[tpallarino]

As someone who goes as long as possible without performing updates, this is exactly the reason why.

Example: Last time I updated my iPhone, the music app got an update and now they are trying to shove iCloud down my throat. Not to mention needless UI changes when I was more than satisfied with how it was before.

[alphonsegaston]

I understand this entirely, but there are some pretty bad iOS vulnerabilities out in the wild now (e.g. KRACK wpa2). It’s pretty dangerous to avoid updates nowadays.

I think what needs to happen across the industry is a complete decoupling of “feature” from security patching. Too many people are exposed because of exactly the kind of unwanted UI upgrades you describe.

[WillReplyfFood]

Better have a bricked phone but secured phone? That is basically your argument?

Security is used to euthanize perfectly working systems and harass users for money. Security has become dangerous for the user in that aspect.

[Quarrelsome]

> Security is used to euthanize perfectly working systems and harass users for money

That's a cynical and paranoid mindset. Bloat is a lazy tendency not a malicious evil and developers tend to optimise for the latest and greatest if left unchecked and forced to consider backwards compatibility.

> Better have a bricked phone but secured phone?

lets just say don't do any financial transactions on the device or appreciate the general openness of your phone to malicious actors who might use it for nefarious purposes.

[quanticle]

That's a cynical and paranoid mindset. Bloat is a lazy tendency not a malicious evil and developers tend to optimise for the latest and greatest if left unchecked and forced to consider backwards compatibility.

As a user, do I care whether my phone is unusable because the developers wanted specifically to render older hardware unusable or whether it was just through their negligence in failing to consider older devices? Stupidity or malice, the result is the same.

lets just say don't do any financial transactions on the device or appreciate the general openness of your phone to malicious actors who might use it for nefarious purposes.

I keep hearing this, but what's the actual presence of malware on Android? If you're not installing shady apps from the Play Store, what's your actual level of risk? Android, even old versions of Android, are far harder to reliably exploit than say, unpatched Windows. As long as you're not installing free-to-play flashlight apps that require every permission under the sun, I'd say your exposure to malware on Android is far less than it is on PC. For the average user, they're still probably better off conducting financial transactions on their phone than conducting those same transactions on their malware ridden laptops.

[Quarrelsome]

> Stupidity or malice, the result is the same

Yes but whether we attribute the intent to stupidity or malice is important as per the general health of our thought process. Its likely laziness combined with malice when its noted. I imagine a dev getting up in arms about package size and then when the issue is raised its not given high priority because someone twigs the convenient side effect. That's the worst case. Either way the mindset of paranoia is warped and self centred. Its not because they're thinking of forcing you to upgrade its more because they're _not_ thinking of you and instead the wide-eyed new sales opportunities that ship with greater disc space.

> I keep hearing this, but what's the actual presence of malware on Android?

oh wow, you're gonna play this game? I could tell you that its perfectly safe to trace the outline of a cliff with your feet and in many, many cases its going to be absolutely fine until the one case where the earth gives way and its not.

Let me put it this way; when I see the tagline:

> there are over a billion outdated Android devices

my first thought is:

> what's the most effective exploit to tap into that market?

the existence of security flaws encourages action and the hubris of not updating is the clarion call to those that exercise the exploits.

> I'd say your exposure to malware on Android is far less than it is on PC

This. What is this? This is complete conjecture. Get out of here.

[virgilp]

> my first thought is:

> > what's the most effective exploit to tap into that market?

So??? What is it? Do let us know.

I'd venture to say that the fragmentation of that market makes it reasonably secure. Just like how the average router is incredibly insecure, and yet you don't advise people to avoid e-banking and just deal with their money in paper form and through face-to-face contacts.

Yes, you are technically right. But @quanticle is right, in practice: unless those users do some very stupid shit, they're pretty safe doing ebanking on their phones. (and those who do the "very stupid shit" are likely to do it on their computers, too)

[quanticle]

Where are the Android LSASS worms? Or Android SQL Slammer? Or Android ILoveYou? Or Android NotPetya? Or any one of the literally hundreds of well-known malware strains that make the news every time they infect a few million PCs? Malware on Android certainly does exist, but the fact that Android has been out for this long, with this many outdated devices, and we haven't seen a single mass infection yet means that Android isn't as easy to exploit on a mass scale as people make it out to be.

I'm not claiming that Android is safe. Nothing is safe. But it does security professionals no good to be alarmists. If we cry wolf about literally every technology that ordinary people use, the result is not people giving up technology. The result is people ignoring security professionals.

If an ordinary user came to you and asked, "Where should I do my banking? On my phone or on my PC?" what would your answer be?

