Sadly I don't think Android as a platform is less secure. but still, in comparison to iOS (the common comparison) or desktop platforms. Most phones stops getting security updates earlier than the other platforms.
I had a Nexus 4, Nexus 7, Nexus 5X. All which should get top notch security updates. stopped where other platforms kept getting updates.
Just a few days ago I saw on HN some great news for Android (https://news.ycombinator.com/item?id=23692257). but again, this isn't a security update. It a broader security improvement equivalent to a major update on other platform.
While my 1st iPhone SE will get iOS 14, my Nexus 5X is still on Android 8.
Three years of updates is better than it used to be, but iOS devices average around five years of support, and I'm not sure that's enough either. Hardware devices should receive security updates until they start physically failing.
> Hardware devices should receive security updates until they start physically failing.
That's just entirely unreasonable. I recently dug my original iPhone (now 13 years old) out of a box and it still works fine, but, you can't expect Apple or Android to support 13-year-old devices.
Consider that Windows 10 still runs on some 13 year old devices. macOS supports devices almost eight years old. That's MUCH longer than the average mobile support period. Desktop/laptop users can also switch to Linux after the support period ends to extend the life of their hardware further.
If mobile vendors can't do that, then they should limit support to the expected life span of a the battery under average daily usage conditions, starting on the date that device sales are discontinued. That's certainly less than 13 years.
Alternatively, the manufacturer could just unlock the boot loader after the official support period ends and provide the community with the resources they need to support the device.
Some people will continue to use their device until it is no longer functional. Either they can't afford frequent upgrades, or they're trying to reduce electronic waste, or whatever. It's wrong to strand those users on an unsafe platform.
It is reasonable to not support 13-year-old operating systems but there shouldn't be any reason current operating systems can't support old devices. Certainly Linux based operating systems manage to do that.
Hmm. My $170 phone from the middle of 2014 is still working perfectly and shows no signs of being "deprecated". Every application I use gets frequent updates, including the browser. I don't have to worry about targeted attacks (as I am not a billionaire/movie star/CEO of a large company/whatever), and a new shiny iPhone won't help with those anyway. µBlock Origin (with JS disabled on most sites) protects me from everything else.
Yeah the security patches are still worth thinking about. There was a Media Framework bug that needed nothing but a PNG on your phone to get RCE and there was a bug with the bluetooth stack this year which also could achieve RCE when your bluetooth was turned on and an attacker knew the BSSID
PNGs are easy to send and in times of Contact Tracing via Bluetooth... well there are certain risks to running unpatched
For a lot of folks, especially those at Hacker News, that is totally fine. It is interesting how people's perspectives change when it comes to defending their choice. So in this case, yeah Android seems secure but what happens after 2yrs - even though that point doesn't apply to them. Call out what is important to you vs. just talking about averages.
I’m on hacker news and I care about the environment. I don’t want perfectly good hardware going in to landfill.
Apple supporting their phones for 5+ years is good, and they should be commended for doing this, but we should be introducing laws to make sure all manufacturers are doing this to a reasonable level.
Aside from gaming, which isn't prevalent aside from casual games in NA and EU to my knowledge, I'm not sure what someone may possibly need it's phone for where something like a S7 (a bit more than 4 years old) isn't largely sufficient. Not a diss on Apple, I think the iPhone 5 is vastly better than circa-2012 Android phones, I just disagree with the premise of throwing phones every 2 years as being remotely necessary (perhaps until the next paradigm shift in computing/web/mobile usage where current tech starts to be too sluggish).
Yeah but in the context of security your point is moot. No more updates means no more security patches, right? Throwing phones away every two years is of course not necessary, an Android phone from 2012 is probably perfectly usable - yet horribly insecure.
Yeah I could have amended about security, but I was replying to a comment about specs and Android phones being deprecated after 2 years, which I don't interpret as being security-related.
I had an S3 from launch for ~7 years before switching, and it was completely unusable by the end. Most websites and big-name apps halve in performance every 18 months or so. Doesn't help that your battery will be on its last legs by then. 2 years is definitely much more often than required, but until ad-tech corps and web developers call off the assault, we're stuck on the phone treadmill to some degree.
on Apple’s case, means good app experience for the users and the developers. for example, SwiftUI comes to iOS 13 or later. If most devices were to be left off without updates(which is the case with Android) most developers would be hesitant to pick up the newer shiniest technology. apps on android still tend to be ugly and old fashioned. sure, there’re exceptions but generally apps on iOS are fresh and consistent probably because developers can depend on the users having the latest platform.
> So many phones can't install those, though. Like every single US Samsung model.
Unfortunately true. If you were going to want to use either of these you would have to purchase a phone specifically for it. The only reason I brought these up was the parent comment implying the purchasing of phones anyways.
