User: Password:
|
|
Subscribe / Log in / New account

Android application security

Android application security

Posted Feb 7, 2009 19:41 UTC (Sat) by jwb (guest, #15467)
In reply to: Android application security by jake
Parent article: Android application security

You say:

Unlike the iPhone App Store, Android applications are not vetted before being placed into the Android Market.

I think that's FUD. You hold up Apple as a positive example, and then you portray Android in a bad light because they don't follow the Apple example. But the fact is that the iPhone is the least secure mobile platform by a huge margin. Any iPhone application can do whatever the hell it wants, and "jailbreaking" is just a fancy word for exploitation of the platform's numerous gaping security holes. Their attempt to socially enforce security rules by bottlenecking application distribution is just a whitewash over their horrible security record.

By contrast both Android and BlackBerry have functioning technical security defenses. They should be applauded for having these security features, even if in Android's case those features are faulty and in need of fixing.


(Log in to post comments)

Android application security

Posted Feb 7, 2009 20:08 UTC (Sat) by jake (editor, #205) [Link]

> You hold up Apple as a positive example, and then you portray Android in
> a bad light because they don't follow the Apple example.

well, i am sorry you see it that way. i don't think Apple is a positive example, nor do i think was portraying Android in a particularly bad light. i was simply pointing out a vulnerability. but, evidently, i didn't do it clearly enough.

the last sentences of the paragraph you quoted are possibly of interest:

"Given the problems with Apple's inconsistent and anti-competitive decisions on iPhone applications, Google's openness has some benefits. But it also has some pitfalls."

but i still find it very difficult to see how the article is spreading "fear, uncertainty, and doubt". YMMV

jake

Android application security

Posted Feb 8, 2009 23:42 UTC (Sun) by mikov (subscriber, #33179) [Link]

I for one found the article well written and thought provoking and did not think it was FUD (even though I am a huge fan of Android).

jwb does have a very valid point that the Android has a functioning security system, while the iPhone has none. Even though I already knew that, it didn't spring to my mind while I was reading, so perhaps it should have been mentioned. For better or worse Apple really has no choice but to carefully vet every single application.

Perhaps the best solution is a combination of both. Allow both verified and un-verified applications to be distributed and installed, and it is up to the user to choose to install an unverified one. The question is who is doing the vetting, how expensive it is and does it make economic sense?

Android application security

Posted Feb 9, 2009 11:48 UTC (Mon) by massimiliano (subscriber, #3048) [Link]

The question is who is doing the vetting, how expensive it is and does it make economic sense?

Well, IMHO one key point is the freedom of doing the vetting, and the freedom of setting up a vetting system that is acceptable for the users.

With the Apple model this simply is not possible. The Android model, on the other hand, gives users a choice. We should not accomplish security by denying choice (the freedom to instal any application he wants) to the user!

What I'd really like is seeing a healthy ecosystem of Free Sofware (or Open Source, as you like) applications available for Android. That would allow the review process to be public and distributed, which is the real reason why I trust my Linux distribution more that how I would trust a closed OS.

And it would be nice to educate the users to this kind of sensibility to freedom... which at least with Android is possible.

My 2c,
Massimiliano


Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds