(Page 2 of 2)
It isn't only applications that Android secures. The team also looked at bits of software that are common entry points for attackers. For example, Cannings says, the software that runs media, such as audio and video on a Web browser, is very complex and a common target. In Android, that software runs apart from the browser in a separate media server, so that if it is compromised, an attacker can't access the passwords and cookies stored in the browser.
Charlie Miller, a security researcher at Independent Security Evaluators who has found and reported several bugs in the Android platform, says that Google's technique of placing each application on an Android phone into a separate sandbox can certainly be effective. For example, Miller did find a bug in the software that Android used to play mp3s, but found that the access he gained with his exploit didn't allow him to attack other applications on the phone.
However, Miller thinks Google relies too heavily on this one method of protection. "It is a good security piece, but in my opinion, there should be more layers," he says. An attacker could find a bug in the operating system that allowed him to break through the walls between applications, which would make bugs in media software just as dangerous as before, he says.
Miller adds that systems such as the iPhone will stop unauthorized applications from executing code. Google's system, on the other hand, allows any type of code to run, which puts more tools in the hands of the attacker.
Finally, Miller says, "Google has this other obstacle: that they make the operating system, but they don't control the phone." The first time he spotted a bug in Android, Miller notified Google and the company patched the Android source code the same day. This solution, however, didn't protect phones already in use. "They were basically at the mercy of T-Mobile [which currently offers the Android phones for sale in the US] to roll the patch out and push it out to all the phones that were in the world," Miller says. While some vendors may be responsive to security concerns on their phones, he believes that others might never roll out patches at all.
Cannings says that when a bug is found, Google notifies its carriers--currently 32 companies in 21 countries--and works to provide them with test builds of its proposed solutions. When the carriers are satisfied, they push the fix out to their customers.
No product is ever truly secure, Cannings says, but Google is working to prepare Android for the malware attacks that will inevitably come as smartphones become more popular.
Many apps collect and share sensitive data, and the developers may not even realize it.
An Android phone's approach to security is radically different from an iPhone's--but is it better?
Google's first phone is a superfast, elegant device with a few privacy problems.
Manufacturing in the United States is in trouble. That's bad news not just for the country's economy but for the future of innovation.
This document is part of the “How-To Guide for Most Common Measurements” centralized resource portal. This tutorial provides a detailed guide for measurement and device considerations to take temperature measurements using thermocouples. Get an introduction to thermocouples, which are inexpensive sensing devices widely used with PC-based data acquisition systems. Also review some specific thermocouple examples and learn how thermocouples work and ways to integrate them into a data acquisition measurement system.
View full PDF >
Listen to story > 
Our list of the 50 most innovative companies, including the following:
On Twitter
Become a Fan on Facebook
Subscribe to the Feed
marygonzales0809
1 Comment
Thanks!
Great! This is really informative and close to what I'm looking for. I'm looking for a mobile or PDA-based business and property inventory software and I came across The Inventory Manager. Ever since using the software, we've had faster turnaround of reports without sacrificing the consistency and quality of reports. I hope that you will feature more business softwares. Thanks a lot!!!
Kudos! :)
Reply