> If we had a law forcing phone makers to unlock bootloaders once support ends, then we could talk.
Honestly, this would be amazing. This is one of the reasons I haven't purchased a phone yet, and am waiting on the PinePhone to become a viable daily driver.
> Lineage breaks the Android security model - knowingly.
That's gonna be a big nope from me then. I was unaware of this, thank you for bringing it up.
I've been mostly unsuccessful trying to find other android variants that appear to still be maintained, would you mind pointing me towards one? I'll probably still wait for the PinePhone, but I'd like to stay knowledgeable on the subject.
Thank you, this is super interesting and may well wind up being something that I wind up using in the future.
I noticed that it only officially supports the Pixel devices.
I've always avoided the Pixel devices because I assumed that the firmware was closed source and therefore a privacy issue, especially coming from google.
However, the FAQ states "These devices meet the stringent privacy and security standards and have substantial upstream and downstream hardening specific to the devices."
Am I mistaken about the Pixel drivers being closed source? If not, how is this statement verified?
The author doesn't mean that the drivers are open source. It's impossible to have a device with all drivers open sourced at the moment, hence the Pinephone. From the "supported devices" faq:
"Devices need to be meeting the standards of the project in order to be considered as potential targets. In addition to support for installing other operating systems, standard hardware-based security features like the hardware-backed keystores, verified boot, attestation and various hardware-based exploit mitigations need to be available. Devices also need to have decent integration of IOMMUs for isolating components such as the GPU, radios (NFC, Wi-Fi, Bluetooth, Cellular), media decode / encode, image processor, etc., because if the hardware / firmware support is missing or broken, there's not much that the OS can do to provide an alternative. Devices with support for alternative operating systems as an afterthought will not be considered. Devices need to have proper ongoing support for their firmware and software specific to the hardware like drivers in order to provide proper full security updates too. Devices that are end-of-life and no longer receiving these updates will not be supported."
Thank you for the info and being so responsive to my questions. Sorry if I'm slow, this is outside of my normal range and my duckduckgo-fu is weak on this subject.
I saw this part of the faq, but it was a bit beyond my comprehension.
This is an extremely interesting topic to me however, could you point me toward where I could do better research on the topic? I'll keep looking around myself and post something here if I see it for anyone else who's interested.
Asking questions is not a sin. I will endeavour to answer where I can. :)
I'm no expert in this area myself (read as I've been educated by the internet and been too lazy to dig deeper), but I hope this reddit thread[0] leads you to some answers. Daniel Micay is the author of GrapheneOS, formerly CopperheadOS.
+1, this all day, over Linux phones with dubious security models/hardware switches that just delay exfiltration if it's going to happen on a non-verified boot device.
They get security updates for 3 years (longer for enterprise devices). System libraries and builtin apps such as browser are updated via play store indefinitely.
But how many people _really_ use a phone more than 3 years?
Anecdotally, most of the older folks I know will use hardware until it disintegrates because they don't use many apps and "it still works." I've seen a seven year old iPhone 5C in the wild.
Pixels are getting better, and Samsung flagships are getting their OS updates for 2-3 years and an additional 2 for security patches. That is.. barely good enough in my eyes.
On iOS I use AdGuard Pro, which offers DNS and safari protection, but I normally use chrome. On my home network, i have a pi-hole as well. Is Blockada just DNS blocking or is there more to it?
Looks like just DNS blocking using VPN API. I use a different method for system-level adblocking on ios. I temporarily jailbreak, supervise the device, and install easylist's pac to block connections without an external server. Jailbreak is removed after it is set in place. Guide: https://www.reddit.com/r/jailbreak/comments/dbdb8x/tutorial_...
The only downsides I have seen to this method are it's slightly annoying to initially install and if github goes down (where the pac is hosted), phone network connectivity goes down until it comes back up.
Netguard is such a wonderful tool. Highly recommend either the free or paid versions.
It's a shame Android doesn't allow vpn chaining though, because netguard creates a local vpn connection you can't use it with an actual vpn simultaneously.
This is the main issue I have with app security. It would be great if one could deny network access to apps. I would be much more willing to install many apps if I knew they would keep the data local and not be able to send my data to some insecure cloud service for sale to the highest bidder behind my back.
It would be cool if app stores showed which apps require network access and which don't.
That is cool but now you're relying on some random third-party app developer for your security/privacy. Even if they're good people, there's nothing to stop them from selling it to some jerk that will enable their own apps to bypass it and/or enable other shady developers to bypass it for money.
This kind of software can also be difficult to get right. There may be ways to easily bypass it.
If Google did this, I'd seriously consider going back to Android.
There's a rather large selection of good-to-extraordinary software that doesn't use any sort of analytics/auto-reporting. Off the top of my head, GNU coreutils, and BSD flavor, sqlite, qmail, (neo)vim, emacs, GIMP...
