Pattern recognition: The Android-powered Nexus One uses an “unlock pattern” that must be entered every time the phone’s screen is activated.
Technology Review
An Android phone's approach to security is radically different from an iPhone's--but is it better?
Today's smart phones have all the speed, storage, and network connectivity of desktop computers from a few years ago. Because of this, they're a treasure trove of personal information--and likely the next battleground for computer security.
What makes smart phones attractive--the ability to customize them by downloading applications--is what makes them dangerous. Apps make the mobile phone a real computer, and Apple's App Store has been a key factor in the phone's success. But apps also make smart phones a target for cyber criminals.
Apple knows that it wouldn't take more than a few malicious apps to tarnish the iPhone's reputation. That's why the App Store is a walled community. The only apps that get listed are those that have been approved by Apple. To get approved, developers must create a developer account and pay an annual fee. A team at Apple evaluates and approves each version of each application that is made available. Apple reportedly turns down roughly 10 percent of applications submitted to the App Store because they would steal personal data, they contain "inappropriate content," or are designed to help a user break the law.
Google has taken a fundamentally different approach to ensuring the security of smart phones running Android. Like Apple, Android also has a store, called the Android Marketplace, from which users can download applications. But unlike Apple, any application can be uploaded to the Android Marketplace--Google doesn't evaluate them first. What protects Android users from malicious applications is a security model based on "capabilities."
Each Android app must tell a phone's OS what capabilities it requires. When you install the application, the operating system lists the capabilities that the application needs to run. You can then decide if those capabilities are consistent with what the application claims it will to. For example, the TaxCaster Mobile application from Intuit requires "full Internet access" because it needs to take your input, send it to Intuit's servers, and show you the results. On the other hand, the Slacker Radio application from Slacker requires Bluetooth, full Internet access, modify/delete access to your SD card, the ability to change audio settings, the ability to read the identity of incoming phone calls, the ability to change Wi-Fi state, and the ability to prevent your phone from sleeping.
The capabilities-based system has the advantage of being enforced by the operating system. There is simply no way for an application to do more than it says. It also doesn't depend upon the vigilance of human screeners.
The problem with capabilities is that there is no way to be sure that an application will act appropriately with the trust that it's given. For example, back in December a Web banking application was posted in the Android Marketplace that appeared to be for the First Tech Credit Union. It turned out that the application was fraudulent--just another phishing scam. Google removed the rogue app shortly after it was discovered, but it's unclear how many people fell for the scam.
The variety of devices running Google's mobile OS on different networks makes security more complex.
Allowing a phone to flip between two modes could help keep company data safe.
Phones don't have to be smart to be vulnerable.
As a developer, you get a certificate. If you decide to create a trojan horse the ride will last little because once your certificate is revoke all the developer's applications get tagged for being insecure.
Maybe iPhone has that, but I think that is a feature that makes Android very secure.
I don't think the iPhone apps are screened for malicious code, there are other reasons Apple does that. It does it to prevent developers from competing with its own iPhone services (selling mp3's or videos), to say that they do it for security is spin !
Each iPhone application submitted and approved for the iTunes App Store has a registered app developer, with a valid mailing address, valid SSN, and an assigned certificate.
If a malicious application makes it into the app store, Apple can revoke the developer certificate and track down the developer (that pesky SSN).
You are correct that Apple does not code review apps. Neither does Google.
Like the article suggests, users do not know how to evaluate whether an apps claim and behaviors are malicious or not.
You statements about Apple intentions are speculation and opinion and not relevant to this discussion on platform security.
You've missed the basics of Android's security model. Maybe you should study Android specifically - and operating systems generally - a bit more before concluding that the iPhone approach is better.
Android security begins with the Linux kernel (not the "operating system"). Every Android process runs under a unique dynamically assigned unprivileged user ID. Breaking into an Android process would be akin to breaking into an individual prison cell; the potential damage is limited. This is more secure than a conventional Linux installation, where all of an unprivileged user's processes run under the same user ID. And conventional Linux installations are already pretty secure.
Capabilities are frankly secondary to the userID-per-process model.
Capabilities based security is a myth
The problem with the Android capabilities based is that it is so easy to fool users into granting access. A weather app wants your location, OK, but what else is it doing with that information? A wallpaper app want "phone information". Lots of people say "OK", not realizing that they are giving away the key to their GSM account. Having the user grant capabilities access sound great, but in the real world, an app can almost always generate a plausible reason to ask for access, and a significant number of users are going to grant it.
Android Phone Security. Myth or Legend ?
Almost every phone released nowadays runs a version of the Android OS and their configuration is starting to equal or be better than most of last year’s laptops. More programs that were previously only for the PC are now Mobile and this new “trend” is only at its early stages.
Among all the programs and applications released for the wonderful Android Phones we all come to love and trust are some hateful and untrustworthy ones that would love nothing more than to destroy everything you hold dear ( or just all the contents of the phones memory ).
Now sure, there are all of thees Anti-Virus Apps or Programs for the Droids, but how “safe” are they really ? Life has thought us that absolutely every program has loopholes and is vulnerable to outside attacks. Thees programs we think keep our beloved Droids secure can and might be the ones that actually do the job and deliver the final blow to their fragile little processors.
In today’s market, can we really keep our technology safe ? The answer : NO, WE CAN’T. Nothing is truly safe and nothing is actually worthy of trusting your phone’s life with. If you MUST download an app, check to see if it is at least made by an authorized producer. It’s the least you could do. Most of the “bad apps” can be spotted quite easily because they tend to stand out. For example : they are made by somebody you never heard about, or have negative ratings or things like that.
However, don’t think I’m endorsing the creations of the “BIG CORPORATIONS”. Those aren’t safe either. A skilled hacker can find a loophole into everything.
Still … our daily routine demands we take a risk and go for it.
So in conclusion, we risk something in everything we do.
Manufacturing in the United States is in trouble. That's bad news not just for the country's economy but for the future of innovation.
Our list of the 50 most innovative companies, including the following:
On Twitter
Become a Fan on Facebook
Subscribe to the Feed
Mapou
356 Comments
Vouching Opportunity
It seems that, if Google does not want to vouch for the security of the Android apps in its store, some other organization might be able to do it for a fee. This may be a viable idea for a startup.
That being said, it should be possible to write a user-configurable Android app that monitors the behavior of other apps and sounds an alarm when it detects bad behavior.
Reply
khurt
12 Comments
Re: Vouching Opportunity
Google may not make any statement of assurance about any particular app since it does not do a security review of each app.
Apple may or may not do this but appears willing to take the risk of providing some statement on assurance.
Reply