Google confirms some Android phones shipped with backdoor

[Zodiark1593]

On 6/8/2019 at 2:34 PM, DrMacintosh said:

Nope. That's why Apple takes so much effort to secure the iOS firmware signing process and is why jailbreaking is so difficult. Apple keeps iOS locked down to keep it secure and safe. That has its downsides, but it also has a lot of upsides. It's up to the user to decide if they want freedom and customizability of Android, or the ease of use and security of iOS. 

 

Though iOS 13 just catapulted iOS pretty far into Android territory as far as technical ability is concerned. 

Android isn't so much to blame here as it is the manufacturers that are in charge of ensuring malware doesn't slip through during production. Manufacturers can implement strict signing processes to ensure only signed roms can boot (and consequently, make the installation of custom ROMs more difficult/impossible), though this is largely optional, and the flexibility of Android means manufacturers can take whatever approach to security that is deemed prudent.

 

 

[Sauron]

10 hours ago, Zodiark1593 said:

Android isn't so much to blame here as it is the manufacturers that are in charge of ensuring malware doesn't slip through during production. Manufacturers can implement strict signing processes to ensure only signed roms can boot (and consequently, make the installation of custom ROMs more difficult/impossible), though this is largely optional, and the flexibility of Android means manufacturers can take whatever approach to security that is deemed prudent.

That wouldn't have helped here - the malware was in a third party firmware for a feature they commissioned, they had no way of knowing what the "real" firmware should look like.

[mr moose]

14 hours ago, Sauron said:

That wouldn't have helped here - the malware was in a third party firmware for a feature they commissioned, they had no way of knowing what the "real" firmware should look like.

 

Whilst i agree, it is also their responsibility to ensure that the party commissioned to do the work is providing them with malware free products. Regardless how the malware got there, it's pretty hard to blame android when someone in those companies cut too many corners.

[LAwLz]

6 hours ago, mr moose said:

Whilst i agree, it is also their responsibility to ensure that the party commissioned to do the work is providing them with malware free products. Regardless how the malware got there, it's pretty hard to blame android when someone in those companies cut too many corners.

Agree. This is not an Android problem. It's a "cheap manufacturer who can't develop a feature themselves decides to hire a cheap and sketchy third party developer to do it for them, without controlling the end result" problem. Could happen on any platform where you got third parties involved in assembling hardware and installing software.

 

 

 

[Sauron]

8 hours ago, mr moose said:

 

Whilst i agree, it is also their responsibility to ensure that the party commissioned to do the work is providing them with malware free products. Regardless how the malware got there, it's pretty hard to blame android when someone in those companies cut too many corners.

Of course, I blame the decision of going with proprietary blobs.

[The King of the Undead]

On 6/8/2019 at 5:20 PM, will1432 said:

I am gonna call this the size effect the less market share or the less important market share the less likely to get hacked and even if there is a backdoor it is less likely to be discovered by a outside source.

here