Published today, a two-year study of Android security updates has revealed a distressing gap between the software patches Android companies claim to have on their devices and the ones they actually have. Your phone’s manufacturer may be lying to you about the security of your Android device. In fact, it appears that almost all of them do.
Android is perceived as untrustworthy in large part because it is. Beside the matter of security misrepresentations, here are some of the other major issues and villains plaguing the platform:
- Version updates are slow, if they arrive at all.
- Some Android OEMs snoop on you.
- Android remains vulnerable, thanks in part to Google’s permissiveness.
- Android hardware development is chaotic and unreliable.
Archive for Android
the F-Droid community has been working to provide only 100% verified Free Software, and to make apparent all forms of tracking, advertising, and “anti-features” commonly found in apps. F-Droid provides a complete app ecosystem where users are actively notified of tracking and advertising in the apps, and can make informed choices. We have achieved this through the work of many dedicated volunteers reviewing apps as they are submitted, and marking the things that they find.
I know a lot of people turn off haptic feedback on their smartphone. That is because, I have now learned, essentially every Android smartphone has absolutely awful haptics. Your $930 Galaxy Note8 has haptic feedback that is, frankly, bad. So does every other Android phone. Yes, the difference is that clear after going to the iPhone X.
Apple’s Taptic Engine doesn’t just buzz – it clicks, it taps, it knocks. And it can do so with an incredible range of intensities and precision. If I had to analogize, it’s sort of like having used crappy $10 earbuds your entire life and then someone hands you a set of $300 open-back Sennheisers. You didn’t know your music could sound that much better until your ears heard it for themselves. The same thing applies with the Taptic Engine: you won’t get it if you haven’t used it.
As good as this sounds, though, there are some limits that Google isn’t discussing. The Pixel 2 line might not need dual cameras to do portrait modes, but that also means you aren’t getting optical zoom, a wide-angle lens or other perks that come with dual cams. If you’re too far from a concert stage to get a good shot, it won’t matter how good that one camera sensor might be. And given that the Pixel 2 phones use the same Snapdragon 835 chip as Android phones from earlier in 2017, you probably won’t capture 4K video at 60 frames per second.
There’s also the question of whether or not synthetic camera tests like this tell the whole story. While the original Pixels did end up having excellent cameras in practice, there were still flaws (for example, that lack of optical image stabilization) that didn’t become fully apparent until the public got its hands on the hardware. The DxO score is a good sign, but it’s worth being skeptical about Google’s claims until more people have had a chance to try the Pixel 2’s camera tech for themselves.
Spying software from Chinese company Shanghai Adups Technology was still present on certain Blu handsets. The software leaves users vulnerable to remote takeovers and having their text messages and call logs recorded, as well as other forms of discrete data collection.
Seems to be the only way to make money on Android phones not from Samsung.
The vulnerability resides in a widely used Wi-Fi chipset manufactured by Broadcom and used in both iOS and Android devices. Apple patched the vulnerability with Monday’s release of iOS 10.3.1. “An attacker within range may be able to execute arbitrary code on the Wi-Fi chip,” Apple’s accompanying advisory warned. In a highly detailed blog post published Tuesday, the Google Project Zero researcher who discovered the flaw said it allowed the execution of malicious code on a fully updated 6P “by Wi-Fi proximity alone, requiring no user interaction.”
Google is in the process of releasing an update in its April security bulletin. The fix is available only to a select number of device models, and even then it can take two weeks or more to be available as an over-the-air update to those who are eligible. Company representatives didn’t respond to an e-mail seeking comment for this post.
The proof-of-concept exploit developed by Project Zero researcher Gal Beniamini uses Wi-Fi frames that contain irregular values. The values, in turn, cause the firmware running on Broadcom’s wireless system-on-chip to overflow its stack. By using the frames to target timers responsible for carrying out regularly occurring events such as performing scans for adjacent networks, Beniamini managed to overwrite specific regions of device memory with arbitrary shellcode. Beniamini’s code does nothing more than write a benign value to a specific memory address. Attackers could obviously exploit the same series of flaws to surreptitiously execute malicious code on vulnerable devices within range of a rogue access point.
From Apple’s developer site:
Interesting to compare that pie chart to the official Android adoption pie chart:
That little bitty sliver on the right? That’s Nougat, the most recent version of Android. To get to more than half of that pie chart, you have to include Nougat, Marshmallow and Lollipop. Lollipop was released in 2014.
Samsung’s decision to push a sweeping recall of the Galaxy Note 7, based on what turned out to be incomplete evidence, left the South Korean company with little choice but to kill the model later.
Dear WSJ? What BS Infographic is this? Percent of what?
Whilst the iPhone 7’s 712 minutes of call time (nearly 12 hours) may sound acceptable, the rival Samsung Galaxy S7 lasted twice as long – and it doesn’t even have the longest lasting battery. The HTC 10 lasted an incredible 1,859 minutes (that’s almost 31 hours).
Despite the ClickBait headline and the small group of competitors designed to make the iPhone look bad… i think HTC 10 doesn’t get its true recognition for being an all around great phone… getting overshadowed by the big players.
GREAT another question for us to ask when debugging Android phones as why a customers content doesn’t look “right” on some phones.
Even your first example shows changed “content”,