> Apport will notify you about the crash and offer to file it. Do that.
I wouldn't call it auto-reporting when the user has to agree first; consent is the sticking point. (Same for abrt) (granted, I should have been more precise and I suppose that is automated in a sense; I took "automatic" to mean "without asking")
Those are all CLI/desktop apps and stable as they've been around for decades. They also had supportive communities to file bug reports, changelists, etc..
You can hardly compare coreutils to smartphone apps.
As someone who deals with Android fragmentation daily, you wouldn't believe how hard it is to support the whole ecosystem. Disliking analytics I can understand, but crash reporting adds measurable improvement in the quality of software.
Yeah, I realized halfway through my list that I was mostly listing infrastructure; that's why I tacked on editors and GIMP. The original claim was that analytics were required to avoid software being terrible, and I mostly wanted to point out that this is obviously false; kind of software and community support make an impact, but they're not a hard requirement, and at any rate I think we're moving the goalposts here.
> You can hardly compare coreutils to smartphone apps.
Indeed; coreutils works on an absurd variety of unix-family systems, is copyleft, respects privacy, and is high-quality. If smartphone apps were more like coreutils, we'd all be better off.
> As someone who deals with Android fragmentation daily, you wouldn't believe how hard it is to support the whole ecosystem. Disliking analytics I can understand, but crash reporting adds measurable improvement in the quality of software.
I do understand where you're coming from; while I don't have skin in that game, I'm passingly aware of the remarkable ways that vendors break their systems. And honestly, if you get user consent, I don't actually have a problem with having the app report problems to you. It's just the "send information about the user's system without asking" thing that I object to.
The Open Source nature of Android might have something to do with it as well. It is interesting to compare iOS and Android in terms of how visible the source code is and how much vulnerable a system can be in effect.
Android is less open source than it used to be. I wonder what percent of the vulnerabilities in Android are in the open-source portions (kernel, system libraries) vs the framework/apps.
I should note that these things can only keep your device secure if they’re not buggy, and most platforms offer these features. The difference is quality of implementation and which ones keep them up-to-date when problems are found.
This article wholly misses the point. Android is not a secure OS because it enables and allows behaviors that make it leak data and protect the user poorly. Security isn't just a matter of not having memory vulnerabilities or using good encryption.
That's where Google and it's advocates have failed to understand what security is. Security is keeping something safe. And with the amount of data exfiltration Google's default platform plus the apps it allows and encourages do does not do a good job securing your information.
When a user installs an app that does behavior they didn't expect or intend to permit, that's a security issue, even if the platform APIs allowed it.
The difference in how Apple and Google approach Web APIs discussed a couple days ago highlights this: Google added a ton of APIs that lets websites do stuff with your computer, Apple decided they are risky and chooses not to implement them. Google would say the user has to give permission for those APIs to be used, so there's no security flaw if a website uses them maliciously: The user gave permission. Whereas, Apple would recognize the benefits to the user are minimal compared to the risk when the user grants permission unintentionally, which happens all the time for other web APIs like push notifications and even extension installs.
Practical security and technical security are two different things. Google does not even comprehend the former, while receiving wide accolades for their expertise at the latter, as in this article.
> Android is not a secure OS because it enables and allows behaviors that make it leak data and protect the user poorly.
I am going to bite. You are just biased. Google adds more APIs because it doesn't have much interest in limiting some features to Play store, because Play is a such small part of their revenue. Apple would benefit if things are only possible through native apps because sweet 30% rent.
That said Google isn't exactly dumb but they aren't well organised in terms of Android - some areas get focus while others not. They even made it harder for external contributers of Android Open Source Project by following Google style monorepo patterns.
Contrast to Apple where mobile OS is their core business and they have to do it well.
OnePlus is a terrible company. I purchased one of their phones, I had some issues with the device within the 30 day return period. It was a popular issue, I think it was ghost touch but it has been a while. Anyway, in order to get a refund I had to do a charge back with my CC company.
I am pretty confident my next phone will be an Apple device. I was an Android fan, purchased all google/nexus devices starting with the G1. I had problems with many of those devices. I have switched to Samsung, but the amount of garbage on the phone still annoys me. Therefore, it is time to try iOS.
While OxygenOS is smooth and not bloated and their phones are cheaper than other flagships (in some markets at least), their security record isn't the best.
All of the extra Samsung apps. The themes are absolute dog shit. The members app doing a push notification that I haven't rebooted my phone in 7 days like I'm still running Windows 98. The garbage games they install by default. The fact that the UI of said apps doesn't match the rest of Android at all. Bixby existing. Ads in their apps.
Samsung Pay is OK, and I love the magnetic stripe emulation, but I hate that I need to auth again even though I've already unlocked the phone.
I never got ads in any of the Samsung apps, I keep hearing this but never saw it in my lifetime using Samsung phones.
