Difference between revisions of "Android"

From Wikispooks
Jump to navigation Jump to search
m
m (typo)
 
(9 intermediate revisions by 4 users not shown)
Line 6: Line 6:
 
|description=A widely used mobile [[operating system]]
 
|description=A widely used mobile [[operating system]]
 
}}
 
}}
'''Android''' is a widely used mobile [[operating system]] developed by [[Google]]. It is generally a reliable OS, but as sold to consumers it generally comes{{cn}} bundled with manufacturer malware to facilitate [[universal surveillance]].
+
'''Android''' is a widely used mobile [[operating system]] developed by [[Google]]. It is a generally reliable{{cn}} [[open source]] OS, but as sold to consumers it almost invariably comes bundled with manufacturer malware to facilitate [[universal surveillance]].
  
==Distributions with Pre-installed Malware==
+
==Pre-installed Malware==
Although [[open source]], Android is often sold pre-installed on [[mobile phones]] with dozens of pieces of proprietary [[malware]], usually not able to be uninstalled and sometimes even invisible to end users. The proprietary Android [[cellphone]], in this state, has been described as "the most sophisticated surveillance machine to date for monitoring your routines."<ref>https://elpais.com/elpais/2019/03/22/inenglish/1553244778_819882.html</ref> Even with a custom ROM, [[Google Play Services]] itself can act as spyware, tracking one's location <ref>https://www.buzzfeednews.com/article/nicolenguyen/heres-how-to-actually-prevent-google-from-actually-tracking</ref>, for example.  
+
Although [[open source]], Android is often sold pre-installed on [[mobile phone]]s with dozens of pieces of proprietary [[malware]], usually not able to be uninstalled and sometimes even invisible to end users. The proprietary Android [[cellphone]], in this state, has been described as "the most sophisticated surveillance machine to date for monitoring your routines."<ref>https://elpais.com/elpais/2019/03/22/inenglish/1553244778_819882.html</ref> Even with a custom ROM, [[Google Play Services]] itself can act as spyware, tracking one's location <ref>https://www.buzzfeednews.com/article/nicolenguyen/heres-how-to-actually-prevent-google-from-actually-tracking</ref>, for example.  
 +
 
 +
According to a study by [[Douglas Leith]] from [[Irish]] [[Dublin University/Trinity College|Trinity College]], Android devices send almost 20 times more data to [[Google]] than [[iPhones]] to [[Apple]]. [[Telemetry]] (GPS position, telephone number and IMEI, whether the SIM card is inserted, MAC addresses of the closest WLAN router, etc.) is continuously transmitted - even if the user has not activated a Google account or has objected to the collection of statistical data. Even in standby mode, information is transmitted every 4.5 minutes on average. In 12 hours, Android sends its creator one megabyte, iOS sends 52 kilobytes.<ref>https://www.scss.tcd.ie/doug.leith/apple_google.pdf</ref>. Spokespeople from Google contradicted Leith's findings and pointed to errors in his methodology. According to the corporation, the scientist simply described how modern smartphones work.<ref>https://arstechnica.com/gadgets/2021/03/android-sends-20x-more-data-to-google-than-ios-sends-to-apple-study-says/</ref>
  
 
===Rooting phones===
 
===Rooting phones===
Line 15: Line 17:
  
 
===Avoiding malware===
 
===Avoiding malware===
To avoid software-based malware on Android phones, one should use one that gives the user full control (i.e. are rootable) and allow reinstall of an alternative OS such as plain [[AOSP Android]] or [[LineageOS]]. For additional security, one should avoid installing [[Google Apps]], using alternatives to them, such as [[F-Droid]] as an alternative to the [[Google Play Store]]. Another security risk is proprietary drivers for the phone's hardware, which being closed source, cannot be independently verified to be safe. Dealing with these requires either a phone with open drivers available or one writing open drivers themselves. Since reverse engineering hardware protocols can be an extremely challenging ordeal, one should usually avoid phones with proprietary drivers if they want maximum security.
+
To avoid software-based malware on Android phones, one should use one that gives the user full control (i.e. are rootable) and allow reinstall of an alternative OS such as plain [[AOSP Android]] (such as [[Pixys OS]]<ref>https://github.com/PixysOS</ref>, [[LineageOS]] or [[Resurrection Remix OS]].
 +
 
 +
==Software sources==
 +
Some Android apps abuse their privileges to subvert the phone and serve adverts.<ref>https://arstechnica.com/information-technology/2015/10/android-adware-wields-potent-root-exploits-to-gain-permanent-foothold/</ref>  The most popular software repository is the [[Google Playstore]]. 
 +
 
 +
===F-Droid===
 +
{{FA|F-Droid}}
 +
F-Droid, started in 2010, is the best established repository which contains only freely available [[open source]] apps.
 +
 
