HOME  |  GIT Overview  |  Script-Archive: (docs) : (wiki) : (git)  |  Android: (articles) : (files)  |  ...

Coping with Android - in Context: Security, Privacy



03 - Android in Context: Security, Privacy, Permissions, Restrictions

Last change: 20120216

License: CC-BY-SA.

Still polishing notes - version 1 to be online before 20120220 (FULL FAIL - HOPE FOR END OF FEBRUARY)


A look at the privacy and security implications of smartphones, using the Galaxy Note as an example. Also some notes on (not) empowering users.

Again, part of the problem is misunderstanding and misrepresenting desktop-class portable computers as the magical-but-dumb physical gadget traditionally called either PDA or smartphone. The inherent capabilities of the hardware however are desktop-class and furthermore, the device is an always connected internet computer, with all the inherent security issues and third-party cravings for access to device and user profiling data.

{but this only is the optimistic view point for sunny days}


Packaging Methods, Security Updates and the Channel

Consider the zergrush local root exploit. Samsung as one of the best Android makers took "merely" about half a year from exploit and knowing the source fix to testing to releasing an OTA firmware fix, which in turn may or may not have been delayed or rather blocked by providers further down the channel. Other makers never offer any support at all. This situation is very much a page from the dark age of computing, before community efforts like bugtraq forced vendors to take security (somewhat) serious and release (more or less) timely bugfixes for operating systems and associated firmware (vendors including Microsoft, SUN, IBM, and even some "embedded vendors" like CISCO).

{bogus ancient IT lessons never apply to embedded devices, and especially not to futuristic novel devices like tablets and smartphones - furthermore, ignoring them is only costly for others, but not for the channel}

Giant Android Rom Blobs Vs. 30+ Years of Computer Science

Gingerbread and Market Issues

Note that most ROM components are not available on the existing market structure. Better yet, any attempt to link them to the market triggers very interesting failures (requiring Root, Market Fixer and Titanium Backup to recover). Note the inability to buy some apps in the market despite a fully working free test-app (for me this mostly security-related apps) Note the uiderrors.txt issues Note the need to reboot the Note or at least "reboot" the framework about every 5 days, as it will slow down inacceptable (despite with 200+MB free, esp. noticable when panning).

A Look At Internet Traffic

Analysis

Firewalls and Android Permissions/Intents/Receivers


Kernel Changes - aka Not-Invented-Here

We've stumbled on a number of changes from standard kernel that lead to bugs and ugly work-arounds: - Unreliable Sleep and Wakelocks. - Shared-Memory. A short reading list:

Note that the issues raised above are generic to all newer smartphones and tablets.


Back to the Android Section Overview.


HOME  |  GIT Overview  |  Script-Archive: (docs) : (wiki) : (git)  |  Android: (articles) (files)  |  ...

jakobi(at)acm.org, 2012-01 - 2012-03