Last minute geek

last minute tech news from around the net

Sunday, Sep 23rd

Last update01:00:00 AM

You are here: English BoingBoing ibag Tweaks made to Android OS are causing massive security holes

Tweaks made to Android OS are causing massive security holes

User Rating: / 0
PoorBest 
Last month, I used up a good chunk of text talking about how much I’ve come to enjoy using Android-powered smartphones. Unfortunately, a story I ran across over at Wired has convinced me that, at least for the time being, spending significantly more time with my iPhone 6 Plus might be a good idea. According to the report, for many Android users, it’s not necessary to download an altered .APK file from a shady torrenting website or click an email link that’ll fill your handset up with malware in order to compromise your smartphone’s security. Twenty-five different Android smartphone models, made by well-known manufacturers and available across North America, have been found to be full of security flaws and other exploitable nightmares baked into them. The most frustrating part of it all: none of the exploits detailed in the story would be there if the manufacturers had their shit together From Wired: The potential outcomes of the vulnerabilities range in severity, from being able to lock someone out of their device to gaining surreptitious access to its microphone and other functions. They all share one common trait, though: They didn’t have to be there. Instead, they’re a byproduct of an open Android operating system that lets third-party companies modify code to their own liking. There’s nothing inherently wrong with that; it allows for differentiation, which gives people more choice. Google will release a vanilla version of Android Pie this fall, but it’ll eventually come in all kinds of flavors. Those modifications lead to headaches, though, including the well-established problem of delays in shipping security updates. They can also, as Stavrou and his team have uncovered, result in firmware bugs that put users at risk. To be clear, according to the security researchers at Kryptowire who went hunting for the vulnerabilities, none of the security issues found were the result of shitty coding on the part of Android’s development team. If you’re looking for a place to point an accusing finger, aim it toward the crackerjack software devs working for Android smartphone manufacturers like Asus, LG and ZTE. Their meddling with Google’s code to give their company’s handsets their own special flavor are where the security headaches begin and end. Image via Pixabay

Read all
Comment Policy:
We pre-moderate any comments and welcome all kinds of thoughts, supportive, dissenting, critical or otherwise. We delete or censor comments that are:

* abusive
* off-topic
* contain personal attacks, or against any company or organization
* promote hate of any kind
* use excessively foul language
* is blatantly spam or advertising

We do not discriminate based on the person who is posting, and we never censor comments for political or ideological reasons. We never delete an appropriate comment because we disagree with its viewpoint or ideology, and we never publish an inappropriate comment because we agree with or support its viewpoint or ideology.


Attention spammers: we manually approve all comments. Spamming and blatant advertising will NOT be published on this site and is deleted immediately, you've been warned, do not waste your time here.

Add comment

Security code
Refresh