[alphonsegaston]

I understand this entirely, but there are some pretty bad iOS vulnerabilities out in the wild now (e.g. KRACK wpa2). It’s pretty dangerous to avoid updates nowadays.

I think what needs to happen across the industry is a complete decoupling of “feature” from security patching. Too many people are exposed because of exactly the kind of unwanted UI upgrades you describe.

[WillReplyfFood]

Better have a bricked phone but secured phone? That is basically your argument?

Security is used to euthanize perfectly working systems and harass users for money. Security has become dangerous for the user in that aspect.

[Quarrelsome]

> Security is used to euthanize perfectly working systems and harass users for money

That's a cynical and paranoid mindset. Bloat is a lazy tendency not a malicious evil and developers tend to optimise for the latest and greatest if left unchecked and forced to consider backwards compatibility.

> Better have a bricked phone but secured phone?

lets just say don't do any financial transactions on the device or appreciate the general openness of your phone to malicious actors who might use it for nefarious purposes.

[quanticle]

That's a cynical and paranoid mindset. Bloat is a lazy tendency not a malicious evil and developers tend to optimise for the latest and greatest if left unchecked and forced to consider backwards compatibility.

As a user, do I care whether my phone is unusable because the developers wanted specifically to render older hardware unusable or whether it was just through their negligence in failing to consider older devices? Stupidity or malice, the result is the same.

lets just say don't do any financial transactions on the device or appreciate the general openness of your phone to malicious actors who might use it for nefarious purposes.

I keep hearing this, but what's the actual presence of malware on Android? If you're not installing shady apps from the Play Store, what's your actual level of risk? Android, even old versions of Android, are far harder to reliably exploit than say, unpatched Windows. As long as you're not installing free-to-play flashlight apps that require every permission under the sun, I'd say your exposure to malware on Android is far less than it is on PC. For the average user, they're still probably better off conducting financial transactions on their phone than conducting those same transactions on their malware ridden laptops.

[Quarrelsome]

> Stupidity or malice, the result is the same

Yes but whether we attribute the intent to stupidity or malice is important as per the general health of our thought process. Its likely laziness combined with malice when its noted. I imagine a dev getting up in arms about package size and then when the issue is raised its not given high priority because someone twigs the convenient side effect. That's the worst case. Either way the mindset of paranoia is warped and self centred. Its not because they're thinking of forcing you to upgrade its more because they're _not_ thinking of you and instead the wide-eyed new sales opportunities that ship with greater disc space.

> I keep hearing this, but what's the actual presence of malware on Android?

oh wow, you're gonna play this game? I could tell you that its perfectly safe to trace the outline of a cliff with your feet and in many, many cases its going to be absolutely fine until the one case where the earth gives way and its not.

Let me put it this way; when I see the tagline:

> there are over a billion outdated Android devices

my first thought is:

> what's the most effective exploit to tap into that market?

the existence of security flaws encourages action and the hubris of not updating is the clarion call to those that exercise the exploits.

> I'd say your exposure to malware on Android is far less than it is on PC

This. What is this? This is complete conjecture. Get out of here.

[virgilp]

> my first thought is:

> > what's the most effective exploit to tap into that market?

So??? What is it? Do let us know.

I'd venture to say that the fragmentation of that market makes it reasonably secure. Just like how the average router is incredibly insecure, and yet you don't advise people to avoid e-banking and just deal with their money in paper form and through face-to-face contacts.

Yes, you are technically right. But @quanticle is right, in practice: unless those users do some very stupid shit, they're pretty safe doing ebanking on their phones. (and those who do the "very stupid shit" are likely to do it on their computers, too)

[quanticle]

Where are the Android LSASS worms? Or Android SQL Slammer? Or Android ILoveYou? Or Android NotPetya? Or any one of the literally hundreds of well-known malware strains that make the news every time they infect a few million PCs? Malware on Android certainly does exist, but the fact that Android has been out for this long, with this many outdated devices, and we haven't seen a single mass infection yet means that Android isn't as easy to exploit on a mass scale as people make it out to be.

I'm not claiming that Android is safe. Nothing is safe. But it does security professionals no good to be alarmists. If we cry wolf about literally every technology that ordinary people use, the result is not people giving up technology. The result is people ignoring security professionals.

If an ordinary user came to you and asked, "Where should I do my banking? On my phone or on my PC?" what would your answer be?

[viraptor]

> I keep hearing this, but what's the actual presence of malware on Android? If you're not installing shady apps from the Play Store, what's your actual level of risk?

I wish I could quantify that. It's a hard task. But the store is not the only possible vector. On an old Android you're running a very outdated version of Chrome when looking at any pages / ads. That would be the most exposed/insecure element in the system.

[vetinari]

Chrome on Android is updated separately from the OS release. Even old Androids have new Chrome. This is not the Safari-on-iOS situation.

The same is valid for the system WebView, but "only" since Android 4.4. It is updated via Play Store, independently from the base system.

