Related
From el reg.
Google has unveiled its phone platform, Android. It's yet another Linux OS, freely licensed, that will appear in devices in the second half of next year. Google has signed up over 30 partners including Qualcomm, Motorola, HTC and operators including Deutsche Telekom for the "Open Handset Alliance".
CEO Eric Schmidt described it as "the first truly open platform for mobile devices." Android, named after the start-up company Google acquired in 2005, encompasses middleware and applications as well as the base kernel. An SDK is promised for download next Monday under an Apache license. However, the ad-supported model will take awhile to shake out.
"Contrary to a lot of speculation out there, we won't see a completely ad driven cellphone based on Android for quite some time," said Andy Rubin.
If this all sounds a bit familiar, it's because it is.
Two such alliances appeared in 2005, and two more this year. The LIMO Alliance, backed by NTT DoCoMo, Motorola and Samsung was unveiled in January. ARM announced yet another industry Linux OS coalition just a month ago.
Despite clocking up a healthy air miles account for all involved, real momentum has stalled for Linux on mobile phones: you'll look for a 3G Linux phone in vain, today. Motorola made a strategic bet on open source in 2003 but discovered that integration complexity and costs outweighed the advantages: the company recently returned to Symbian for its smartphones. Nevertheless a wide alliance of industry backers have come to Google's launch.
Currently Symbian dominates the smartphone business. It's painfully built-up almost a decade's worth of integration expertise, in giving manufacturers what they want, including a successful Japanese business where carriers dominate. Symbian's chief technical advantage today is the platform's maturity, and more recently, its real-time kernel. This permits manufacturers to build lower-cost single-chip phones, while running their older proprietary baseband stacks as an OS personality.
With Nokia, whose volume drives lower component costs, pushing Symbian into its midrange feature phones, Android faces a stiff challenge competing in this market.
And as we pointed out earlier this today, it isn't clear that failure of rich mobile data services isn't due to anything on the supply side - people just don't find them very useful.
There's a significant gap, however, for "two box" solutions that only Blackberry and Apple fill today, as phone companions. Rubin said the system requirements supported QWERTY and large screen sizes, and Schmidt hinted at bringing the PC experience to mobile devices.
Android may yet find a niche in which to flourish.
http://www.theregister.co.uk/2007/11/05/google_android_announcement/
Wounder if it will be compatible with our devices... lets hope!
dferreira said:
Wounder if it will be compatible with our devices... lets hope!
Click to expand...
Click to collapse
Everithing is possible... even in our dreams
I know I've been waiting a while for this, figured i would give a heads up for anyone that wanted to know
http://blog.netflix.com/2010/11/netflix-on-android.html
Hi, this is Greg Peters, from Netflix product development. We recently announced the availability of Netflix on Windows Phone 7 devices, which, alongside the iPhone, represents the second mobile phone platform we have enabled for streaming from Netflix. Notably absent from current supported mobile devices is Android and I wanted to provide an update on where things stand with this important platform.
We regard Android as an exciting technology that drives a range of great devices that our members could use to instantly watch TV shows and movies from Netflix. We are eager to launch on these devices and are disappointed that we haven’t been able to do so already. The hurdle has been the lack of a generic and complete platform security and content protection mechanism available for Android. The same security issues that have led to piracy concerns on the Android platform have made it difficult for us to secure a common Digital Rights Management (DRM) system on these devices. Setting aside the debate around the value of content protection and DRM, they are requirements we must fulfill in order to obtain content from major studios for our subscribers to enjoy. Although we don’t have a common platform security mechanism and DRM, we are able to work with individual handset manufacturers to add content protection to their devices. Unfortunately, this is a much slower approach and leads to a fragmented experience on Android, in which some handsets will have access to Netflix and others won’t. This clearly is not the preferred solution, and we regret the confusion it might create for consumers. However, we believe that providing the service for some Android device owners is better than denying it to everyone.
We live to get Netflix on new devices, so the current lack of an Android-generic approach to quickly get to all Android devices is frustrating. But I’m happy to announce we’ll launch select Android devices that will instantly stream from Netflix early next year. We will also continue to work with the Android community, handset manufacturers, carriers, and other service providers to develop a standard, platform-wide solution that allows content providers to deliver their services to all Android-based devices. I’ll keep you updated on our progress.
