Android: Security, Shmority – 146 Vulnerabilities and Not a Thing to Wear

Yup you read that right. 146 Android vulnerabilities have been recently discovered by security firm Kryptowire.

More f-ugly from our friends in Android world, to bolster what I noted in Android’s Scary Unknown Vulnerabilities.

Scary Security in Android is a Feature, Not a Bug

Scary Security in Android is a Feature, Not a Bug
Android is designed to be difficult to update. Or rather, as a result of intentional neglect, Android is difficult to update. Not only does Google not do enough, or perhaps does nothing, to fix this problem, hardware manufacturers frequently abandon old devices really fast. Leaving customers with outdated and insecure Android and other software.

Well…. Looks like a bunch of ’em were known after all.

Android comes with something the iPhone doesn’t

In The Macalope’s article published today, Convenience: Android comes with something the iPhone doesn’t, the mythical beast writes:

Hey, an un-installable vulnerability is just a friend you haven’t realized is stalking you!
OK, that came out bad. But, in The Macalope’s defense, it came out bad because the situation is bad. So the statement is directionally correct.
Now, here’s where The Macalope would normally adopt a sarcastic tone and say how weird this is because back in 2013, Eric Schmidt assured everyone that Android was more secure than iOS. And it’s super weird because the horny one has been hearing from Android boosters for years how Android is simply intrinsically more secure than iOS because open is magical and can never fail.

The Macalope

No way to purge them from your Android device

From the Wired article 146 New Vulnerabilities All Come Preinstalled on Android Phones:

When you buy an Android smartphone, it’s rarely pure Android. Manufacturers squeeze in their own apps or give it a fresh coat of interface. Carriers do it too. The resulting stew of preinstalled software and vanilla Android sometimes turns out to be rancid, putting flaws and vulnerabilities on the phone before you even take it out of the box. For proof of how bad it is, look no further than the 146 vulnerabilities—across 29 Android smartphone makers—that have just been simultaneously revealed.

The vulnerabilities Kryptowire found are often preinstalled at a system level, with no way to purge them from your device.

Wired

Well, isn’t that special !!!

Quality of software is being eroded

And this, from the – Could You BE More Totally Obvious ? – department:

In the race to create cheap devices, I believe that the quality of software is being eroded in a way that exposes the end user.

Quote from a source in Wired article

And the hits just keep on coming…

Manufacturers are ill-equipped to parse the risks

According to a presentation on this very topic given this summer by Google security researcher Maddie Stone, every Android device ships with 100 to 400 preinstalled apps. Many of those apps originate not from the company that’s making the physical device, but from third parties that provide the code for various under-the-hood tasks, or from carriers who have a vested interest in everything from messaging to payments. Most manufacturers are ill-equipped to parse all of those apps for potential risks, and even the largest still allow some sort of carrier influence.

Wired

Reason to never buy an Android device

If that’s not THE reason, directly from Google no less, to never buy an Android device, and simultaneously justifying Apple’s strategy (much maligned by the Android community, BTW) to build a fully integrated stack… Well then my name isn’t Hossenfeffer.

Wait… Well… one of those is true.

You decide…