[viraptor]

> I keep hearing this, but what's the actual presence of malware on Android? If you're not installing shady apps from the Play Store, what's your actual level of risk?

I wish I could quantify that. It's a hard task. But the store is not the only possible vector. On an old Android you're running a very outdated version of Chrome when looking at any pages / ads. That would be the most exposed/insecure element in the system.

[vetinari]

Chrome on Android is updated separately from the OS release. Even old Androids have new Chrome. This is not the Safari-on-iOS situation.

The same is valid for the system WebView, but "only" since Android 4.4. It is updated via Play Store, independently from the base system.

[Quarrelsome]

there are bluetooth exploits and network adapter exploits which are for more localised fun.

[amelius]

That's one reason I'm still hoping for a Linux/Firefox phone.

[pksadiq]

> That's one reason I'm still hoping for a Linux/Firefox phone.

You should rather hope for GNU/Linux phones. Linux devices (without the GNU part) is most of the time, just another locked device (see your Android phone, router, TV, etc).

The presence of GNU software pieces (or any software licensed under GNU [LA]GPL v3+) ensures the device is free of locks (or with user breakable locks).

[jhasse]

> The presence of GNU software pieces (or any software licensed under GNU [LA]GPL v3+) ensures the device is free of locks (or with user breakable locks).

That's not true, as the Linux kernel is still GPLv2. So while you could swap out the userspace GNU utils, the device manufacturer can still lock the bootloader which is perfectly fine with the GPLv2.

Even if the bootloader is unlockable (e.g. LG allows this btw), you will most likely be stuck to a specific kernel version due to proprietary binary blobs which nearly every phone uses.

So instead of a GNU/Linux phone, you should rather hope for a phone with complete open source drivers (or a GPLv3 kernel).

[pksadiq]

> That's not true, as the Linux kernel is still GPLv2. So while you could swap out the userspace GNU utils, the device manufacturer can still lock the bootloader which is perfectly fine with the GPLv2.

Yeah, probably. But the presence of packages like GNU libc can make it harder for the manufacturer to lock the device.

> ... kernel version due to proprietary binary blobs which nearly every phone uses.

Sadly, binary blobs are always an issue. In the case of Linux, this happened because many Linux developers don't care about binary blobs. If they did, you won't see any binary blobs (as it is a violation of GNU GPL).

> ... with complete open source drivers

My main point was to quote that 'open source' doesn't solve these issues. We should take software freedom more seriously.

> ... (or a GPLv3 kernel).

I wish we will not have to wait until the human civilization end in fire to see this.

[noobermin]

There's not much left to hope for as every platform that attempted one has fizzled out.

[la_oveja]

You can already have a Linux phone.

[amelius]

But it doesn't run my banking app.

[vetinari]

Your bank doesn't have a website?

[la_oveja]

Go ask your bank an app for Linux.

[jhasse]

Most banking apps are available for Android, which uses the Linux kernel.

[nowherecat]

How about Purism's Librem 5? https://puri.sm/shop/librem-5/

Librem 5, the phone that focuses on security by design and privacy protection by default. Running Free/Libre and Open Source software and a GNU+Linux Operating System designed to create an open development utopia, rather than the walled gardens from all other phone providers.

[zingmars]

Isn't out yet and from what I can tell they haven't released much info about it yet. Maybe will be worth revisiting the idea when it's actually released.

[Tepix]

If they release it with the slow outdated i.MX 6 CPU it will be terrible. Let's hope it will be the i.MX 8.

[akoncius]

It’s not “perfectly working” if it is wulnerable to many hacks.

[atomicnumber1]

Google kind of does that but OEM does not seem to implement them into their phones.

[miguelrochefort]

Dangerous?

What's the worse that could happen?

[fulafel]

Do you mean the worst that could happen to you personally or the worst for everyone?

When your device is compromised by hostile actors I guess it depends on what your nightmares are, but getting framed for child pornography and/or blackmailed for it is a popular one. Or getting your cloud accounts hijacked and all your stuff compromised. Or getting the bad guys access to your employer's network. Etc.

Collectively a widespread Android device botnet could take down a lot of infrastructure, or start a war, or ruin everyone's days with ransomware. I'm sure more imaginative people have thought about it.

[willstrafach]

1. Ability to passively decrypt network activity (KRACK).

2. Ability to throw a fully persistent implant onto the device (via Wi-Fi exploit + pivot to AP kernel exploit)

[mindslight]

Most phones already come with two persistent implants - the user-antagonistic OS, and the baseband processor!

I'm all for trusting computing devices to act as one's agents, but attempting to do so with anything resembling a modern mobile phone is barking up the wrong tree.

