As @matthew_d_green points out, the lock screen is functionally the last line of defense on an Android phone, so "it's almost not broken" is not a reassuring consolation. I agree that the phones Google makes are the safest, but they are not safe enough, and that is on Google
-
-
Read the paper. Nexus devices were immune to the lock screen bypass. Lock screen bypass was specific to some OEM phones.
1 reply 1 retweet 7 likes -
-
Well, if we’re talking about theoretical vulnerabilities, couldn’t iBoot be theoretically vulnerable too? I still think Apple is being given too much of a pass here…
1 reply 0 retweets 2 likes -
Well, there’s a specific citation there. And it refers to a bunch of concrete vulns (now hopefully fixed!) in Nexus phones. And yes, Apple deserves their own crap (think GrayKey) but the Android stuff seemed sloppier.
2 replies 0 retweets 3 likes -
I guess, but vuln counting as a method of comparison is poor. Maybe comparing apis (eg file encryption) gives you a sense of platform priorities, but even that’s tough. I’d recommend iOS because it’s hard to know *which* android oems are safe, but not because “upper management.”
1 reply 0 retweets 2 likes -
I don’t think that’s valid at all. Apple has consistently led on security and privacy issues. The encryption API we discussed is a great example of that. A huge amount of engineering effort went into a feature that only a few apps use & that also seriously pissed off the FBI.
1 reply 0 retweets 5 likes -
Replying to @matthew_d_green @spongeclipper and
That isn’t the kind of decision that turns on low level employees having passions, or some vagaries of hardware. Android eventually copied many aspects of Apple’s FBE, but only after several years — and incompletely.
1 reply 0 retweets 3 likes -
Replying to @matthew_d_green @spongeclipper and
And vulnerability counting isn’t the whole story. The whole story is that Apple has much more control of the hardware, while Google (even in its own phones) has largely been assembling their own (much less widely sold) product lines from other parts.
1 reply 0 retweets 5 likes -
Replying to @matthew_d_green @spongeclipper and
I’m not gonna go too far down this line because I’m not a hardware expert and it’s just speculation. But it’s hard for me to believe that Google and Apple are getting the same economies of scale on security spending, given the relative sales of their respective product lines.
2 replies 0 retweets 2 likes
I think you can get better security through controlling the whole stack. But that doesn’t mean you’re under some moral obligation to. It’s silly to suggest that Google employees should be forming a labor union to demand more vertical integration in their product lines.
-
-
Wha?
1 reply 0 retweets 2 likes -
(
@Pinboard has been agitating for a long time for Google employees to unionize to demand better security for Android, which is unreasonable.)2 replies 0 retweets 2 likes - 6 more replies
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.