Big Oops - Flaw in Android Security Allows Secret Camera & Audio Recording

[maartendc]

58 minutes ago, Commodus said:

That's not entirely true.  Remember, Android's support for non-store apps and overall greater permissions make it considerably easier to distribute malware and have it touch more parts of the OS.  Malware is a particularly acute problem in China, Russia and other countries where third-party app stores are more common.  Hell, I've seen Android malware that you can't even remove with a factory reset (you have to flash new firmware), but I have yet to hear of that on iOS.

 

I'll agree that Apple certainly isn't immune, and we shouldn't assume the App Store is a guaranteed shield (there are distribution methods, and of course web exploits).  However, Apple is also much, much better about supporting devices for longer and ensuring that users not only get all security updates, but get them quickly.

 

It still baffles me that Google lets Android OEMs skip security updates.  They're only obligated to deliver four updates per year, and then only for two years (it's not even clear if they need to provide four updates that second year).  That's nuts -- a fast-spreading worm could wreck phones in January and vendors wouldn't need to have a fix for it until March.  And I have a feeling that it'll take an incident like that for Google to do the right thing and require that vendors provide every security update for those two years, if not three.

Well I dont know about Russia, but in Western Europe and the US, the amount of people that install non Google Play Store apps is close to 0%. You need to use some common sense of course.

 

It is definitely true that Apple is very good at supporting older devices. My Iphone 3GS back in the day got like 4 years of updates. And my current iphone SE still got iOS 13 recently, and that is a phone that was released in early 2016. They actually support devices for as long as people are feasibly using them. As opposed to most Android smartphones..

 

But on the other hand, Apple has a habit of ignoring or simply denying certain flaws and vulnerabilities, until they become widely publicized and are forced to respond... So they are definitely not sacred either.

[Commodus]

4 minutes ago, maartendc said:

Well I dont know about Russia, but in Western Europe and the US, the amount of people that install non Google Play Store apps is close to 0%. You need to use some common sense of course.

 

It is definitely true that Apple is very good at supporting older devices. My Iphone 3GS back in the day got like 4 years of updates. And my current iphone SE still got iOS 13 recently, and that is a phone that was released in early 2016. They actually support devices for as long as people are feasibly using them. As opposed to most Android smartphones..

 

But on the other hand, Apple has a habit of ignoring or simply denying certain flaws and vulnerabilities, until they become widely publicized and are forced to respond... So they are definitely not sacred either.

It's really just that the ease of installing non-Google Play apps creates a vector for malware on Android that just doesn't exist with iOS, even if it's not widely exploited in certain markets.

 

I don't think Apple ignores flaws, but it's known for being reticent to acknowledge them until it has a fix in place.  If I had to pick my poison, I'd rather have a vendor that's too quiet but delivers timely fixes versus one that's more transparent but lets partners delay or avoid updates they don't 'feel' like installing.

[RejZoR]

3 hours ago, maartendc said:

While it is true that Apple takes security and privacy very seriously, they are just as prone to having security vulnerabilities in their software than any other manufacturer.

 

There have been numerous security flaws exposed in iOS in the past, including circumventions for unlocking the phone without a passcode or face-id. If you were not aware, you have not been paying attention.

I was struggling with getting any kind of updates on Android back then...

[Zodiark1593]

1 hour ago, Commodus said:

It's really just that the ease of installing non-Google Play apps creates a vector for malware on Android that just doesn't exist with iOS, even if it's not widely exploited in certain markets.

 

I don't think Apple ignores flaws, but it's known for being reticent to acknowledge them until it has a fix in place.  If I had to pick my poison, I'd rather have a vendor that's too quiet but delivers timely fixes versus one that's more transparent but lets partners delay or avoid updates they don't 'feel' like installing.

The ability to install non-play store apps is pretty huge for flexibility, both on part of the user, and developer (especially if both are one and the same). However, it is a pretty major double edge sword too.

 

Though to be fair, this particular vector has existed on the PC side since forever, so it isn't as though it's uncharted territory. Just that users need to treat the freedom with respect.

[HarryNyquist]

42 minutes ago, Zodiark1593 said:

Though to be fair, this particular vector has existed on the PC side since forever, so it isn't as though it's uncharted territory. Just that users need to treat the freedom with respect.

Indeed. However, the mere fact that anti-virus programs exist and that businesses frequently don't let users install their own software is a testament to just how little respect that freedom gets.