Even though just having one means taking the location-tracking hit from negligently designed cellular protocols, further exposure can be mitigated by using these little snitches for as little personal activity as possible.

[alsetmusic]

At some point, reckless behavior affects people beyond the individual. I am irritated that people allow their systems, networks, devices etc to become compromised, thus becoming the assets of malicious actors. Most of the people in this category have are not particularly savvy, which doesn’t give them an out so much as it explains the predicament. However, you are demonstrating that you choose to be in this category, despite understanding the problem. You are letting your personal convictions get in the way of good judgement. You now shoulder responsibility for knowingly making the world a little less safe for the population at large.

[mindslight]

It's very fucking weird that by pointing out the larger non-corporate context of digital security, it's being inferred that I deliberately do not secure my devices. I guess by not toeing the AppGoogAzon "Security (TM)" marketing lines, I just end up in that "other - outsider" category, and must be wrong.

I already explained a mechanic of causality whereby assorted end nodes being owned up actually increases our security, as it helps keep at bay the simplistic/totalitarian philosophy of tracking/controlling communication. But don't let that get in the way of the malunderstanding that is ultimately driving this nebulous desire for promised "security".

[tscs37]

Your phone will probably turn up in a botnet soon enough, but atleast you had the moral high ground.

[Doctor_Fegg]

Do you have an actual number for "probably" - assuming normal browsing habits (i.e. not to the sort of porn site with a higher likelihood of installing malware), and an outdated version of iOS or Android?

How is that number changed by not using public wifi?

[mindslight]

Oh no, not a month's allocation of mobile data down the drain!

An impersonal passive botnet would likely do less damage than status quo "apps" that are built to siphon as much personal data as possible.

Never mind these few Mifi devices that I have - default configs that listen on wan telnet with static passwords! Well known domestic manufacturer, not worth attempting to report - the manufacturer obviously did not care, has long moved on, and there's countless other models with the same problem.

The panacea of every node being secure with an identifiable owner fell apart long ago. You can either cling to that belief in a fundamentalist manner (and prop up the totalitarians who wish to track communication ever more). Or you can work on understanding how non-technical people actually attempt to moderate their own exposure to these insecure-by-design surveillance devices.

[PhasmaFelis]

> Most phones already come with two persistent implants - the user-antagonistic OS, and the baseband processor!

I don't trust Apple or Google to have my best interests at heart at all, but I am quite confident that neither of them will literally try to extort me with ransomware or kiddie porn. It's weird that you're equating the two.

[staticassertion]

Most people are willing to accept the risk that the NSA is listening in on them. Most people are not willing to accept the risk of an arbitrary person being able to steal their identity.

[junkscience2017]

That already happened as a result of Equifax. Your SSN is no longer secret...so rejoice, you are free to choose whatever phone you like!

[mindslight]

If one's "identity" is so bland that it can be trivially "stolen", then perhaps it's not much of an identity after all.

[Analemma_]

This all might be true, but as a reason to not install patches, it still makes no sense. If you don’t trust the baseband or the OS, why did you buy the phone to begin with? You trust iOS n, but not iOS n+1?

[mindslight]

One is forced to buy a phone, as an expectation/requirement of modern society. This does not imply they wish to spend even more money in support of the broken ecosystem every year/six months/etc.

[viraptor]

Similar questions were likely asked by owners of insecure routers/cameras before they got hit with Mirai

[adrianN]

If only security updates were unbundled from feature updates one could update with fewer worries.

[viraptor]

Multiple release breaches are a pain for many reasons. It's very unlikely that companies would spend time doing that, even if they were given a chance to do so.

[Bartweiss]

I can certainly see why multiple branches aren't popular - device fragmentation is bad enough without trying to identify which update branches are affected by some new security bug.

That said, I think companies that require up-to-date devices for security fixes deserve less leeway about the contents of their non-security releases. I've gotten multiple smartphone updates which I considered entirely harmful - they traded cosmetic or vendor-friendly changes against worse battery/performance/usability - and I think "let us break your device or you can't have security" is an unacceptable proposition.

[deftturtle]

Exactly. Apple needs to separate UI and security releases until they can work out the bugs. So many issues with new updates and UI glitches.

[Darthy]

It's more than UI changes: the update from iOS10 to 11 removed support for 32bit applications, rendering dozens of applications that I use daily (and have paid for a lot of money) unusable. So now I have to decide between two bad options - not being secure or losing all that invested money.

[pishpash]

With the incentive structure of updates with certain popular software not supported by other revenue, you're always going to get a worse version (more ads, less features), to such an extent that I turn off all updates and only whitelist a few. Permissions are the ways to lock down phones, and security patches, not the permanent beta that is updates.