Glad I Left Android

[ParoleGA]

So, I am not a member of the tinfoil hat society, by any means. That being said, this is scary. I know this is not really new information.

For instance, one ex-official said that the bureau's analysts (shown above) can routinely turn on the microphones in laptops and Android devices to record conversations without a person's knowledge.

Open source code has it's merits, but has it's drawbacks, too. I am not saying a determined hacker can't find exploits in code that isn't open source, but when it is open, it has to be that much easier. Apple and MS, please keep your source in the safe. Thx.

 

[Blkacesvf41]

I hear ya. As much as I like my Nexus 7, I never, ever! Do any banking or any activities that would include entering either my credit card, SSN or any sensitive information on it. I save that for my desktop at home or my WP8.

 

[NTUser]

Well, sh*t.
Currently thinking of all the things I've bought on my N7. Oh well, my fault for trusting Android for anything.
All for keeping source a secret at this point.
Windows Phone why can't I have you faster. :'(

 

[tgp]

I hear ya. As much as I like my Nexus 7, I never, ever! Do any banking or any activities that would include entering either my credit card, SSN or any sensitive information on it. I save that for my desktop at home or my WP8.

Isn't it ironic that since you're worried about security you use your desktop, which I assume is running Windows, for sensitive information?

 

[dlnorton2014]

What am I supposed to do, buy a Nokia 3310 and throw away my computer? It's like companies are quietly forcing me to reveal more and more about myself.

 

[Res215dg]

It's a good thing I always held off on buying a Nexus tablet and instead picked up my Surface rly:

Good Information posted by OP- thanks for the heads up

 

[Blkacesvf41]

Isn't it ironic that since you're worried about security you use your desktop, which I assume is running Windows, for sensitive information?

With the little knowledge I have, I'll go ahead and say that I think when compared to Android Microsoft has a better track record when it comes to security. As good as Android is, believe me I like it quite a bit, being an open source is a hacker's dream.

 

[thed]

I have to take issue with people saying that open source = less secure. In fact, you can find a lot of developers out there that would argue that open source = more secure. In my opinion, neither option (open vs closed) is inherently more secure than the other. It's all about the individual piece of software. Projects that are continuously maintained with a focus on security are more secure than those that are not.

On a broader level, open source projects generally have more sets of eyeballs looking for security vulnerabilities. Some of these may be malicious, but they're offset by the larger amount of people looking to fix vulnerabilites. On the flip side, closed source projects generally have a smaller team maintaining the code. While this may mean that more vulnerabilities go completely undiscovered, it also increases the likelihood that a vulnerability already discovered by the black hats stays unpatched.

 

[ag1986]

OP and everyone else has it completely wrong.

So we have Windows, generally acknowledged as the worst OS in terms of security. It is closed-source.

We also have UNIX/Linux, completely open source. These are used in all sorts of mission-critical enterprise deployments all over the world. Open source, currently far more secure than Windows.

We have Mac OS, which is really a POSIX-compliant UNIX system with a proprietary user interface and added features. Everyone will acknowledge that OSX is for now at least, more secure.

Any security engineer will tell you this: No system is safe. There is no such thing as a secure computer. Windows and Android are just that much more popular and have more people targeting those systems.

Finally, please see the pwn2own and pwnium results for 2013. Everything was broken; a Surface Pro included. In fact, the only system that was not cracked was Google ChromeOS (Chrome itself was compromised, however). And Chrome OS is again, an open source project.

 

[Krishnachandran M]

the point to note is that the Hacker is interested in affecting more systems, not small number. So the prime focus is on the Popularity of the OS. Windows is one of the most used operating system by Naive users, who are vulnerable. where as the Android is the Mobile OS that has the higher Circulation. so more attacks can be expected there than the Windows Phone.

I am not an expert, still think system works like this.

 

[ParoleGA]

OP and everyone else has it completely wrong.

1. So we have Windows, generally acknowledged as the worst OS in terms of security. It is closed-source.

2.We also have UNIX/Linux, completely open source. These are used in all sorts of mission-critical enterprise deployments all over the world. Open source, currently far more secure than Windows.

3.We have Mac OS, which is really a POSIX-compliant UNIX system with a proprietary user interface and added features. Everyone will acknowledge that OSX is for now at least, more secure.

Any security engineer will tell you this: No system is safe. There is no such thing as a secure computer. Windows and Android are just that much more popular and have more people targeting those systems.

4.Finally, please see the pwn2own and pwnium results for 2013. Everything was broken; a Surface Pro included. In fact, the only system that was not cracked was Google ChromeOS (Chrome itself was compromised, however). And Chrome OS is again, an open source project.

My point was really about phone OSes, while most of your comments were about PC, but points taken; nothing is secure. That being said, there is nothing you can say to make me believe that an open source code OS, with huge popularity (Android), is more secure than iOS (also hugely popular), or WP8 (relative deployment makes it far less targeted), when it comes to remote attacks. But to your direct points...

1. Also the most used OS, by the least tech savvy users base, making it a prime target for exploit by determined hackers.
2. Probably true, but it's enterprise use still doesn't approach Windows. Lower user base, and a more tech savvy one, at that, makes it a far less opportune target.
3. Certainly true. Personally, I think that is because of it's relative deployment AND it's closed source nature.
4. Chrome OS....really? There would be no money, and little data to be had breaking an OS with such a low user base.

