Until April fools. Seriously, is this a joke? Maybe if they have a juicy gov't contract that'll buy these up. Other than that every company is just going to buy a Windows tablet for a $1000 and put their own security software (which is already certified and tested up the wazoo) on it.
With Windows, you get security updates every second Tuesday. For free, for years, and in a timely fashion.
On Android, you are lucky if Google deems a bug worthy of fixing. The best sandboxing is useless if the OS itself has known and remote exploitable security issues, as Android usually does.
On Android, you are lucky if Google deems a bug worthy of fixing.
I'm a member of Google's Android security team, and I want to correct this. The only component in which Google doesn't fix bugs is the old Webview implementation. I'm not going to try to explain or defend that decision, just note that at this point we think it's more productive to get apps to stop using it to display untrusted content on pre-4.4 Android. Outside of that, Google does provide fixes to all significant issues that are reported to us, and we provide those fixes to device manufacturers, at no cost and with security bulletins explaining the nature and severity of the issues. Further there are partnership policies in place that require manufacturers to release updates for severe issues. The nature and scope of those requirements aren't what I wish they were, but Google's ability to dictate to Android OEMs is limited (which isn't a bad thing, though arguably it is in this case).
The best sandboxing is useless if the OS itself has known and remote exploitable security issues, as Android usually does.
The first portion of this sentence is indisputably true. The claim that Android usually has remote exploitable security issues, not so much. Local exploits are pretty common, as they are on every platform, frankly. Securing against local exploits is a hard problem, though I think we're making significant progress. We're finding that SELinux is making many vulnerabilities non-functional on 5.0 and above (granted that it will be a couple of years before 5.0+ represents the majority of Android devices). Functional remote root exploits, however, aren't actually that common, even on pre-5.0 devices. Also, such high-severity vulnerabilities generally *do* motivate manufacturers to deploy fixes (again, pre-4.4 Webview being the notable exception).
Also, I'll point out that thanks to the Android Verify Apps tool, which is active on several hundred million devices, Google has very good insight into exactly what (known) vulnerabilities exist on real-world devices, and even quite a bit about how often exploits are used (though that data is more squishy and speculative). This data even covers a lot of devices that don't use Google Play, since the Verify Apps opt-in is offered to all devices, not just those that use Play.
I can't provide details, but the high-level summary is that the Android ecosystem is actually surprisingly safe. Given the size and complexity of modern mobile operating systems in general and Android in particular, I would expect the situation to be bad, but it's not.
With respect to Blackberry's work here, it actually sounds really good to me. They're doing a lot of good things, some of which we are also working on. I don't think any of the mobile OSes in current use are very resistant to targeted threats. What Blackberry is doing with this tablet is trying to tackle that problem: how do you secure high-value data which may be the specific target of a skilled attacker on a commodity, open platform device? It's a really tough problem. They're doing it by creating a locked-down sub-platform within the platform, allowing only whitelisted apps, preventing data leakage between those and apps in the open portion of the platform. That's a sensible approach. If they can really achieve protection against targeted attacks, the higher price point isn't unreasonable at all. People with high-value data on their devices will pay for security. Most people won't, but there's nothing wrong with focusing on a high-value niche. It's good business, and a strategy that's consistent with the reputation of the Blackberry brand.
Google, of course, isn't targeting the niche, but trying to provide reasonably good security to the mass market. My opinion is that we're largely succeeding, but must keep pushing hard to stay (mostly) ahead of the threats.
(Disclaimer: Please don't take this as any sort of official Google statement. I'm not a Google spokesperson,
(Disclaimer: Please don't take this as any sort of official Google statement. I'm not a Google spokesperson, and I'm taking something of a risk by being this forthright about Android security work in public. Not a huge risk, because my management is supportive of transparency -- as long as I don't cross any lines. I obviously haven't gone and cleared all of this with PR and it's possible that something I've said is inaccurate, or inconsistent with the company's official position. If there are any such issue
(Disclaimer: Please don't take this as any sort of official Google statement. I'm not a Google spokesperson, and I'm taking something of a risk by being this forthright about Android security work in public. Not a huge risk, because my management is supportive of transparency -- as long as I don't cross any lines. I obviously haven't gone and cleared all of this with PR and it's possible that something I've said is inaccurate, or inconsistent with the company's official position. If there are any such issues, the fault is entirely mine.)