 +
===Google Play store===
 +
{{FA|Google/Play}}
 +
By July 2017 "at least 500 apps collectively downloaded more than 100 million times from Google's official Play market contained a secret [[backdoor]] that allowed developers to install a range of [[spyware]] at any time".<ref>https://arstechnica.com/information-technology/2017/08/500-google-play-apps-with-100-million-downloads-had-spyware-backdoor/</ref>
 +
 
 +
In March 2019 a joint investigation by researchers from [[Security Without Borders]] and ''[[Vice]]'' concluded that the Google Play store had around 20 government-sponsored [[malware]] apps that had been undetected for 2 or so years.<ref>https://motherboard.vice.com/en_us/article/43z93g/hackers-hid-android-malware-in-google-play-store-exodus-esurv</ref>
 +
 
 +
===Alternatives===
 +
Another (closed source) alternative software repository is [[Aptoide]], launched in 2009.
 +
 
 +
==Drivers==
 +
Some phones use proprietary drivers, which being closed source, cannot be independently verified to be safe. Dealing with these requires either a phone with open drivers available or one writing open drivers themselves. Since reverse engineering hardware protocols can be an extremely challenging ordeal, one should usually avoid phones with proprietary drivers if they want maximum security.
  
==Google Playstore==
 
A joint investigation by researchers from [[Security Without Borders]] and ''[[Vice]]'' concluded in March 2019 that the [[Google Play Store]] had around 20 [[malware]] apps that went undetected for 2 or so years.<ref>https://motherboard.vice.com/en_us/article/43z93g/hackers-hid-android-malware-in-google-play-store-exodus-esurv</ref>
 
 
{{SMWDocs}}
 
{{SMWDocs}}
 
==References==
 
==References==
 
{{reflist}}
 
{{reflist}}

Latest revision as of 12:43, 4 April 2021

Concept.png Android 
(Operating system)Rdf-entity.pngRdf-icon.png
Android.svg
A widely used mobile operating system

Android is a widely used mobile operating system developed by Google. It is a generally reliable[citation needed] open source OS, but as sold to consumers it almost invariably comes bundled with manufacturer malware to facilitate universal surveillance.

Pre-installed Malware

Although open source, Android is often sold pre-installed on mobile phones with dozens of pieces of proprietary malware, usually not able to be uninstalled and sometimes even invisible to end users. The proprietary Android cellphone, in this state, has been described as "the most sophisticated surveillance machine to date for monitoring your routines."[1] Even with a custom ROM, Google Play Services itself can act as spyware, tracking one's location [2], for example.

According to a study by Douglas Leith from Irish Trinity College, Android devices send almost 20 times more data to Google than iPhones to Apple. Telemetry (GPS position, telephone number and IMEI, whether the SIM card is inserted, MAC addresses of the closest WLAN router, etc.) is continuously transmitted - even if the user has not activated a Google account or has objected to the collection of statistical data. Even in standby mode, information is transmitted every 4.5 minutes on average. In 12 hours, Android sends its creator one megabyte, iOS sends 52 kilobytes.[3]. Spokespeople from Google contradicted Leith's findings and pointed to errors in his methodology. According to the corporation, the scientist simply described how modern smartphones work.[4]

Rooting phones

Android is based on Linux, and is affected by a number of Linux bugs. In October 2016, 'Dirty Cow', a Linux privilege escalation bug was published online, which was "believed to work reliably on every version of the mobile operating system and a wide array of hardware."[5]

Avoiding malware

To avoid software-based malware on Android phones, one should use one that gives the user full control (i.e. are rootable) and allow reinstall of an alternative OS such as plain AOSP Android (such as Pixys OS[6], LineageOS or Resurrection Remix OS.

Software sources

Some Android apps abuse their privileges to subvert the phone and serve adverts.[7] The most popular software repository is the Google Playstore.

F-Droid

Full article: F-Droid

F-Droid, started in 2010, is the best established repository which contains only freely available open source apps.

Google Play store

Full article: Google/Play

By July 2017 "at least 500 apps collectively downloaded more than 100 million times from Google's official Play market contained a secret backdoor that allowed developers to install a range of spyware at any time".[8]

In March 2019 a joint investigation by researchers from Security Without Borders and Vice concluded that the Google Play store had around 20 government-sponsored malware apps that had been undetected for 2 or so years.[9]

Alternatives

Another (closed source) alternative software repository is Aptoide, launched in 2009.

Drivers

Some phones use proprietary drivers, which being closed source, cannot be independently verified to be safe. Dealing with these requires either a phone with open drivers available or one writing open drivers themselves. Since reverse engineering hardware protocols can be an extremely challenging ordeal, one should usually avoid phones with proprietary drivers if they want maximum security.


 

Related Document

TitleTypePublication dateAuthor(s)Description
Document:Huawei’s phone business would be decimated without Google’s AndroidArticle20 May 2019Vlad SavovA resolution to the ongoing trade dispute between the US and China is now more urgent than ever. However, China is unlikely to react positively to the bullying tactics of the US. And that means Huawei’s phone business may be in limbo for a while yet.
Many thanks to our Patrons who cover ~2/3 of our hosting bill. Please join them if you can.


References