I guess the point is, yes, everything can be broken. The more used the OS, the more valuable the target. And nothing you said makes me believe that an open source code base isn't easier to exploit than a closed source.

 

[snowmutt]

There is no doubt as far as OS's go, WP is the safest behind only BlackBerry due to it's closed source, controlled system and smaller user base. It is not as easy of a target, nor as profitable. Android is the complete opposite. That being said, I am surprised Google has done as good of a job as they have as far as damage control with security.

It does make me want to see BB10 succeed. They are still the only one determined to keep your system safe. They deserve a nod and some credit for that.

 

[z33dev33l]

There is no doubt as far as OS's go, WP is the safest behind only BlackBerry due to it's closed source, controlled system and smaller user base. It is not as easy of a target, nor as profitable. Android is the complete opposite. That being said, I am surprised Google has done as good of a job as they have as far as damage control with security.

It does make me want to see BB10 succeed. They are still the only one determined to keep your system safe. They deserve a nod and some credit for that.

It has a bigger user base than bb10 and bb10 was a bad joke.

 

[thed]

And nothing you said makes me believe that an open source code base isn't easier to exploit than a closed source.

Did you read my post above? A lot of experienced software developers disagee with you.

 

[ParoleGA]

I have to take issue with people saying that open source = less secure. In fact, you can find a lot of developers out there that would argue that open source = more secure. In my opinion, neither option (open vs closed) is inherently more secure than the other. It's all about the individual piece of software. Projects that are continuously maintained with a focus on security are more secure than those that are not.

On a broader level, open source projects generally have more sets of eyeballs looking for security vulnerabilities. Some of these may be malicious, but they're offset by the larger amount of people looking to fix vulnerabilites. On the flip side, closed source projects generally have a smaller team maintaining the code. While this may mean that more vulnerabilities go completely undiscovered, it also increases the likelihood that a vulnerability already discovered by the black hats stays unpatched.

What you said is largely correct. More eyes looking for bugs increases the chances of friendly and malicious eyes finding problems. This means that a well maintained open source OS can be secure.

A well maintained closed source can be as well. I get security patches weekly on Windows. The problem with Android is, once the issue is found, Google can not simply patch it. They need to send an update through many companies first, for approval and modification.

If I would ever use Android again, it would be Vanilla Android. But I won't. I see little effort, even from Google, to quickly patch vulnerabilities.

 

[ag1986]

What you said is largely correct. More eyes looking for bugs increases the chances of friendly and malicious eyes finding problems. This means that a well maintained open source OS can be secure.

A well maintained closed source can be as well. I get security patches weekly on Windows. The problem with Android is, once the issue is found, Google can not simply patch it. They need to send an update through many companies first, for approval and modification.

If I would ever use Android again, it would be Vanilla Android. But I won't. I see little effort, even from Google, to quickly patch vulnerabilities.

Re well maintained closed OS being secure, I present to you Windows again. Possibly MS' most used product, their most valuable IP, hopefully their most well maintained one, yet in the security context it has about as many holes as a colander. IF there is a security hole found, MS ' policy (done this many times) is to keep it within themselves, take their sweet time to fix it, all the while some hacker could also have discovered it and be exploiting it in the wild. With open source code, this never happens.

Re security patches, do I with Windows 7 which to me indicates what a crappy job they did with developing the damn thing in the first place... though to be fair most updates are apparently just Defender database updates and Safe Browsing list updates.

About the patching again, I believe the process is the same with WP - carriers have a say in what goes out (see Data Sense, also Verizon breaking group messaging). Google has always been on the ball about fixing truly broken things, which is why I carry a Nexus 4 - gets updates just as soon as they are released.

 

[ParoleGA]

Did you read my post above? A lot of experienced software developers disagee with you.

Yes, I read your post. You do realize there are at least as many experienced software developers on the other side of the argument...right? Linus is not the second coming.

 

[ParoleGA]

About the patching again, I believe the process is the same with WP - carriers have a say in what goes out (see Data Sense, also Verizon breaking group messaging). Google has always been on the ball about fixing truly broken things, which is why I carry a Nexus 4 - gets updates just as soon as they are released.

You do realize that the biggest security measures taken in both iOS and WP are the extremely locked down sandbox apps live in, not regular patches, right? When an OS is compromised, the attacker is far more limited in what he can do when he doesn't have full resource access.

Not much else new in your post. I get it; a lot of people prefer open source for many reasons. I am not one of those people. We won't argue our way to an answer in this thread. The argument is as old and older than Linux. I was simply sharing an article, and my feelings on leaving Android. They still stand.

 

[ag1986]

Yes, I read your post. You do realize there are at least as many experienced software developers on the other side of the argument...right? Linus is not the second coming.

With desktop PCs, empirical evidence has proven the point; closed-source vs open source does not imply secure or unsecure at all.

 

[ParoleGA]

With desktop PCs, empirical evidence has proven the point; closed-source vs open source does not imply secure or unsecure at all.

The only thing proven has been stated by both sides in this discussion. Nothing is "secure", and the bigger your user base, the more people will try and compromise your security. Until Linux based OSes have the same number of users, there isn't any fair way to compare successful exploits.

But again, this thread had nothing to do with desktop OSes. It was simply about how the FBI was hiring hackers to gain remote access to Android devices (the article actually mentioned PCs, as well), and was able to turn on their mics and record audio. I also assume hackers could do this without the FBI, albeit illegally, if they had something to gain from it.