The Android 'Toxic Hellstew' Survival Guide

Discussion in 'Android Tablet News Depot' started by Spider, Jun 10, 2014.

  1. Spider

    Spider Administrator Staff Member

    Joined:
    Mar 24, 2011
    Messages:
    15,413
    Likes Received:
    1,784
    Trophy Points:
    1,000
    Location:
    Chicago, IL
    Tablet / Device:
    NOOK Tablet Stock NOOKcolor Rooted/Flashed Nexus 7 (2013) 32GB Stock
    Summary: Android itself is a strong operating system, but the way that the platform is delivered to end-users is critically flawed. This survival guide gives Android users the information they need to stay safe.

    [​IMG] By Adrian Kingsley-Hughes for Hardware 2.0 |June 9, 2014 -- 18:19 GMT (11:19 PDT)

    Earlier this year I wrote about the sorry state of Android. In that piece I pointed out that rampant fragmentation of versions, combined with the reluctance of hardware makers and the network carriers to push updates out to users, was turning Android into a "toxic hellstew" of vulnerabilities.

    Fast forward to last week, when Apple CEO Tim Cook took my headline and gave it airtime during the WWDC keynote speech, and the Hardware 2.0 mailbox is brimming with people wanting to know one thing:
    "I'm an Android user. What can I do to protect myself?"


    [​IMG]
    (Source: Apple)

    Before we go on to answer that, let's get a better handle on the problem.

    A painfully flawed update mechanism

    Android itself is a strong operating system, but the way that the platform is delivered to end-users is critically flawed. Rather than taking the iOS approach where updates are sent to users directly, Google chose to adopt a much more convoluted approach.

    Whenever Google releases either an update to Android – whether that be a tweaks and bugfixes or critical patches for serious flaws – or a completely a new version of operating system, the code then goes to device OEMs to be customized with their own tweaks and personalizations. Then, for smartphones and tablets that are hooked to a carrier contract, the carriers then get a chance to add their own branding.

    Not only is this a long chain, but the problem is made exponentially worse by the fact that neither the OEMs nor the carriers feel there's much of a benefit in pushing free software updates to customers, and would much rather focus on selling those people a new device.

    One of the biggest problems with this fragmentation is that a huge number of users – numbering the hundreds of millions – are being left vulnerable to malware and data theft as a result of bugs and vulnerabilities in the code.

    [​IMG]
    (Source: Apple)

    [​IMG]
    (Source: Apple)

    Deep integration with Google products and services

    Another problem with Android is how deeply integrated the operating system is with Google products and services, and this can mean that when users do get updates, this can have unexpected consequences.

    Take, for example, the issue highlighted by ZDNet's Violet Blue the other day.
    "In the background, Google+ began "unifying" people's identities (combining its background matching of users names and profiles) in Android address books. […] Users found out in January 2014 when Google+ force-integrated chat and SMS into "hangouts" in the Android 4.4 "KitKat" update.
    At-risk users were disproportionately affected, most especially transgender people who needed to keep their identities separate for personal safety and employment reasons.
    One woman was outed to a co-worker when she texted him, and risked losing her employment."

    Make no mistake about it; this drive by Google to integrate its products and services into Android contributes to the toxic hellstew. Google's billions aren't coming from selling consumer electronics, or licensing software and services, its money comes from advertising revenue, and the more and better it knows Android users, the better it can target them with ads.

    At the heart of the problem is a lack of empathy

    So, on the one hand you have consumers who aren't getting updates, and that is putting their data at risk, while on the flipside you have users who are getting updates, but those updates are experiencing painful data leakage because of Google's desire to know more about people.

    While I agree with ZDNet's Jason Perlow Google is chasing revenue, I believe that the bigger problem is that Google lacks the empathy to properly connect with consumers. Google is a tech company led by very brainy tech people, but in my experience, these people have a hard time seeing the human element in things. It is a company populated by people who don't understand why users don't get updates, and can't see what's wrong with integrating user's Google+ identities with their SMS identity.

    Android survival kit

    OK, so you're running an Android device – or maybe you're planning to do that, or maybe you're an IT admin having to support an ever-increasing number of Android devices coming through the door – what do you do?

    Here's my Android survival guide:


    1. Know the risks: If you are not running Android version 4.4, codenamed KitKat, then you're running an outdated version that won't be getting any bug fixes or updates. Don't believe me? The last update for Android 4.3 Jelly Bean was released October 2013, while Android 4.1 and 4.2 – both also codenamed Jelly Bean – haven't seen an update since October 2012 and February 2013 respectively. That's eons ago in internet time.
    2. Check your Android version: Now you know the risks, check what version you are running (Settings> About phone or About tablet).
    3. Be careful what you tell Google: Google is a data aggregation machine, so if there's something you don't want the world to know, don't tell Google. At the very least be careful what Google account you tie to your Android device. Sure, this is highly inconvenient, but Google choose to make it that way because it is in its best interests to do so.
    4. The best way to get updates: If you want to make sure that you get regular updates is to buy either a Google Nexus device, or an unlocked Motorola device. This will cost you more – much more – but it will mean that you are sent updates direct from Google HQ.
    5. Passcode and encryption: Use a secure passcode and be sure to encrypt your data to prevent it falling into the wrong hands (Settings > Security > Encrypt phone or Encrypt tablet). Note that encryption can mean slower performance, and it is a one-way process.
    6. Alternatively, go with Amazon: Amazon's Kindle Fire tablets used a forked version of Android and get their updates directly from Amazon. Given the broad range of BYOD features baked into the new Kindle Fire HDX tablet, this might be a great choice for those looking for a business tablet.
    7. Install security software: There are plenty of good apps to choose from.
    8. Install software only from trusted sources: And even then, don't go installing junk just for the sake of installing it.
    9. Don't root your device: This increases the device's vulnerability to rogue code.
    10. Enterprise folks: Have a clear security policy and make sure everyone understands it. Also, install endpoint software to control what devices can and cannot access the network. Consider blocking all devices running old versions of Android, along with all devices that have been rooted.
     
