Difference between revisions of "Android"

From Wikispooks
Jump to navigation Jump to search
(reword the lede)
(dirty cow)
Line 9: Line 9:
  
 
==Distributions with Pre-installed Malware==
 
==Distributions with Pre-installed Malware==
 +
Although [[open source]], Android is often sold pre-installed on [[mobile phones]] with dozens of pieces of proprietary [[malware]], usually not able to be uninstalled and sometimes even invisible to end users. The proprietary Android [[cellphone]], in this state, has been described as "the most sophisticated surveillance machine to date for monitoring your routines."<ref>https://elpais.com/elpais/2019/03/22/inenglish/1553244778_819882.html</ref> Even with a custom ROM, Google Play Services itself can act as spyware, tracking one's location <ref>https://www.buzzfeednews.com/article/nicolenguyen/heres-how-to-actually-prevent-google-from-actually-tracking</ref>, for example.
  
Although [[open source]], Android is often sold preinstalled on [[mobile phones]] with dozens of pieces of propreitary [[malware]], usually not able to be uninstalled and sometimes even invisible to end users. The proprietary Android [[cellphone]], in this state, has been described as "the most sophisticated surveillance machine to date for monitoring your routines."<ref>https://elpais.com/elpais/2019/03/22/inenglish/1553244778_819882.html</ref> Even with a custom ROM, Google Play Services itself can act as spyware, tracking one's location <ref>https://www.buzzfeednews.com/article/nicolenguyen/heres-how-to-actually-prevent-google-from-actually-tracking</ref>, for example.
+
===Rooting phones===
 +
Android is based on [[Linux]], and is affected by a number of Linux bugs. In October 2016, 'Dirty Cow', a Linux privilege escalation bug was published online, which was "believed to work reliably on every version of the mobile operating system and a wide array of hardware."<ref>https://arstechnica.com/information-technology/2016/10/android-phones-rooted-by-most-serious-linux-escalation-bug-ever/</ref>
  
 
===Avoiding malware===
 
===Avoiding malware===
To avoid software-based malware on Android phones, one should use one that gives the user full control of it, rootable and with either plain [[AOSP Android]] or support for [[LineageOS]]. For additional security, one should avoid installing Google Apps, using alternatives to them, such as [[F-Droid]] as an alternative to the Google Playstore. Another security risk is proprietary drivers for the phone's hardware, which being closed source, cannot be independently verified to be safe. Dealing with these requires either a phone with open drivers available or one writing open drivers themselves. Since reverse engineering hardware protocols can be an extremely challenging ordeal, one should usually avoid phones with proprietary drivers if they want maximum security.   
+
To avoid software-based malware on Android phones, one should use one that gives the user full control (i.e. are rootable) and allow reinstall of an alternative OS such as plain [[AOSP Android]] or [[LineageOS]]. For additional security, one should avoid installing [[Google Apps]], using alternatives to them, such as [[F-Droid]] as an alternative to the Google Playstore. Another security risk is proprietary drivers for the phone's hardware, which being closed source, cannot be independently verified to be safe. Dealing with these requires either a phone with open drivers available or one writing open drivers themselves. Since reverse engineering hardware protocols can be an extremely challenging ordeal, one should usually avoid phones with proprietary drivers if they want maximum security.   
  
 
==Google Playstore==
 
==Google Playstore==
A joint investigation by researchers from [[Security Without Borders]] and ''[[Vice]]''concluded in March 2019 that the [[Google Playstore]] had around 20 [[malware]] apps that went undetected for 2 or so years.<ref>https://motherboard.vice.com/en_us/article/43z93g/hackers-hid-android-malware-in-google-play-store-exodus-esurv
+
A joint investigation by researchers from [[Security Without Borders]] and ''[[Vice]]''concluded in March 2019 that the [[Google Playstore]] had around 20 [[malware]] apps that went undetected for 2 or so years.<ref>https://motherboard.vice.com/en_us/article/43z93g/hackers-hid-android-malware-in-google-play-store-exodus-esurv</ref>
</ref>
+
 
 +
 
 
{{SMWDocs}}
 
{{SMWDocs}}
 
==References==
 
==References==
 
{{reflist}}
 
{{reflist}}

Revision as of 01:17, 1 April 2019

Concept.png Android 
(Operating system)Rdf-entity.pngRdf-icon.png
Android.svg
A widely used mobile operating system

Android is a widely used mobile operating system developed by Google. It is generally a reliable OS, but as sold to consumers it generally comes[citation needed] bundled with manufacturer malware to facilitate universal surveillance.

Distributions with Pre-installed Malware

Although open source, Android is often sold pre-installed on mobile phones with dozens of pieces of proprietary malware, usually not able to be uninstalled and sometimes even invisible to end users. The proprietary Android cellphone, in this state, has been described as "the most sophisticated surveillance machine to date for monitoring your routines."[1] Even with a custom ROM, Google Play Services itself can act as spyware, tracking one's location [2], for example.

Rooting phones

Android is based on Linux, and is affected by a number of Linux bugs. In October 2016, 'Dirty Cow', a Linux privilege escalation bug was published online, which was "believed to work reliably on every version of the mobile operating system and a wide array of hardware."[3]

Avoiding malware

To avoid software-based malware on Android phones, one should use one that gives the user full control (i.e. are rootable) and allow reinstall of an alternative OS such as plain AOSP Android or LineageOS. For additional security, one should avoid installing Google Apps, using alternatives to them, such as F-Droid as an alternative to the Google Playstore. Another security risk is proprietary drivers for the phone's hardware, which being closed source, cannot be independently verified to be safe. Dealing with these requires either a phone with open drivers available or one writing open drivers themselves. Since reverse engineering hardware protocols can be an extremely challenging ordeal, one should usually avoid phones with proprietary drivers if they want maximum security.

Google Playstore

A joint investigation by researchers from Security Without Borders and Viceconcluded in March 2019 that the Google Playstore had around 20 malware apps that went undetected for 2 or so years.[4]


 

Related Document

TitleTypePublication dateAuthor(s)Description
Document:Huawei’s phone business would be decimated without Google’s AndroidArticle20 May 2019Vlad SavovA resolution to the ongoing trade dispute between the US and China is now more urgent than ever. However, China is unlikely to react positively to the bullying tactics of the US. And that means Huawei’s phone business may be in limbo for a while yet.
Many thanks to our Patrons who cover ~2/3 of our hosting bill. Please join them if you can.


References