[viraptor]

I was responding in the context of:

> As someone who goes as long as possible without performing updates

I take that to mean without updating the apps either, not just the os. I've seen people reject any kind of upgrades.

[Quarrelsome]

there are bluetooth exploits and network adapter exploits which are for more localised fun.

[amelius]

That's one reason I'm still hoping for a Linux/Firefox phone.

[pksadiq]

> That's one reason I'm still hoping for a Linux/Firefox phone.

You should rather hope for GNU/Linux phones. Linux devices (without the GNU part) is most of the time, just another locked device (see your Android phone, router, TV, etc).

The presence of GNU software pieces (or any software licensed under GNU [LA]GPL v3+) ensures the device is free of locks (or with user breakable locks).

[jhasse]

> The presence of GNU software pieces (or any software licensed under GNU [LA]GPL v3+) ensures the device is free of locks (or with user breakable locks).

That's not true, as the Linux kernel is still GPLv2. So while you could swap out the userspace GNU utils, the device manufacturer can still lock the bootloader which is perfectly fine with the GPLv2.

Even if the bootloader is unlockable (e.g. LG allows this btw), you will most likely be stuck to a specific kernel version due to proprietary binary blobs which nearly every phone uses.

So instead of a GNU/Linux phone, you should rather hope for a phone with complete open source drivers (or a GPLv3 kernel).

[pksadiq]

> That's not true, as the Linux kernel is still GPLv2. So while you could swap out the userspace GNU utils, the device manufacturer can still lock the bootloader which is perfectly fine with the GPLv2.

Yeah, probably. But the presence of packages like GNU libc can make it harder for the manufacturer to lock the device.

> ... kernel version due to proprietary binary blobs which nearly every phone uses.

Sadly, binary blobs are always an issue. In the case of Linux, this happened because many Linux developers don't care about binary blobs. If they did, you won't see any binary blobs (as it is a violation of GNU GPL).

> ... with complete open source drivers

My main point was to quote that 'open source' doesn't solve these issues. We should take software freedom more seriously.

> ... (or a GPLv3 kernel).

I wish we will not have to wait until the human civilization end in fire to see this.

[vetinari]

> this happened because many Linux developers don't care about binary blobs.

It is mostly users, not developers, who don't care about binary blobs. The users then take the "pragmatic" approach of using binary blobs, but hey, stuff works for them.

See also the Nvidia binary driver. Who is the advocate for that? Users (hey, never had a problem and it runs my apps very well) or developers (whoa, we cannot develop Wayland/etc with this)?

[jhasse]

> Yeah, probably. But the presence of packages like GNU libc can make it harder for the manufacturer to lock the device.

glibc is LGPL, so I don't see how that should change anything?

> (as it is a violation of GNU GPL).

IIRC it's a gray area.

[noobermin]

There's not much left to hope for as every platform that attempted one has fizzled out.

[la_oveja]

You can already have a Linux phone.

[amelius]

But it doesn't run my banking app.

[vetinari]

Your bank doesn't have a website?

[amelius]

Yes, but it requires the use of a dongle/calculator to access it, whereas the app just requires a personal code.

[la_oveja]

Go ask your bank an app for Linux.

[jhasse]

Most banking apps are available for Android, which uses the Linux kernel.

[amelius]

Yeah, it uses the Linux kernel, but I wouldn't call it a "Linux phone".

[nowherecat]

How about Purism's Librem 5? https://puri.sm/shop/librem-5/

Librem 5, the phone that focuses on security by design and privacy protection by default. Running Free/Libre and Open Source software and a GNU+Linux Operating System designed to create an open development utopia, rather than the walled gardens from all other phone providers.

[zingmars]

Isn't out yet and from what I can tell they haven't released much info about it yet. Maybe will be worth revisiting the idea when it's actually released.

[Tepix]

If they release it with the slow outdated i.MX 6 CPU it will be terrible. Let's hope it will be the i.MX 8.

[akoncius]

It’s not “perfectly working” if it is wulnerable to many hacks.

[atomicnumber1]

Google kind of does that but OEM does not seem to implement them into their phones.

[miguelrochefort]

Dangerous?

What's the worse that could happen?

[fulafel]

Do you mean the worst that could happen to you personally or the worst for everyone?

When your device is compromised by hostile actors I guess it depends on what your nightmares are, but getting framed for child pornography and/or blackmailed for it is a popular one. Or getting your cloud accounts hijacked and all your stuff compromised. Or getting the bad guys access to your employer's network. Etc.

Collectively a widespread Android device botnet could take down a lot of infrastructure, or start a war, or ruin everyone's days with ransomware. I'm sure more imaginative people have thought about it.

[willstrafach]

1. Ability to passively decrypt network activity (KRACK).

2. Ability to throw a fully persistent implant onto the device (via Wi-Fi exploit + pivot to AP kernel exploit)

[mindslight]

Most phones already come with two persistent implants - the user-antagonistic OS, and the baseband processor!

