Linked by David Adams on Thu 24th Jun 2010 16:22 UTC, submitted by Governa
About 20 percent of third-party apps available through the Android marketplace allow third-party access to sensitive data, and can do things like make calls and send texts without the owners' knowledge, according to a recent security report from security firm SMobile Systems. There's no indication that any of the highlighted apps is malicious, but the report does underscore the inherent risks of a more open ecosystem as opposed to Apple's oppressive yet more controlled environment, with every app being vetted before availability.
Thread beginning with comment 431396
To view parent comment, click here.
To read all comments associated with this story, please click here.
To view parent comment, click here.
To read all comments associated with this story, please click here.
RE[2]: From a security firm
by aesiamun on Fri 25th Jun 2010 03:10
in reply to "RE: From a security firm"
Member since:2005-06-29
RE[3]: From a security firm
by tyrione on Fri 25th Jun 2010 04:12
in reply to "RE[2]: From a security firm"
Member since:2005-11-21
The user chooses to install an application and is given a list of what the app has access to. The user has the choice, if they choose to continue then that is their decision.
Written like a designer complaining that an end user should have the experience, knowledge and foresight to be cautious like a security expert.
Kroc is correct when this falls on the architect, not the end user.
RE[2]: From a security firm
by kaiwai on Fri 25th Jun 2010 05:25
in reply to "RE: From a security firm"
Member since:2005-07-06
PEWTD - Problem Exists With The Designer. Security is a process, not a feature, and the user should remain safe and in control should the worse happen because the system is designed as such. You could blame the user for causing a car crash, but you shouldn’t blame them if the car’s engineering fails to protect them; that’s down to the design of the car, not the user.
But how much is too much when it comes to an application giving off warnings before an end user does something? or how restrictive should it be where there is a weighing up between keeping the individual safe and giving maximum flexibility? at some point one has to take off the training wheels and allow the user to stay upright on the bike - and yes that might mean going into the gutter or straying into the road and getting hit by a car.
There is a thing called personal responsibility that is sorely lacking these days - time that end users exercised that instead of being mindless click and drool mouth breathers.
RE[3]: From a security firm
by lemur2 on Fri 25th Jun 2010 05:46
in reply to "RE[2]: From a security firm"
Member since:2007-02-17
"PEWTD - Problem Exists With The Designer. Security is a process, not a feature, and the user should remain safe and in control should the worse happen because the system is designed as such. You could blame the user for causing a car crash, but you shouldn’t blame them if the car’s engineering fails to protect them; that’s down to the design of the car, not the user.
But how much is too much when it comes to an application giving off warnings before an end user does something? or how restrictive should it be where there is a weighing up between keeping the individual safe and giving maximum flexibility? at some point one has to take off the training wheels and allow the user to stay upright on the bike - and yes that might mean going into the gutter or straying into the road and getting hit by a car. There is a thing called personal responsibility that is sorely lacking these days - time that end users exercised that instead of being mindless click and drool mouth breathers. " The problem with the "PEWTD - Problem Exists With The Designer" thinking is that some designers deliberately design malicious code. When they do so, they will also do their utmost to obscure the fact that the code is malicious from the end user.
According to this article:
http://www.pcmag.com/article2/0,2817,2365651,00.asp
Where the Google spokesperson (Cannings) says this:
"In cases where users may have installed a malicious application that poses a threat, we've also developed technologies and processes to remotely remove an installed application from devices," Cannings wrote. "If an application is removed in this way, users will receive a notification on their phone."
Google themselves are apparently going to take responsibility for "malicious applications". If Google are alerted by one end user to the existence of a malicious application, or if Google identify such an application themselves, they apparently can and will take action and delete it from everybody's android phone.
Edited 2010-06-25 05:57 UTC
RE[3]: From a security firm
by Stratoukos on Fri 25th Jun 2010 12:04
in reply to "RE[2]: From a security firm"
Member since:2009-02-11
at some point one has to take off the training wheels and allow the user to stay upright on the bike - and yes that might mean going into the gutter or straying into the road and getting hit by a car.
What if the user doesn't want to learn how to ride a bike? To break from your analogy, a user doesn't want to "use a phone". He wants to share his photos, send an email or whatever.
This situation is primarily our fault ("our" in a very broad way; as in our industry). Some point in the past, we decided that computers aren't going to stay on the server rooms, but there is going to be one in every home. Since this is the direction we've taken, we have to actively support it by providing "training wheels" to everyone who needs them. Since you could say that generally a mobile app's audience needs these training wheels, you can't just shout RTFM to anyone who is confused and expect to be successful.
RE[3]: From a security firm - "do not show again"
by jabbotts on Fri 25th Jun 2010 15:29
in reply to "RE[2]: From a security firm"
Member since:2007-09-06
I'd just stick with the normal aproach:
"
This program accesses your; address book, phone calling
[ ] do not show this warning in future.
[allow] [deny]
"
Each program can then warn the user that it will be touching stuff or, ideally, the OS provides the monitoring, warning and permissions on a per application basis.
I don't think a minimum of one warning per application is too much and people can always opt to leave the box unchecked and see the warning each time if desired.
