Android Archive

Dan Goodin, at Ars Technica, is writing about a security flaw in Android. It's got all the usual scary-scary language about doom and gloom, quotes from antivirus peddlers, and it wasn't long until sensationalist Apple site AppleInsider took it all one step further (relevant). So, is this a real security threat, or are we looking at sensationalism run amok?

This is the issue in a nutshell.

Sounds serious! Should you be worried? Is it time to stock up on canned beans and switch to a Nokia 3310? Of course, it's always time to switch to a Nokia 3310, but not really because of this "issue". Buried deep within the Ars Technica article is Google's response to the issue.

First, a patch been sent to OEMs and AOSP, but with Android's abysmal update situation, this is a moot point. The crux, however, lies with Google Play and Verify Apps. These have already been updated to detect this issue, and prevent applications that try to abuse this flaw from being installed. This means two things.

First, that there are no applications in Google Play that exploit this issue. If you stick to Google Play, you're safe from this issue, period. No ifs and buts. Second, even if you install applications from outside of Google Play, you are still safe from this issue. Verify Apps is part of Play Services, and runs on every Android device from 2.3 and up. It scans every application at install and continuously during use for suspect behaviour. In this case, an application that tries to exploit this flaw will simply be blocked from installing or running.

As a sidenote, you can actually disable Verify Apps, but unlike what some people seem to think, the dialog you get about sending data to Google when trying to sideload an application has nothing to do with this (that dialog just covers sending data about the application to Google, which is not required for Verify Apps to work). To actually completely disable Verify Apps, you need to go into the Google Settings application (or the Android settings application in 4.2 and up), navigate to Security, and disable it from there.

To get back to the matter at hand: this means that every Android user with Google Play Services is 100% protected from this issue. The only way an Android user can potentially be affected by this issue is if she, one specifically allows installation from unknown sources, and two, specifically disables Verify Apps - all accompanied by several warnings. Luckily, not a single application in or outside of Google Play is currently trying to exploit this issue.

While one can expect sensationalist nonsense from a site like AppleInsider - you don't blame TMZ for reporting on a fart by Miley Cyrus; you don't blame AppleInsider for spreading sensationalist nonsense - I'm very disappointed that a respected site like Ars Technica resorts to spreading this kind of fear, uncertainty, and doubt, especially since this isn't the first time the site has done so.

Recently, it has become very clear that the security industry - antivirus peddlers and similar companies - have focussed all their attention on Android, resorting to all sorts of dirty tactics to scare unsuspecting users into buying their useless software. Since I can't stress this often enough: do not install antivirus on Android (or iOS, for that matter). It is not needed in any way, shape, or form.

This is not the first time they have tried to spread and exploit fear, uncertainty, and doubt. Back when Windows started properly shoring up its security, Microsoft released MSE, and the mass infections of the early XP days became a thing of the past, they tried to use the exact same tactics to try and scare the rapidly growing number of OS X users into buying their junk.

I advocated against this practice then (more here), and I will advocate against it now. When you come across stories like this, you can almost always assume it's FUD, whether it covers Android, OS X, or iOS. They almost always originate from antivirus peddlers, who know full well that operating system security - on both desktop and mobile - has increased so much these past decade or so that their core business model is at stake, and as such, they have to drum up the FUD. I just wish respected websites would not dance to their tunes for clicks.

And yes, you should totally get a 3310.

Nokia has released the first major software update for the Nokia X series of devices.

Could very well be the last.

Android's various screen sizes - how big of a problem is it, really, for developers? Not a big one, according to iOS and Android developer Russell Ivanovic:

I've long since accepted that certain complaints and issues are mostly only perpetuated by people with an agenda, even long after the actual problems are solved or no longer relevant. There's Windows and security, Apple and pricing, Android and security - you name it. In order to get a real finger on the true extent of these problems, you have to cut out the official bloggers and party parrots.

Windows has been secure for almost a decade now. Apple's devices and PCs are not expensive. Android has never been insecure. These are all cases of 'fear, uncertainty, and doubt' perpetuated and/or made excessively worse than they really are by people of questionable nature.

It really does seem as if Android is 'winning' inside Google. Android on phones, TVs, cars, and watches - the only exception here is laptops, but even those are getting sort-of Android because Android application will run on Chrome OS. You have to wonder how long it'll take for Chrome OS itself to more or less turn into Android.

The second interesting point that became very clear during Google I/O is that the company is taking control away from OEMs. OEMs cannot alter Android TV and Android Wear's user experience, and that's a huge customer win. The downside here is that there's a very real possibility that these platforms won't become part of AOSP, ruling out things like CyanogenMod TV or OmniROM Wear.

Third, while it's clear that Google is trying to exert more control of phone/tablet Android too, it's still not clear how far they're willing to go. There was nothing on 'Android Silver', and the fact that the company confirmed that the Nexus programme will not go away means they still see a need for OEM-less Android - which would not be necessary if Google managed to get the same kind of control over phones/tablets as it will have over TV/Wear.

So yes, this story is pretty much an excuse to show off our fancy new Android story category (it's 2014. We thought it was time), but hey, it's still informative.

In case you've been wondering why you don't see many applications with Google's new Material Design just yet, it's because applications created with the Android L Preview SDK may not yet be submitted to the Google Play Store. In fact, said applications won't even run on non-Preview devices to begin with.

It's pretty clear Material Design simply isn't done yet, and as such, Google has wisely decided to not let developers use it in the real world just yet.

I am taking the plunge and moving from an iPhone to an Android device. I've been waiting a long time for Android to get to the point that it was fast and responsive enough, with a big enough application warehouse, wide enough support, and a smooth enough experience, to support me. Android is maturing with a consistent, system-wide look-and-feel, almost every major service now has an Android app as the counterpart to its iOS-first experience, and has a bright future with wearables, home automation, and more.

I certainly won't be the first person to change ecosystems entirely. Several have done it before, some looking for change or claim freedom, some aiming to save money, some because someone prompted them, some think they may be conforming by going with the ever-stylish Apple. I am doing it for this reason: for me, Android is now a better platform than iOS.