Good to hear that. Now, WP7 owners can't say Android don't support netflix blah blah.
The X10 has an issue with the Bootloader being protected by Marlin DRM.
There is no obvious reason and no clear benefit to end users or the general public. Most likely a precautionary measure to ensure SE applications work as intended and to assist with purchases of games, music, updates to Android firmware (often mistakenly called ROM's) and features Sony Ericsson have not explained in any level of detail or even stated that it exists as part of their obligations and your rights to know as the consumer.
According to the W3C.
What are some potential invasions of privacy?
1. User authentication - current PKI protocols limit the degree of anonymity -- we need to know who are you so we can sue you if you infringe
2. Usage tracking for fraud prevention
OK. Now you have just purchased a Sony Ericsson Android phone and all your social network contacts from any social media site can be merged with your phone book, backed up into Google's Gmail and shared beyond any one or all of these service's. The man controlling 'everything' that happens on your device is SE.
The phone at core capability is able to run Ubuntu / Debian Linux, Windows, iPhone and emulate everything you might wish to or choose to. Thanks to this 'feature' in the form of the Marlin DRM and Seacert broadband bootstrap implementation being present on these phones... it isn't going to happen.
With the Xperia models, the entire operating system is virtualized on boot and impossible to modify the behavior of the boot loader, due to a very high grade encryption system, provided by Inter Trust.
Unlike HTC, Motorolla, Samsung (who own a stake in the Marlin DRM but choose not to use it for snooping or destroying the main purpose of Android phones) for that matter most other Android phone manufacturers, allow the boot loader to be modified without too much effort and load a custom bootloader for multiple firmwares.
e.g; Gingerbread 2.3.2 is the default o/s shipped with Sony Ericsson apps, you want to keep this but also load Honeycomb, or Gingerbread 2.3.3, a modified vanilla o/s without things like timescape and unnecessary apps that do nothing for saving battery life.. it's your phone and you should be able to have this choice, in fact the reason Android is open source, is stop one company from forming any kind of monopoly.
So what should DRM so for us?
Are there general requirements from the concept of free flow of information?
* avoid unnecessary use restrictions, respect fair use
* universal service --- equal and fair access right
* support variety of licensing options
* make it easy for users to act lawfully
* seamless operation, interoperability of DRMS
* Support Information Search(engines)
* make licensing easy to reduce transaction costs
* secure operating environment: integrity and availability of content
* avoid bottlenecks and monopolies when standardizing (production and distribution)
Conclusion:
* copyright laws give free hand to those who develop DRMS
* Only few compulsory requirements from Law, but Guidelines can be derived from Law
* when hesitating, think in terms of free flow of information
Now back on over in Android world at Google HQ...
On 24 September 2009, Google issued a cease and desist letter to the modder Cyanogen, citing issues with the re-distribution of Google's closed-source applications within custom firmware.
Even though most of Android OS is open source, phones come packaged with closed-source Google applications for functionality such as the application store and GPS navigation.
Google asserted these applications can only be provided through approved distribution channels by licensed distributors. Cyanogen complied with Google's wishes and is continuing to distribute this mod without the proprietary software.
He has provided a method to back up licensed Google applications during the mod's install process and restore them when it is complete.
The exact same principle can be done with SE closed source apps and SE do provide the source code for their firmwares as part of the open source license. Anyone withing to check this out can simply head over to http://developer.sonyericsson.com/wportal/devworld/technology/android/ and start developing straight away. The source code, test keys and everything you need is either there or linked from there back to the places you need to be.
Semcboot security algorithms are not required and serve no benefit. The day that SE stop's supporting updates for this device, the same as they did with the Xperia X10 at 2.1 Eclair, your phone will be useless and stuck with older versions of Android.
If this is acceptable and your not bother by having no bootloader mod's, a hack to be able to change firmware that may someday soon be blocked and privacy issues built in as a matter of due course that you were not even correctly informed of, except for via a specialist forum (your looking at it), then good luck with your Arc, Neo or Play.. and I suspect that there is the real rationale here - Play.