News
Linked by Thom Holwerda on 06/19/13 23:02 UTC, submitted by M.Onty
"Microsoft has sensationally abandoned its controversial plans to restrict the sharing of XBox One games, and has also removed daily online authentication requirements for its forthcoming console", reports The Guardian. They had no choice. Still a good move.
Linked by Thom Holwerda on 06/19/13 22:28 UTC
"A snippet of code in the Steam digital distribution platform has revealed that Valve may be planning to let users easily share their games with friends in the future. The Verge has verified the code's authenticity, which was originally spotted by a member of the NeoGAF gaming forum; the code references a 'shared game library' and a notification that would alert a user when their games are currently in use by a borrower." This would change the, uh, game.
Linked by Thom Holwerda on 06/18/13 22:33 UTC
Official Apple statement on PRISM and privacy: "Regardless of the circumstances, our Legal team conducts an evaluation of each request and, only if appropriate, we retrieve and deliver the narrowest possible set of information to the authorities. In fact, from time to time when we see inconsistencies or inaccuracies in a request, we will refuse to fulfill it." This is basically Apple re-publishing their earlier statement in a more official manner. You either believe it, or you don't.
Linked by Anonymous on 06/18/13 22:26 UTC
The open source Contiki operating system and its commercial Thingsquare distribution are making strides towards the connected home. According to a Computerworld article, a new LED light bulb manufacturer is putting small computers into their light bulbs. Each computer runs the Contiki OS, which gives each bulb an IP address and allows them to be controlled with a smartphone application. To connect the bulbs to the application, the bulbs use both Wi-Fi and the much lower power IEEE 802.15.4 mesh technology.
Linked by Thom Holwerda on 06/18/13 22:25 UTC
"Google asked the secretive Foreign Intelligence Surveillance Court on Tuesday to ease long-standing gag orders over data requests it makes, arguing that the company has a constitutional right to speak about information it's forced to give the government. The legal filing, which cites the First Amendment's guarantee of free speech, is the latest move by the California-based tech giant to protect its reputation in the aftermath of news reports about sweeping National Security Agency surveillance of Internet traffic." Draining the ditch after the cow has drowned in it.
Linked by Thom Holwerda on 06/18/13 17:45 UTC
"I can't find one person who has been using the Nexus 7 for an extended period of time, and hasn't seen a massive downgrade in performance. Just what kind of downgrade are we talking here? I cannot pick up my Nexus 7 without experiencing problems like a lag of ten seconds, or more, just to rotate the display; touches refusing to acknowledged; stuttering notification panel actions; and unresponsive apps." Fully and utterly agreed. My Nexus 7 was blazing-fast and awesome for a few months, and at some point, it just started sucking. Just like that. I've tried loads of ROMs, and nothing helps.
Linked by Thom Holwerda on 06/18/13 17:32 UTC, submitted by poundsmack
A new release of the hobby operating system MenuetOS! The release notes are a bit non-descript, but you'll have to take what you can get: "updates and improvements (picview, httpc, ehci, ...)".
Linked by Thom Holwerda on 06/17/13 17:58 UTC
"The Internet is one of the most transformative technologies of our lifetimes. But for 2 out of every 3 people on earth, a fast, affordable Internet connection is still out of reach. And this is far from being a solved problem. There are many terrestrial challenges to Internet connectivity - jungles, archipelagos, mountains. There are also major cost challenges. Right now, for example, in most of the countries in the southern hemisphere, the cost of an Internet connection is more than a month's income. Solving these problems isn't simply a question of time: it requires looking at the problem of access from new angles. So today we're unveiling our latest moonshot from Google[x]: balloon-powered Internet access." Insane.
Linked by Thom Holwerda on 06/17/13 17:52 UTC
"MineAssemble is a tiny bootable Minecraft clone written partly in x86 assembly. I made it first and foremost because a university assignment required me to implement a game in assembly for a computer systems course. Because I had never implemented anything more complex than a 'Hello World' bootloader before, I decided I wanted to learn about writing my own kernel code at the same time. Note that the goal of this project was not to write highly efficient hand-optimized assembly code, but rather to have fun and write code that balances readability and speed. This is primarily accomplished by proper commenting and consistent code structuring." Just cool.
Linked by Thom Holwerda on 06/14/13 21:03 UTC
Jon Rubinstein, former CEO of Palm: "Well, I'm not sure I would have sold the company to HP. That's for sure. Talk about a waste. Not that I had any choice because when you sell a company you don't get to decide that. Obviously, the board and shareholders decide that. If we had known they were just going to shut it down and never really give it a chance to flourish, what would have been the point of selling the company? I think the deal we had with Verizon really hurt us, but who knew that at the time? These things are all hindsight."More News »
Sponsored Links
Member since:
2005-11-10
PEWTD - Problem Exists With The Designer. Security is a process, not a feature, and the user should remain safe and in control should the worse happen because the system is designed as such. You could blame the user for causing a car crash, but you shouldn’t blame them if the car’s engineering fails to protect them; that’s down to the design of the car, not the user.