Also don't know what are people's problem with Touchwiz. It's a launcher, why are people so anal about a launcher? It does what it's supposed to do and stays out of the way.
I chose Samsung because of the value it brings in software, particularly Knox and support for app containers. Their hardware ecosystem is also quite fleshed out, although I haven't buy into it yet.
No other phone manufacturer comes close in terms of value.
I am NOT a security export, just an observer, but saying "Contrary to popular belief, modern Android is pretty secure." (Which is how this post finishes) sounds pretty much like something I'd agree with, but saying "Your Android might be the most secure device you own" isn't really something that I'd agree with as much.
I don't even know how one would really measure these things in a reliable and objective way. Do we compare it to IOS or Windows or ChromeOS or MacOS? Which version of Android and so on.
The post picks out the best things about Android, nothing wrong with that, but isn't that just ignoring all the problems with Android? I agree though, Android is pretty secure, but so is everything else.
Hm guess I subconsciously chose an clickbaity title...
Well in my case, I use Debian as my main operating system on my Desktop. Debian is great, but as a classical desktop OS it does not have those cool security things like app sandboxing, permissions management (camera acces etc) and stuff like that. Which makes sense, since mobile Operating Systems were designed from the ground up way later and also seem to move at a faster pace. The fact alone that almostt all ANdroid Apps run in the JVM and are written in memory safe languages is a huge plus that the GNU/Linux family does not have. (Solely speaking about security, I wouldnt want my /bin/sh to be in java)
In my particular case, it suprised me to find out that my android is the most secure device I own. Thus the title (and the intention to wrote this post).
So yeah, misleading title. Kinda. My Bad. Updated the title
The big difference between Debian and Android is that with Debian you don't generally want or need to run untrusted or untrustworthy 3rd party code. Instead your software comes from trusted source with maintenance promise and security updates. And I'm starting to think that is better model than trying to sandbox and lock down everything; the world needs more trust at certain places. In contrast you are no way able to trust random Android apps, neither the quality or the intentions, so you are left with actively hostile relationship between you, the OS, and the apps.
I really don't see how improving security and reducing privacy are related: like generating fingerprints of installed programs, or scanning the memory, disks for malware and reporting results to the OS provider/device manufacturer and mapping the results to a user account or an ip address ?
For me improved security was more synonym to degraded performance.
Hard to do I think. Even plain old "linux but for phones" is pretty difficult at this point because:
--most drivers and hardware specifications are proprietary, and probably secret under NDA
--most bootloaders are cryptographically locked and controlled by vendor
--necessary wifi and cellular modem hardware is the same, and are also patent minefields even in the foundational platonic ideals of design, as is mobile graphics hardware
--the modems are subject to regulatory requirements that they be secured from modification by the user/owner of the device
Secure in this context means secure from the user and device owner, which can arguably be for good reason -- think of an ATM kiosk, for example.
So no "tails for phones" yet, but people are trying. Check out postmarketOS, lineageOS, replicant, sailfish. Last I tried things were still kind of science project, like 90's style linux.
Adding ubports to the list- I have it on my Pinephone and can place and receive calls, send and receive SMS, and utilize GPS. There are some features that don't yet work on Pinephone like MMS but it's on the threshold of being daily-driver worthy.
Users on Pine64.org have reported their devices can run 14 hours on idle and my own experience is the battery will last all day with moderate usage. Getting it on the phone is as simple as getting Raspbian on a Raspberry Pi, you just flash the image onto an SD card.
I feel as though the improvements in security lend themselves to improvements in privacy, and vice versa, in a rather linear relationship.
That being said, privacy factors are primarily user-choice in that it is the optional apps and programs that compromise privacy, even if the privacy breaches are less-than-voluntary, as seen in the recent clipboard skimming scandal. Making an OS more secure by limiting unauthorized access to information like the clipboard is both more secure and more private.
The article says that modern Android security is pretty good, listing a number of Android's security features and recent improvements, but the author never tries to make the case that it's "the most secure device you own".
There's also zero comparison between Android and any other operating system that would be required to support the HN title's conclusion.
Also, Android isn't a device, it's an operating system. An operating system is only as good as the devices it's put on; a deeply insecure device isn't going to magically be made better just be installing Android on it.
Random nitpick: I wish each post has what I'll call "full page scrolling". You have to hover your mouse over the actual post to scroll it or you end up scrolling the background.
I had a Nexus 4, Nexus 7, Nexus 5X. All which should get top notch security updates. stopped where other platforms kept getting updates.
Just a few days ago I saw on HN some great news for Android (https://news.ycombinator.com/item?id=23692257). but again, this isn't a security update. It a broader security improvement equivalent to a major update on other platform.
While my 1st iPhone SE will get iOS 14, my Nexus 5X is still on Android 8.