  2. edap

    edap Senior Member

    Joined:
    Dec 12, 2012
    Messages:
    1,120
    Likes Received:
    106
    Trophy Points:
    162
    Location:
    Wasaga Beach, Ontario CANADA
    Tablet / Device:
    Acer Iconia A110
    Ok. So, here's the bad news, first: I have an outdated version that won't be getting any bug fixes or updates. Now, the good news: my Android device isn't rooted!
     
  3. Spider

    Spider Administrator Staff Member

    Joined:
    Mar 24, 2011
    Messages:
    15,413
    Likes Received:
    1,784
    Trophy Points:
    1,000
    Location:
    Chicago, IL
    Tablet / Device:
    NOOK Tablet Stock NOOKcolor Rooted/Flashed Nexus 7 (2013) 32GB Stock
    My good news is the Nexus 7 (2013) just updated to Android 4.4.3 (Build KTU84L).:eek:
     
  4. Traveller

    Traveller Super Moderator Staff Member

    Joined:
    Jun 16, 2012
    Messages:
    2,275
    Likes Received:
    877
    Trophy Points:
    460
    Tablet / Device:
    Coby Kyros MID9742, Dell Streak 5, Samsung Galaxy S4, Nexus 6
    The bad news:
    • I have an outdated version (Dell Streak: 2.3.7; Coby Kyros: 4.0.3) that won't be getting any bug fixes or updates.
    • I'm rooted (necessary, see below).
    • I don't encrypt my data.

    The good news:
    • The Streak runs my personal custom ROM. One feature of this ROM is updated SSL ciphers. These ciphers implement forward secrecy, just like Chrome does.
    • I keep my private details off Google+, though I do have my sole Google account linked to the devices. Google+ sits there virtually unused, and GMail hardly ever sees any email, unless I send it to myself: a convenient trick I use for file transfers on occasion.
    • I have Avast installed on the Streak and AFWall+ installed on the tablet. Rooting the tablet is necessary for the firewall portion of Avast or AFWall+ to function, since both edit the device's IP tables.
    • Google Play, Amazon Appstore, and FDroid are where I go for apps. I also pull apps from XDA Developers on occasion, but I also know what I'm doing. :)
     
  5. edap

    edap Senior Member

    Joined:
    Dec 12, 2012
    Messages:
    1,120
    Likes Received:
    106
    Trophy Points:
    162
    Location:
    Wasaga Beach, Ontario CANADA
    Tablet / Device:
    Acer Iconia A110
    Just because the user of an older Android OS device hasn't received a major software update in over a year doesn't mean it's unprotected (as this article would have readers believe). Google regularly provides software updates to keep users safe.

    http://www.androidcentral.com/solving-impossible-problem-android-updates

    http://arstechnica.com/gadgets/2013/09/balky-carriers-and-slow-oems-step-aside-google-is-defragging-android/

    http://en.wikipedia.org/wiki/Google_Play_Services
     
  6. Spider

    Spider Administrator Staff Member

    Joined:
    Mar 24, 2011
    Messages:
    15,413
    Likes Received:
    1,784
    Trophy Points:
    1,000
    Location:
    Chicago, IL
    Tablet / Device:
    NOOK Tablet Stock NOOKcolor Rooted/Flashed Nexus 7 (2013) 32GB Stock
    But only for tablets with Google Play Services installed.:(
     
  7. edap

    edap Senior Member

    Joined:
    Dec 12, 2012
    Messages:
    1,120
    Likes Received:
    106
    Trophy Points:
    162
    Location:
    Wasaga Beach, Ontario CANADA
    Tablet / Device:
    Acer Iconia A110
    Right on. "Install software only from trusted sources." Anything else is junk!
     
  8. DeboraLee

    DeboraLee Junior Member

    Joined:
    Oct 16, 2014
    Messages:
    1
    Likes Received:
    0
    Trophy Points:
    2
    "I'm an Android user. What can I do to protect myself?"
     
  9. Spider

    Spider Administrator Staff Member

    Joined:
    Mar 24, 2011
    Messages:
    15,413
    Likes Received:
    1,784
    Trophy Points:
    1,000
    Location:
    Chicago, IL
    Tablet / Device:
    NOOK Tablet Stock NOOKcolor Rooted/Flashed Nexus 7 (2013) 32GB Stock
    Hi DeboraLee, welcome to the forum. Nice of you to become a member of Android Tablets. The "Android survival kit" section of the first post covers that pretty well. In particular, items 7, 8, and 9.
     

Share This Page

Search tags for this page

android hellstew