Android Security vs Customize-ability. What would you rather have??

[joelthezombie15]

No, I don't like anything other than AOSP. My needs for a smart phone are simple, so bloatware and silly features annoy me.

to an extent i agree but i overall like touch wiz

[nishank93]

I'm not going to say both because rooting means zero security. And I've got a rooted phone. I prefer customisability till the time I have stuff on my phone that can actually compromise my security.

[mgsstar]

to an extent i agree but i overall like touch wiz

I like touch wiz because it is very easy and great to use! :)

[cogeary]

One of Samsung's comments during my conversation with them is that "most" of the viruses that affect Android are targeting or starting with rooted phones. Not sure how true that is, and I should disclaim this by saying the guys I was meeting with were going off of their powerpoint deck and they are not software engineers, but it seems like that's the internal conversation being had over there...

 

I think that a very large discrepancy needs to be made between rooted devices and rootable devices. The issue with viruses and rooted devices is not actually root access itself, but rather that a device that can be rooted using an exploit for the manufacturer-built Android OS can similarly be exploited by malware. All that rooting ends up doing is install an utility which then lets the user grant/deny root access on a per-app basis.

 

OK, so perhaps some argue that businesses can't trust their employees' app choices. This might make sense, but then we're led back to the line between (properly) rooted and rootable devices. If Android malware really wanted to gain root access to a device, even a Galaxy S4 with KNOX and SAFE, it will do everything in its power to do so.

 

What I'm trying to get at is that the issue is not that rooted phones leave some big gaping security whole for malware to enter, but rather the opposite. Regardless of how hard manufacturers try to "seal up" their devices, a root exploit will exist and will eventually be found because people want their devices rooted. Just as an example, consider the GS4. Rooted, bootloader unlocked. Sorry, KNOX and SAFE. The unfortunate side effect that I think is the real issue is that now anybody looking to create Android-based malware has easy access to tried and tested root exploits for almost Android device out there.

 

So to answer the question, yes, I highly value customizability. However, I think that security is also very important but it needs to be addressed in a different fashion.

 

Any thoughts?

[Shrubpig]

I would want a mixture of both security and customizability.

[zoltan]

The nice thing about Android is that it's possible to use the linux kernel features. What other security do you need besides iptables and native encryption right?

 

The only thing ANY manufacturer "feature" does, it to make it more difficult to use the embedded linux features, so no to everything other than for manufacturers to sell rooted devices.

 

Just like you don't run GNU/Linux on your PC in root, you don't do that with your phone either, you only root to configure it. Once iptables are configured exactly the same way as your PC is configured, you unroot the phone and use it with maximum security. As to encryption, there are so many possibilities and preferences using open source tools, and it being encryption, one simple question: would you trust a manufacturer to provide you with a proprietary program that deals with encryption for you or would you rather use open source tools to do your own encryption?

 

Samsung should invest in other things than SAFE and KNOX, by now, the consumers have learned from Crapple and Microstufft that when a software supplier says "trust me" it means just about as much as the same coming out of the mouth of a used cars saleman...

[mozoa]

You should not have personal data on a device you carry with you, you dumb bro

off course the thing gets stolen.

 

Security will always have a workaroud

I'd even want for manufacturers to make rooting more accessible, now you need all kinds of sketchy programs for it..

[qwertywarrior]

people are too paranoid these days

i still haven't found a single phone that cant be broken into if some one stole it

let it be by hardware of software hacking

there just many many examples on the net about this

https://www.net-security.org/secworld.php?id=14433

unless someone is after u ....... if wont happen

personally i dont save anything on my phone heck i dont even have a password on it

im not dumb to put sensitive information on a device i carry around

if its stolen its stolen a password wont help me

if u want something safe just get an external hard drive and encrypt the hell out of it

if you want to use the internet safely and really paranoid nothing beats l2tp/ipsec VPN 256bit encryption paying by bitcoin and using it via TOR with https on for measure and using a wired router

[Daniel Z.]

On 07/03/2013 at 2:48 PM, LinusTech said:

One of Samsung's comments during my conversation with them is that "most" of the viruses that affect Android are targeting or starting with rooted phones. Not sure how true that is, and I should disclaim this by saying the guys I was meeting with were going off of their powerpoint deck and they are not software engineers, but it seems like that's the internal conversation being had over there...

Definitely customizability for me. If it wasn't for CM I would have two useless devices. As long as you don't download anything extremely sketch you should be fine.

[SpaceGhostC2C]

It isn't mine if I can't break it...

I think the issue (or another issue) with rooting is that it goes beyond "customizing" your phone (as in changing the wallpaper) and security: many (all?) phones ship with bloatware that can't be removed without root permits. And without falling into tinfoil-hat thinking, there are many reasons why you could consider that a security issue as well, to the extent that you may not trust the security of those apps, or you may not trust the companies providing them, or you simply want to opt out of those services because you don't like the comfort-privacy trade-off. I can't consider a computer "safe" if I cannot fully control what runs in it, even if it's the size of a phone.

Maybe if root privileges were needed only for truly deep security matters I could have second thoughts, but in it's current state an non-rooted phone restricts you far beyond what security requires.

 

On 3/7/2013 at 7:48 AM, LinusTech said:

One of Samsung's comments during my conversation with them is that "most" of the viruses that affect Android are targeting or starting with rooted phones. Not sure how true that is, and I should disclaim this by saying the guys I was meeting with were going off of their powerpoint deck and they are not software engineers, but it seems like that's the internal conversation being had over there...

I wonder which fraction of Andorid phones are actually rooted. I'm the only one around me with a rooted phone, but then again my anecdotal evidence is as meaningless as the lamest powerpoint, so... In any case, my point is that if you write a virus, you want it to spread, so you target devices based on their popularity, not just the difficulty (e.g., Mac vs PC).