Marlin DRM exists in the PlayStation 3 for the market and guide as it does in the PSP and also will in the Xperia Play. SE became rather unhappy when the master cryptographic key to the PS3 was discovered and distributed on mass over the internet (I have a t-shirt with the codes printed...) as it bypassed their protection ad allowed among other things, pirated games to play and unauthorized content to loaded, custom operating systems etc..
Sony Ericsson watched carefully at HTC and thought about how best to implement all of their technology in an extremely secure manor and this is the result. It may actually benefit end users, so far Sony have yet to state their side of the story and will be looking forward to seeing posts on anything relevant in this thread, for anyone interested in the subject and for anyone thinking of buying an Arc.
Wish I had of known this information before I purchased my x10 but is it such a perfect world?
Isn't the X10 hackable?
This forum here has tons of custom roms for the X10
http://forum.xda-developers.com/forumdisplay.php?f=617
Sorry for the stupid question. I'm new to SE and considering an Xperia arc.
yoyohere2 said:
Isn't the X10 hackable?
This forum here has tons of custom roms for the X10
http://forum.xda-developers.com/forumdisplay.php?f=617
Sorry for the stupid question. I'm new to SE and considering an Xperia arc.
Click to expand...
Click to collapse
No it is not. We cannot get a newer Linux kernel with new feature hooks that support functions like tether and hotspot and speed or security improvements. All the roms just overlay newer Android on top of the older kernel.
Other phones have been fully hacked and can get a newer kernel to support the newer Android without any mismatched functions. The devs here have to work hard retrofitting Android.
Sent from my X10a using XDA App
well the X2 wasnt hacked yet
This thread shows how to root a X10.
http://forum.xda-developers.com/showthread.php?t=711907
So the xperia arc and xperia x10 can be rooted?
Geohot recently announced that he bought a Xperia x10 and will be first in cue for the Xperia play. Keeping his success in mind I've got a good feeling about it.
http://www.youtube.com/watch?v=dXxw71oxjxs
Vulnerability Allows Attackers to Modify Android Apps Without Breaking Their Signatures
This might be the reason why the new MF2 and ME6 are not downgradable and why the 4.2.2 update was delayed.
Source->http://www.cio.com/article/735878/V...ndroid_Apps_Without_Breaking_Their_Signatures
IDG News Service — A vulnerability that has existed in Android for the past four years can allow hackers to modify any legitimate and digitally signed application in order to transform it into a Trojan program that can be used to steal data or take control of the OS.
Researchers from San Francisco mobile security startup firm Bluebox Security found the flaw and plan to present it in greater detail at the Black Hat USA security conference in Las Vegas later this month.
The vulnerability stems from discrepancies in how Android apps are cryptographically verified, allowing an attacker to modify application packages (APKs) without breaking their cryptographic signatures.
When an application is installed and a sandbox is created for it, Android records the application's digital signature, said Bluebox Chief Technology Officer Jeff Forristal. All subsequent updates for that application need to match its signature in order to verify that they came from the same author, he said.
This is important for the Android security model because it ensures that sensitive data stored by one application in its sandbox can only be accessed by new versions of that application that are signed with the original author's key.
The vulnerability identified by the Bluebox researchers effectively allows attackers to add malicious code to already signed APKs without breaking their signatures.
The vulnerability has existed since at least Android 1.6, code named Donut, which means that it potentially affects any Android device released during the last four years, the Bluebox researchers said Wednesday in a blog post.
"Depending on the type of application, a hacker can exploit the vulnerability for anything from data theft to creation of a mobile botnet," they said.
The vulnerability can also be exploited to gain full system access if the attacker modifies and distributes an app originally developed by the device manufacturer that's signed with the platform key -- the key that manufacturers use to sign the device firmware.
"You can update system components if the update has the same signature as the platform," Forristal said. The malicious code would then gain access to everything -- all applications, data, accounts, passwords and networks. It would basically control the whole device, he said.
Attackers can use a variety of methods to distribute such Trojan apps, including sending them via email, uploading them to a third-party app store, hosting them on any website, copying them to the targeted devices via USB and more.
