Not logged in
Log in now
Create an account
Subscribe to LWN
An unexpected perf feature
LWN.net Weekly Edition for May 16, 2013
A look at the PyPy 2.0 release
PostgreSQL 9.3 beta: Federated databases and more
LWN.net Weekly Edition for May 9, 2013
NSA releases security-enhanced Android (The H)
Posted Jan 18, 2012 9:53 UTC (Wed) by hpro (subscriber, #74751)
I'd much rather have a phone which has all the security bells and whistles but that provides me with a mechanism for loading my own firmware (i.e., unlocked bootloader). That is (one of the reasons) why I have a Nexus S.
Posted Jan 18, 2012 20:48 UTC (Wed) by JanC_ (guest, #34940)
Security Against Who?
Posted Jan 18, 2012 22:19 UTC (Wed) by ldo (subscriber, #40946)
But given the choice of having my phone firmware "abused" by the carrier, and _abused_ by malicious software, I would pick the former every time.
That’s a stupid, specious dichotomy. As is well-known, you cannot “secure” a system against the person who legitimately owns that system and has physical access to it. SELinux doesn’t try to do that, and SEAndroid wouldn’t try to do that. The NSA, of all people, are well aware of such a limitation—after all, it is the reason that Digital Restrictions Management doesn’t work. In short, these security frameworks, like all security frameworks, are useless for vendors trying to lock you out of devices that you buy from them.
But of course, like a lot of people, the stupid vendors would have trouble grasping such a fine point. So I wouldn’t be surprised to see one or two of them try to use it for this very purpose.
Actually DRM works perfectly fine...
Posted Jan 18, 2012 22:30 UTC (Wed) by khim (subscriber, #9252)
The NSA, of all people, are well aware of such a limitation—after all, it is the reason that Digital Restrictions Management doesn’t work.
Apparently NSA knows the reality better then you and they obviously knows that DRM does work. The governing principle in security is famous ages-old you can fool all the people some of the time, and some of the people all the time, but you cannot fool all the people all the time. DRM can not full fool all the people all the time - here you are absolutely correct, but it can fool all the people some of the time and this some of the time is growing: just 10 years ago DRM typically DRM was broken in weeks, often days, but today it takes years for well-designed DRM systems (XBox360, PS3, etc).
If you'll consider the fact that lifespan of typical phone model is 2-3 years... this means that for Android DRM may work just fine.
Posted Jan 18, 2012 11:17 UTC (Wed) by job (guest, #670)
Posted Jan 19, 2012 1:53 UTC (Thu) by rqosa (subscriber, #24136)
> Given the options between 1) harden Android security, and 2) get people to stop buying locked-down crap
Huh? Options 1 and 2 aren't mutually exclusive at all.
Maybe you meant to say "1) weaken Android security" (for the purpose of making locked-down Android phones easier to hack, which is what the parent and grandparent posts seemed to be advocating)? That way it makes more sense that 1 and 2 are mutually exclusive — if locked-down Android devices were truly unhackable, then there would likely be more end-user demand for the unlocked devices that are already for sale (Nexus, etc.).
Posted Jan 19, 2012 10:08 UTC (Thu) by job (guest, #670)
Posted Jan 19, 2012 15:01 UTC (Thu) by rich0 (guest, #55509)
I got a T-Mobile G2 for $0 with 4G service and a decent hardware keyboard. I couldn't get an unlocked android phone at any price with a hardware keyboard, and neglecting that feature a Nexus S would have cost me $200 with only 3G data. Before that the Nexus One was unsubsidized but would have cost the same per-month (you could have gotten a discounted rate at the time if you didn't have a family plan).
At some points in time the unlocked models are somewhat competitive, but more often than not they aren't. The fact that they only come out about once a year doesn't help - if your upgrade cycle is off by six months it will be hard for the free stuff to ever be feature-competitive.
Unlocked phones are clearly the best solution to the lockdown problem, but right now there just aren't enough of them, and vendors don't want to promote them. I doubt that would ever change without some kind of legislation.
Posted Jan 22, 2012 13:31 UTC (Sun) by job (guest, #670)
I obiously don't count subsidized phones since they are just part of a payment plan, whether you see separate payments or it's just part of your monthly fee (in which case you lose badly if you don't catch the expiration date). You probably didn't really get your phone for $0. That's just parroting market speak where fees are called something else.
I would think the varying states of unlocked-ness is a bigger problem. Some have just unlocked bootloaders, which many manufacturers offer across the entire price spectrum (some HTC models, newer Sony-Ericssons etc.), and some go further. It takes a lot of customer empowerment to know which phone to get. That's where the community can help out.
Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds