Hacker News new | ask | show | jobs
by devit 3874 days ago
This is why you should use Firefox for Android: it's a great browser (even offering extensions such as uBlock Origin), but it has very little marketshare and is thus unlikely to be attacked.

This is also part of the reason a frequently updated Android distribution (Nexus or CyanogenMod) might in fact be more secure than iOS, where you are forced to be vulnerable to Apple's Webkit engine.

The same reasoning also applies to such updated versions of Android: the vast majority of people use outdated Android versions, so it's less likely that people would bother developing exploits for the latest Android version, as opposed to the latest version of iOS.

Obviously this is a self-defeating prophecy, but hopefully a proper securely isolated mobile OS will become available before things change.
4 comments
ams6110 3874 days ago
I tried it on my Android phone a while ago, and my (unscientific) conclusions are that it's slower, more resource intensive, and drains the battery faster than using the default Chrome browser.
link
AdmiralAsshat 3874 days ago
The article made it sound as though the vulnerability was in Javascript V8 itself. In which case, if Firefox supports it, wouldn't it be just as vulnerable?
link
epmatsw 3874 days ago
AFAIK Firefox on Android doesn't run on V8, it uses the usual Firefox JS engine
link
UnoriginalGuy 3874 days ago
I use Firefox for Reddit.com (Chrome keeps freezing when I hit the [-] buttons on long comment threads); but holy heck does it drain battery like crazy.

I could use Chrome or Chrome Beta all day long and my phone doesn't get hot and the display is the biggest battery hog, I run up Firefox and the thing turns noticeably hot and Firefox overtakes the display for battery usage.

link
blisterpeanuts 3874 days ago
So, are there more exploits for iOS out there? I had the impression that Android has more. Also, this particular one is a browser JavaScript problem that affects multiple android versions, is it not?
link
mtgx 3874 days ago
> So, are there more exploits for iOS out there? I had the impression that Android has more.

But that was his point - he was referring to Nexus-only (or CyanogenMod), not "Android", where 87% of the devices are vulnerable to least one of the 11 vulnerabilities tested below, because of their lack of (fast) updates:

http://androidvulnerabilities.org/

link
blisterpeanuts 3874 days ago
He said:

a frequently updated Android distribution (Nexus or CyanogenMod) might in fact be more secure than iOS, where you are forced to be vulnerable to Apple's Webkit engine.

I took that to mean that Apple devices are more vulnerable because they are infrequently updated, as compared to Android. Google and its partners do release fairly frequent (every 3-4 months) dot releases of webkit, Chrome, and the entire OS, to add features and address vulnerabilities.

By contrast, Apple's release schedule is rather monolithic and their superior security is based on a more tightly controlled platform.

link
gcb0 3874 days ago
Android has more if you're on the bleeding edge and installing fart apps.

if you're on 4.4 with Firefox+no script you're fine. IOS won't let you have a setup like that...

link