Some of these methods, especially the one involving third-party app stores, are already being used to distribute Android malware.
Using Google Play to distribute apps that have been modified to exploit this flaw is not possible because Google updated the app store's application entry process in order to block apps that contain this problem, Forristal said. The information received by Bluebox from Google also suggests that no existing apps from the app store have this problem, he said.
However, if an attacker tricks a user to manually install a malicious update for an app originally installed through Google Play, the app will be replaced and the new version will no longer interact with the app store. That's the case for all applications or new versions of applications, malicious or non-malicious, that are not installed through Google Play, Forristal said.
Google was notified of the vulnerability in February and the company shared the information with their partners, including the members of the Open Handset Alliance, at the beginning of March, Forristal said. It is now up to those partners to decide what their update release plans will be, he said.
Forristal confirmed that one third party device, the Samsung Galaxy S4, already has the fix, which indicates that some device manufacturers have already started releasing patches. Google has not released patches for its Nexus devices yet, but the company is working on them, he said.
Google declined to comment on the matter and the Open Handset Alliance did not respond to a request for comment.
The availability of firmware updates for this issue will differ across device models, manufacturers and mobile carriers.
Whether a combination of device manufacturers and carriers, which play an important role in the distribution of updates, coincide to believe that there is justification for a firmware update is extremely variable and depends on their business needs, Forristal said. "Ideally it would be great if everyone, everywhere, would release an update for a security problem, but the practical reality is that it doesn't quite work that way, he said."
The slow distribution of patches in the Android ecosystem has long been criticized by both security researchers and Android users. Mobile security firm Duo Security estimated last September, based on statistics gathered through its X-Ray Android vulnerability assessment app, that more than half of Android devices are vulnerable to at least one of the known Android security flaws.
Judging by Android's patch distribution history so far, the vulnerability found by the Bluebox researchers will probably linger on many devices for a long time, especially since it likely affects a lot of models that have reached end-of-life and are no longer supported.
Click to expand...
Click to collapse
I really thought more people would be interested in knowing this. I would really like to know what you guys think about this.
Key phrase here is "for apps not installed through the google store". Hence not an issue for a large fraction of users. Total case of FUD. Someone must be wanting to sell some av software.
Sent from my GT-N7100 using Tapatalk 4 Beta
Kremata said:
I really thought more people would be interested in knowing this. I would really like to know what you guys think about this.
Click to expand...
Click to collapse
Well, X-Ray scanner either does not detect this latest security flaw or N7100 (as of DM6) is allready patched.
Kremata said:
I really thought more people would be interested in knowing this. I would really like to know what you guys think about this.
Click to expand...
Click to collapse
This is the first link I found for XDA on this.
I think it's not that interesting because it's old, old news and exactly why it's being touted as a "new" discovery is beyond me, it's far from new.
We here at XDA have been using this method for years to modify stock Android and OEM system apps with great success. Here's an example by me from 2011: http://forum.xda-developers.com/showthread.php?t=994544 there's a literally hundreds of examples all over XDA.
The real question here is how Bluebox security got everybody to act as a PR machine for them. If they turn up at Black Hat with this "amazing discovery" they're going to get laughed off the stage.
djmcnz said:
This is the first link I found for XDA on this.
I think it's not that interesting because it's old, old news and exactly why it's being touted as a "new" discovery is beyond me, it's far from new.
We here at XDA have been using this method for years to modify stock Android and OEM system apps with great success. Here's an example by me from 2011: http://forum.xda-developers.com/showthread.php?t=994544 there's a literry hundreds of examples all over XDA.
The real question here is how Bluebox security got everybody to act as a PR machine for them. If they turn up at Black Hat with this "amazing discovery" they're going to get laughed off the stage.
Click to expand...
Click to collapse
Ahh! Thats the answer I was waiting for (and from a Recognized Developer). I knew XDA Devs were using this method. My new question is.. If they fix it will it be harder to create Mods? Will it slow down development?
Shouldn't this be posted in the generals forum?
Kremata said:
If they fix it will it be harder to create Mods? Will it slow down development?
Click to expand...