Somehow, I wouldn't feel comfortable working for a company that would make me feel like I had to make such an extensive disclaimer. Sounds like they really *aren't* supportive of transparency, but have brainwashed you with Orwellian doublespeak to make you (and the public) think they are.
LOL. At the vast majority of companies, it wouldn't be a question of a disclaimer. Most places would fire me for speaking publicly at all without clearing everything first.
The permissions system on Android is such that you can't really install any apps at all without compromising all of the data on the device. Every app asks for permission to everything. Why would anybody even bother going after an OS-level attack. Just create some marginally useful app, put it in the app store, and you have control over just about every Android device out there. And if I'm not going to install any apps, I might as well get a Blackberry. I have a Nexus tablet and like it. But I don't keep
The permissions system on Android is such that you can't really install any apps at all without compromising all of the data on the device.
Nonsense. Even with every permission that's offered you can't get to most of the data on the device. Apps have no access to data stored by other apps, for one huge example.
The rest of your comment seems to all follow from this erroneous assumption.
Hello, that is really interesting, thanks. My customer only treats iPhones as secure, I have a Galaxy S5. Would it be possible do you think for Google to offer a service where you analyze source code and optionally only allow passed apps to be downloaded? The impression in the corporate world is that Android is an insecure platform.
Remove google as a trusted source of apps then. Offer your own app store with only well-analyzed apps.
You can't do that with iphone, but the android source is actually available. Secure android is doable. If corporation is really paranoid, they can run their own app-store.
Hello, that is really interesting, thanks.
My customer only treats iPhones as secure, I have a Galaxy S5. Would it be possible do you think for Google to offer a service where you analyze source code and optionally only allow passed apps to be downloaded? The impression in the corporate world is that Android is an insecure platform.
I'll just say we're working on it:-)
As the AC who responded mentioned, though, you can always set up your own app store with well-analyzed apps. And it's also worth pointing out that Google does analyze apps for a wide variety of malware signals before making them available on Play.
We appreciate you doing what you can to fix some of these holes. However, Google appears to have no teeth which to use to get the handset manufacturers to actually update their products.
There can be software fixes for every single issue, but if they never get deployed, it does nothing to solve the issues.
Yes, this is a big issue. Huge. It's a clear consequence of the open source nature of Android, which has a lot of value in other ways. This is a fundamental tension between openness and modifiability and security.
My best recommendation: Buy Nexus devices which are guaranteed to get timely updates. Granted that if you are the sort of person who wants to use the same device for 3+ years that doesn't necessarily solve your problem, because even Nexus devices fall out of support fairly quickly. I actually exp
Over the shoulder supervision is more a need of the manager than the
programming task.
Um... it's 16 days (Score:5, Insightful)
Re: (Score:3)
This.
With Windows, you get security updates every second Tuesday. For free, for years, and in a timely fashion.
On Android, you are lucky if Google deems a bug worthy of fixing. The best sandboxing is useless if the OS itself has known and remote exploitable security issues, as Android usually does.
Re:Um... it's 16 days (Score:5, Insightful)
On Android, you are lucky if Google deems a bug worthy of fixing.
I'm a member of Google's Android security team, and I want to correct this. The only component in which Google doesn't fix bugs is the old Webview implementation. I'm not going to try to explain or defend that decision, just note that at this point we think it's more productive to get apps to stop using it to display untrusted content on pre-4.4 Android. Outside of that, Google does provide fixes to all significant issues that are reported to us, and we provide those fixes to device manufacturers, at no cost and with security bulletins explaining the nature and severity of the issues. Further there are partnership policies in place that require manufacturers to release updates for severe issues. The nature and scope of those requirements aren't what I wish they were, but Google's ability to dictate to Android OEMs is limited (which isn't a bad thing, though arguably it is in this case).
The best sandboxing is useless if the OS itself has known and remote exploitable security issues, as Android usually does.
The first portion of this sentence is indisputably true. The claim that Android usually has remote exploitable security issues, not so much. Local exploits are pretty common, as they are on every platform, frankly. Securing against local exploits is a hard problem, though I think we're making significant progress. We're finding that SELinux is making many vulnerabilities non-functional on 5.0 and above (granted that it will be a couple of years before 5.0+ represents the majority of Android devices). Functional remote root exploits, however, aren't actually that common, even on pre-5.0 devices. Also, such high-severity vulnerabilities generally *do* motivate manufacturers to deploy fixes (again, pre-4.4 Webview being the notable exception).
