thewayne: (Default)
The Wayne ([personal profile] thewayne) wrote2011-03-26 11:44 am
  • Add Memory
  • Share This Entry
Entry tags:

Do you have an Android phone? Do you buy apps from Amazon? Security vulnerability!

Amazon requires that your phone be set to allow apps from untrusted sources, which can open your phone to exploits. Google's app store does more inspecting, but is still not invulnerable. Amazon won't consciously allow compromised apps through, but you never know. And Amazon doesn't have a remote kill switch to remove installed apps that are found to be compromised like Google does.

http://www.wired.com/gadgetlab/2011/03/amazon-app-store-security/
Flat | Top-Level Comments Only
silveradept: A kodama with a trombone. The trombone is playing music, even though it is held in a rest position (Default)

[personal profile] silveradept 2011-03-26 10:58 pm (UTC)(link)
Maybe it's just me, but I thought one of the things you were supposed to do when you roll a product out is to make sure that it is actually secure and only does the things you want it to do. Am I missing something?

[identity profile] thewayne.livejournal.com 2011-03-27 04:10 am (UTC)(link)
I'm not sure. It's possible that Amazon wasn't considering others running app stores, they were anticipating a monoculture like the iTunes Store, and Amazon's store doesn't measure up?
silveradept: A kodama with a trombone. The trombone is playing music, even though it is held in a rest position (Default)

[personal profile] silveradept 2011-03-28 04:12 am (UTC)(link)
Huh. Well, if that's waht they wanted, they should have released the Kindlephone and gone that way.

[identity profile] thewayne.livejournal.com 2011-03-28 05:12 am (UTC)(link)
The Android is a peculiar beast. They claim it's F/OSS, but it is only 'sorta'. You have full access to the code, but part of the F/OSS ethos is that you're allowed to post fixes and improvements back in to the original repository. Google doesn't allow that, you can examine the code and write new stuff but you can't directly apply fixes. So it's kinda neither fish nor fowl.

Not really apropos of what you were saying, I just needed to say this.

The iOS model is totally closed, but the Android model is not totally open, contrary to popular belief. Part of this, I'm sure, is because the code deals with cellular radios, and that part needs to be uber-tightly controlled.

Life is weird.
silveradept: A kodama with a trombone. The trombone is playing music, even though it is held in a rest position (Default)

[personal profile] silveradept 2011-03-28 06:06 am (UTC)(link)
True. It's a partially black box - and I would think that Google has a manner that bugfixes and the like can be submitted back to them for inclusion in the next fix / release. Not that they'll necessarily take them and acknowledge it, but there should be such a manner.
Flat | Top-Level Comments Only