Click to collapse
I suspect so. If they fix it properly it would become impossible to change any aspect of the app without signing it again. If you wanted to maintain compatibility with the original then you'd need the developer's keys.
At the moment really only the manifest and some metadata within the apk is signed, if they extended that to the entire contents of the apk many mods (think themes for stock Google apps etc) are screwed unless users are happy to relinquish Play Store links and updates (i.e. backward compatibility).
Google may not go this far and may only choose to authenticate the code (smali) rather than all of the apk contents (graphics, strings etc), this approach would leave room for some mods to survive. Remains to be seen.
I have the 2012 Note 10.1 for personal use and have come to the unfortunate resolution that Android just isn't going to cut it from a business perspective. I am not putting the full blame on either the manufacturers or Android itself but without timely updates to a specific platform, I can not justify the use of these in a production environment. There is no way company can justify replacing their hardware yearly, or regularly, in order to get the latest features and security fixes that are provided in updates. Ignoring the additional features for the time being, from a security stand point there has to be a way to patch the devices in a timely manner. The additional features being provided drives the developers to migrate to the newer operating systems and leaving the old systems behind. A lot of times this creates a huge disadvantage in the fact you can run a particular application on one Android device but is unsupported on another.
Now to be fair. I am focusing on Android in this post but have tested Microsoft and iPad devices as well. All have certain advantages and disadvantages but the clear loser so far has been Android. If Android is going to survive in the business world, the manufacturers are going to have to step up and maintain their products actively for at least the full two years of their life expectancy.Android itself will have to hold the manufacturers accountable for keeping their devices maintained. From a personal use perspective, I think it is a great platform and love my Note 10.1. Would I like to see it get updated, I would love to see 4.4.2 on the device to allow me to run application I need that are no longer compatible with 4.1.2. However, I require vulnerability patches in a timely manner and that just isn't happening.
My last job had hired a full time developer to build a custom ROM and patch or update when needed for all the tablets being used on the floor. This approach worked for them because there was only one model in use across all departments.
You should blame Samsung for the late major update for GT-N80XX.
Android actively pushing regular update (minor & major).
Actually Samsung also pushing regular update, but it's only 1 major update (ICS to JB) & some minor/security updates.
If a business used the nexus tablets, they wouldn't have this problem.
theatomizer90 said:
If a business used the nexus tablets, they wouldn't have this problem.
Click to expand...
Click to collapse
Not necessarily true. Most current android version is 4.4.4 while my N7 LTE still sits at 4.4.3 with no update even spoken of. So if a business has data enabled tablets, they're still behind current version.
What OP posted doesn't really apply to large businesses. Between KNOX and other third party equivalents sensitive data is sandboxed and doesn't rely on the core B2C version of the OS to protect it. As much as Google may see Android's potential in the business environment no one I know in IT at a bunch of Fortune 1K companies is looking at mobile OS's (either Android or iOS) to replace desktop/laptops as "standard" issue. Tablet and smartphone apps have niche opportunities (commercial pilot manuals and logs, flight attendant passenger service tools, gate agent/hotel staff roaming terminals, sales people inventory access, remote staff automated forms, etc.) but migrating the entire enterprise to mobile architecture just doesn't make sense. So Android can't lose anything it never had and, outside Google's wishes, isn't seriously considered for. The lack of Chromebook adoption by the enterprise demonstrates their disinterest.
BarryH_GEG said:
What OP posted doesn't really apply to large businesses. Between KNOX and other third party equivalents sensitive data is sandboxed and doesn't rely on the core B2C version of the OS to protect it. As much as Google may see Android's potential in the business environment no one I know in IT at a bunch of Fortune 1K companies is looking at mobile OS's (either Android or iOS) to replace desktop/laptops as "standard" issue. Tablet and smartphone apps have niche opportunities (commercial pilot manuals and logs, flight attendant passenger service tools, gate agent/hotel staff roaming terminals, sales people inventory access, remote staff automated forms, etc.) but migrating the entire enterprise to mobile architecture just doesn't make sense. So Android can't lose anything it never had and, outside Google's wishes, isn't seriously considered for. The lack of Chromebook adoption by the enterprise demonstrates their disinterest.
Click to expand...
