamental, reason.
"Google still has very little control over software updates, and Android users are basically at the mercy of their carriers and phone manufacturers when it comes to getting updates or new operating system versions."
(Source (http://appleinsider.com/articles/16/01/20/another-new-kernel-flaw-that-google-wont-fix-for-android-users-prompts-more-switching-to-apples-ios))
Now what?
A new Zero-Day flaw discovered by Perception Point Research has existed since 2012, long enough to have to spread vulnerability across "tens of millions of Linux PCs and servers, and 66 percent of all Android devices."
As noted in a report by Dan Goodin of Ars, the flaw allows unprivileged apps to "gain nearly unfettered root access," including access to camera, microphone, GPS location and personal data.
And security researcher Nicholas Weaver is giving us an easy example to put this issue in perspective: "Imagine if Windows patches had to pass through Dell and your ISP before they came to you?
And neither cared? That is called Android."
In November, Chris Soghioan, the principal technologist for the American Civil Liberties Union, described Google's lack of updates—combined with its lack of user privacy and data collection—as a "digital security divide," adding that "the security people I know at Google are embarrassed by Android."
(sigh)
One is tempted to ask, exactly who is running Google's development program, the apparently either knowingly flawed OS produced and turned on the public "freely to install and use" (according to some certain terms in the license...) or accidentally missed during the debug phase issues that come up. One is tempted to say all software development programs suffer from bugs not being discovered early during the alpha and beta shakeouts.. Or is there something else going on? Just think of it, if one were actively involved as a spook or associated with one - having access to a spying/reporting device that anyone who has been lead to obtain such a "smart-phone", how much of a service Google is actually providing? Can we ask, "At what cost did the owner(s) "sell out" for again?" It would be interesting to see some whistleblowers appear explaining through example and tracking back to the periods chronologically of inception to deception..
http://photos2.appleinsidercdn.com/gallery/15577-11967-Screen-Shot-2016-01-14-at-72730-PM-l.jpg
Android's problem caused by the fragmented accountability of carriers, hardware makers and Google itself to create, test and distribute updates for their customers after the initial sale.
Putting that in perspective, at best 1 1/2 years of updates from a newly purchased smartphone running the newest operating system software... And all the older smartphones do not ever get fixed. WHO updates every 1 1/2 years? Usually those contracts go for 2 years, and what happens during that last 6 months? The ride is over? Unless one buys a new phone a new plan... Interesting that some carriers have been saying, they'll do away with the 2 year mandatory contract and INSIST that the phone user BUY their phone - (some costs upwards in the 600$ range)..
Having been discovered, the flaw is relatively easy to fix for most desktop and server users, but requires a kernel patch on Android that most users of phones, tablets and other devices are unlikely to ever get.
Despite releasing a new version of Android last fall alongside iOS 9, Google still only reports that a tiny fraction of its installed base has gained access to it..
A new kernel privilege escalation flaw discovered in the Linux kernel requires server operators to install a patch, but is not going to be fixed for the majority of Android users.
http://cc.amazingcounters.com/counter.php?i=3190880&c=9572953
Last summer at the outbreak of Stagefright (a flaw that enabled attackers to compromise Android devices by simply sending a text message), Android enthusiast Lorenzo Franceschi-Bicchierai wrote "In many ways, Android is great. I love its open source ethos and the ability one has to customize it. But I can't take it anymore for one simple, but really fundamental, reason.
"Google still has very little control over software updates, and Android users are basically at the mercy of their carriers and phone manufacturers when it comes to getting updates or new operating system versions."
(Source (http://appleinsider.com/articles/16/01/20/another-new-kernel-flaw-that-google-wont-fix-for-android-users-prompts-more-switching-to-apples-ios))
Now what?
A new Zero-Day flaw discovered by Perception Point Research has existed since 2012, long enough to have to spread vulnerability across "tens of millions of Linux PCs and servers, and 66 percent of all Android devices."
As noted in a report by Dan Goodin of Ars, the flaw allows unprivileged apps to "gain nearly unfettered root access," including access to camera, microphone, GPS location and personal data.
And security researcher Nicholas Weaver is giving us an easy example to put this issue in perspective: "Imagine if Windows patches had to pass through Dell and your ISP before they came to you?
And neither cared? That is called Android."
In November, Chris Soghioan, the principal technologist for the American Civil Liberties Union, described Google's lack of updates—combined with its lack of user privacy and data collection—as a "digital security divide," adding that "the security people I know at Google are embarrassed by Android."
(sigh)
One is tempted to ask, exactly who is running Google's development program, the apparently either knowingly flawed OS produced and turned on the public "freely to install and use" (according to some certain terms in the license...) or accidentally missed during the debug phase issues that come up. One is tempted to say all software development programs suffer from bugs not being discovered early during the alpha and beta shakeouts.. Or is there something else going on? Just think of it, if one were actively involved as a spook or associated with one - having access to a spying/reporting device that anyone who has been lead to obtain such a "smart-phone", how much of a service Google is actually providing? Can we ask, "At what cost did the owner(s) "sell out" for again?" It would be interesting to see some whistleblowers appear explaining through example and tracking back to the periods chronologically of inception to deception..
http://photos2.appleinsidercdn.com/gallery/15577-11967-Screen-Shot-2016-01-14-at-72730-PM-l.jpg
Android's problem caused by the fragmented accountability of carriers, hardware makers and Google itself to create, test and distribute updates for their customers after the initial sale.
Putting that in perspective, at best 1 1/2 years of updates from a newly purchased smartphone running the newest operating system software... And all the older smartphones do not ever get fixed. WHO updates every 1 1/2 years? Usually those contracts go for 2 years, and what happens during that last 6 months? The ride is over? Unless one buys a new phone a new plan... Interesting that some carriers have been saying, they'll do away with the 2 year mandatory contract and INSIST that the phone user BUY their phone - (some costs upwards in the 600$ range)..
Having been discovered, the flaw is relatively easy to fix for most desktop and server users, but requires a kernel patch on Android that most users of phones, tablets and other devices are unlikely to ever get.
Despite releasing a new version of Android last fall alongside iOS 9, Google still only reports that a tiny fraction of its installed base has gained access to it..
A new kernel privilege escalation flaw discovered in the Linux kernel requires server operators to install a patch, but is not going to be fixed for the majority of Android users.
http://cc.amazingcounters.com/counter.php?i=3190880&c=9572953