I'm all for trusting computing devices to act as one's agents, but attempting to do so with anything resembling a modern mobile phone is barking up the wrong tree.

Even though just having one means taking the location-tracking hit from negligently designed cellular protocols, further exposure can be mitigated by using these little snitches for as little personal activity as possible.

[alsetmusic]

At some point, reckless behavior affects people beyond the individual. I am irritated that people allow their systems, networks, devices etc to become compromised, thus becoming the assets of malicious actors. Most of the people in this category have are not particularly savvy, which doesn’t give them an out so much as it explains the predicament. However, you are demonstrating that you choose to be in this category, despite understanding the problem. You are letting your personal convictions get in the way of good judgement. You now shoulder responsibility for knowingly making the world a little less safe for the population at large.

[mindslight]

It's very fucking weird that by pointing out the larger non-corporate context of digital security, it's being inferred that I deliberately do not secure my devices. I guess by not toeing the AppGoogAzon "Security (TM)" marketing lines, I just end up in that "other - outsider" category, and must be wrong.

I already explained a mechanic of causality whereby assorted end nodes being owned up actually increases our security, as it helps keep at bay the simplistic/totalitarian philosophy of tracking/controlling communication. But don't let that get in the way of the malunderstanding that is ultimately driving this nebulous desire for promised "security".

[tscs37]

Your phone will probably turn up in a botnet soon enough, but atleast you had the moral high ground.

[Doctor_Fegg]

Do you have an actual number for "probably" - assuming normal browsing habits (i.e. not to the sort of porn site with a higher likelihood of installing malware), and an outdated version of iOS or Android?

How is that number changed by not using public wifi?

[pixl97]

>i.e. not to the sort of porn site with a higher likelihood of installing malware

Porn sites are not where most malware comes from. Ad networks are. I've had more attempts at virus and malware installs from 'legitimate' sites that have had poor control of their banner ads.

https://www.extremetech.com/internet/220696-forbes-forces-re...

>How is that number changed by not using public wifi?

You are, quite falsely, assuming that non-public wifi, say your friends house, is any more protected.

http://www.zdnet.com/article/flaws-in-att-routers-put-custom...

[mindslight]

Oh no, not a month's allocation of mobile data down the drain!

An impersonal passive botnet would likely do less damage than status quo "apps" that are built to siphon as much personal data as possible.

Never mind these few Mifi devices that I have - default configs that listen on wan telnet with static passwords! Well known domestic manufacturer, not worth attempting to report - the manufacturer obviously did not care, has long moved on, and there's countless other models with the same problem.

The panacea of every node being secure with an identifiable owner fell apart long ago. You can either cling to that belief in a fundamentalist manner (and prop up the totalitarians who wish to track communication ever more). Or you can work on understanding how non-technical people actually attempt to moderate their own exposure to these insecure-by-design surveillance devices.

[tscs37]

You should install security updates. Period.

You don't help anyone by feeling better because instead of having the vendor maybe sniff on you, a hacker can do it instead.

I also haven't found any apps yet that intentionally waste my monthly datacap.

[PhasmaFelis]

> Most phones already come with two persistent implants - the user-antagonistic OS, and the baseband processor!

I don't trust Apple or Google to have my best interests at heart at all, but I am quite confident that neither of them will literally try to extort me with ransomware or kiddie porn. It's weird that you're equating the two.

[staticassertion]

Most people are willing to accept the risk that the NSA is listening in on them. Most people are not willing to accept the risk of an arbitrary person being able to steal their identity.

[junkscience2017]

That already happened as a result of Equifax. Your SSN is no longer secret...so rejoice, you are free to choose whatever phone you like!

[zaarn]

Sadly, the world is not America and most people on this planet are unaffected by the latest problems of America.

[ben_w]

Like 95% of the world, I don’t have an SSN.

Even if every American owns one of those outdated Android phones, 2/3rds of the phones would still have to be owned by people who don’t have SSNs.

[mindslight]

If one's "identity" is so bland that it can be trivially "stolen", then perhaps it's not much of an identity after all.

[nindalf]

For people living in America an identity is a name, date of birth, mother's maiden name and SSN. If you lose these, you could be the victim of fraud.

But you already knew that didn't you? You deliberately misinterpreted what he meant by identity theft.

[Analemma_]

This all might be true, but as a reason to not install patches, it still makes no sense. If you don’t trust the baseband or the OS, why did you buy the phone to begin with? You trust iOS n, but not iOS n+1?

[mindslight]

One is forced to buy a phone, as an expectation/requirement of modern society. This does not imply they wish to spend even more money in support of the broken ecosystem every year/six months/etc.

[jamespo]

You're not forced, particularly not to get a smartphone.

You're trading off convenience.

[viraptor]

Similar questions were likely asked by owners of insecure routers/cameras before they got hit with Mirai