Also, I'll point out that thanks to the Android Verify Apps tool, which is active on several hundred million devices, Google has very good insight into exactly what (known) vulnerabilities exist on real-world devices, and even quite a bit about how often exploits are used (though that data is more squishy and speculative). This data even covers a lot of devices that don't use Google Play, since the Verify Apps opt-in is offered to all devices, not just those that use Play.
I can't provide details, but the high-level summary is that the Android ecosystem is actually surprisingly safe. Given the size and complexity of modern mobile operating systems in general and Android in particular, I would expect the situation to be bad, but it's not.
With respect to Blackberry's work here, it actually sounds really good to me. They're doing a lot of good things, some of which we are also working on. I don't think any of the mobile OSes in current use are very resistant to targeted threats. What Blackberry is doing with this tablet is trying to tackle that problem: how do you secure high-value data which may be the specific target of a skilled attacker on a commodity, open platform device? It's a really tough problem. They're doing it by creating a locked-down sub-platform within the platform, allowing only whitelisted apps, preventing data leakage between those and apps in the open portion of the platform. That's a sensible approach. If they can really achieve protection against targeted attacks, the higher price point isn't unreasonable at all. People with high-value data on their devices will pay for security. Most people won't, but there's nothing wrong with focusing on a high-value niche. It's good business, and a strategy that's consistent with the reputation of the Blackberry brand.
Google, of course, isn't targeting the niche, but trying to provide reasonably good security to the mass market. My opinion is that we're largely succeeding, but must keep pushing hard to stay (mostly) ahead of the threats.
(Disclaimer: Please don't take this as any sort of official Google statement. I'm not a Google spokesperson,
Re: (Score:0)
Re: (Score:2)
Somehow, I wouldn't feel comfortable working for a company that would make me feel like I had to make such an extensive disclaimer. Sounds like they really *aren't* supportive of transparency, but have brainwashed you with Orwellian doublespeak to make you (and the public) think they are.
LOL. At the vast majority of companies, it wouldn't be a question of a disclaimer. Most places would fire me for speaking publicly at all without clearing everything first.
Re: (Score:1)
Re: (Score:2)
The permissions system on Android is such that you can't really install any apps at all without compromising all of the data on the device.
Nonsense. Even with every permission that's offered you can't get to most of the data on the device. Apps have no access to data stored by other apps, for one huge example.
The rest of your comment seems to all follow from this erroneous assumption.
Re: (Score:2)
Hello, that is really interesting, thanks.
My customer only treats iPhones as secure, I have a Galaxy S5. Would it be possible do you think for Google to offer a service where you analyze source code and optionally only allow passed apps to be downloaded? The impression in the corporate world is that Android is an insecure platform.
Re: (Score:2)
P.S. interested in the results of analyzing MS apps ;)
Re: (Score:0)
Remove google as a trusted source of apps then. Offer your own app store with only well-analyzed apps.
You can't do that with iphone, but the android source is actually available. Secure android is doable. If corporation is really paranoid, they can run their own app-store.
Re: (Score:2)
Hello, that is really interesting, thanks. My customer only treats iPhones as secure, I have a Galaxy S5. Would it be possible do you think for Google to offer a service where you analyze source code and optionally only allow passed apps to be downloaded? The impression in the corporate world is that Android is an insecure platform.
I'll just say we're working on it :-)
As the AC who responded mentioned, though, you can always set up your own app store with well-analyzed apps. And it's also worth pointing out that Google does analyze apps for a wide variety of malware signals before making them available on Play.
Re: (Score:2)
We appreciate you doing what you can to fix some of these holes. However, Google appears to have no teeth which to use to get the handset manufacturers to actually update their products.
There can be software fixes for every single issue, but if they never get deployed, it does nothing to solve the issues.
Re: (Score:2)
Yes, this is a big issue. Huge. It's a clear consequence of the open source nature of Android, which has a lot of value in other ways. This is a fundamental tension between openness and modifiability and security.
My best recommendation: Buy Nexus devices which are guaranteed to get timely updates. Granted that if you are the sort of person who wants to use the same device for 3+ years that doesn't necessarily solve your problem, because even Nexus devices fall out of support fairly quickly. I actually exp