Click to collapse
Not sure if I totally agree with the application only being a niche market. I work for a call center and find that the tablets are becoming an indispensable tool. We have people walking the floor with these devices and using them to keep track of various statistics as well as using them to report potential issues. The ability to pull up data about current client information to respond in an almost instant manner has shaped things drastically. Having a sandbox is really great for protecting certain information, such as email, etc.. but can not protect the device data in flux, such as web browser content. If the system is compromised and access to the file system is obtained then all the data previously obtained becomes available to the attacker. Some measure can be made such as requiring Citrix as your primary form of connectivity but you are only pushing the security back to another device. The focus of this article was to point out the shortcomings of the this tablet as it pertains to the lack of updates.
Don't get me wrong, I truly love Android and will continue to use it as a personal device. However, there is no way I can risk releasing these devices into a production environment without the proper support. And yes, I blame the manufacturer for release and forget, and I blame Android for not enforcing the manufactures to keep these update. It is crucial to both parties to work together and produce something that is not just desirable but maintained for a reasonable amount of time. If Android could come up with a way to provide updates to devices directly and bypass the manufacturer they would have an unbeatable platform.
Zeab said:
Not sure if I totally agree with the application only being a niche market. I work for a call center and find that the tablets are becoming an indispensable tool. We have people walking the floor with these devices and using them to keep track of various statistics as well as using them to report potential issues. The ability to pull up data about current client information to respond in an almost instant manner has shaped things drastically. Having a sandbox is really great for protecting certain information, such as email, etc.. but can not protect the device data in flux, such as web browser content. If the system is compromised and access to the file system is obtained then all the data previously obtained becomes available to the attacker. Some measure can be made such as requiring Citrix as your primary form of connectivity but you are only pushing the security back to another device. The focus of this article was to point out the shortcomings of the this tablet as it pertains to the lack of updates.
Don't get me wrong, I truly love Android and will continue to use it as a personal device. However, there is no way I can risk releasing these devices into a production environment without the proper support. And yes, I blame the manufacturer for release and forget, and I blame Android for not enforcing the manufactures to keep these update. It is crucial to both parties to work together and produce something that is not just desirable but maintained for a reasonable amount of time. If Android could come up with a way to provide updates to devices directly and bypass the manufacturer they would have an unbeatable platform.
Click to expand...
Click to collapse
Anytime a serious security breach that can be used from without to effect changes on a device have come to light I have seen updates come out on all my tablets and phones, which is blessedly rare. Android does not operate in the way you are thinking. There is no need to constantly shove out security updates like windows. The system is pretty well secure unless you unsecure it yourself, new versions of the OS usually just add functions, however there is a current (when is there not?) RUMOR of a adobe bug on all versions of android lower than 4.0. Personally I still prefere windows for business simply because of ease of function and with baytrail cpu's and even more promising hardware coming this year I find no reason not to use windows for hard business needs if your business can benefit from tablet use. There are a plethora of cheap windows tablets coming and the current hp omni 10 is powerful enough to suit any light tablet buisness needs for just 299.00 if your business needs more power pay the premium for a surface pro with a full on i3,5,7 cpu fully capable of doing the work of a high end laptop. All that said, I feel Android is if anything more secure than a windows machine. Nothing comes in unless you invite it. Updates not needed until such time as Android can add base functionality in the realm of windows 7, and it is close imho.
Check the trends
Have to agree with Zeab. The university I work for is now supporting apple mobile devices but not android. And despite my having pressured for some support, what support is was for android devices is disappearing. Why ?
Android from one device to the next is different enough to make support difficult if not impossible. Providing advice on connections to secure servers and use of common software falls foul of the same issue.
Android device manufacturers have attempted to sequester their market by creating difference, but all they'll achieve is failure. Add to that the early obsolescence they have engineered and android is dying, even as its market share grows!
We now as a family have windows, apple and android devices. If I include TVs and media devices the list lengthens. The only option that provides continuity of operating system and software, and longer term support with updates is Apple. Given the way Microsoft has gone off the rails with windows 8.1 (I really do believe that OSs should make my computing experience easier, not harder), I think we will be going Apple in the future.