Tweaks made to Android OS are causing massive security holes

Originally published at: https://boingboing.net/2018/08/14/tweaks-made-to-android-os-are.html

…

To avoid this half-baked malarkey, choose a solid brand like Samsung, or flash a quality ROM, probably AOSP flavoured to be on the safe side.

I wish that article had an easily identifiable link to a list of models with issues.

I’m hoping that my Moto G4, with its as far as I can tell stock Android, should be unaffected…

While I have little doubt that there are problems with the third party software that manufacturers install on those phones, I’m not impressed by a security company that won’t give you any details on it. They’re only interested in selling you their service. This is usually a red flag in the security community.

The issues might also be reported but not disclosed yet to give the developers time to fix.

They’ll tell you the vulnerabilities if you give them money according to their website.

I’d avoid Samsung and stick with Google’s phones. I use a Pixel 2 and it’s decent.

None of the third party handset makers do as good of a job keeping up to date with security patches as Google.

IMHO, only Apple’s and Google’s phones are usable.

They’re soooooooooooooo expensive, though! And no SD card slot, what the hell?

There’s nothing inherently wrong with that; it allows for differentiation, which gives people more choice.

No, I do not want more choice. I want my phone to just work. If I wanted to get my hands dirty with the code, I would still be an engineer. You’re a maker? Awesome, but don’t force the rest of us to be makers.

So, you’re saying Apple phones are expensive because they are designed by competent engineers given the mission to do it right? Glad we got that straightened out.

The point of choice isn’t necessarily to give you more choice, but to avoid this situation:

image.jpg850×400 75 KB

I believe the upcoming version of Android implements the Treble architecture (which makes it easier for Google to provide Android patches without manufacturers or providers being involved). Perhaps that will smooth the path for these vendors too so they can patch their products more easily. I confess I don’t know all the details of Treble though.

I do wish there were better options available for stock Android ROMs. I recently looked for one to install on a Note 4 and found nothing. The one ROM with the most traction, LineageOS (the successor to CyanogenMod), doesn’t support this phone sadly.

Hoping for the day when it’s as simple as downloading and installing basic vanilla Android directly and then installing (if desired) Google’s software (Play Services), and then whatever vendor drivers are needed to make the cell phone hardware and other custom components work.

Maybe there’s a good reason that’ll never happen but I hope it’s not because manufacturers and providers don’t want to take a back seat like that.

I wonder how Samsung ranks in here. I don’t know to what extent they modify the OS, I know they offer their own apps they like to push on users of their handsets but OS-wise I don’t know whats been done.

Users should be able to root their own phones. This needs to be a legal requirement.

If companies want to install their own bloatware or whatever on the phone, great. But I should have the option of nuking that and installing the bare operating system.

I can do this with a PC. Pretty much every PC company loads them down with all kinds of useless crap. My solution to this is to reformat and reinstall the OS. I should be able to do this with my phone, too.

Has manufacturer bloatware on smart phones or PCs or tablets ever benefited the user?

That’s what you heard? I thought he was saying that simplistic overgeneralization by fanboys is bad for global security.

It’s kind of fiddling whilst Rome burns, though, to focus solely on OS issues. Every indication is that all phones, including Apple’s, contain exploitable code well below the operating system.

Pixels are not much more expensive than any Samsung flagship model. And while Samsung hardware can be nice, their software update situation is a mess and their software adds more bugs and issues than useful features. My two year old Pixel has more up-to-date software and security patches than this year’s flagship from Samsung. Having owned a Samsung that stopped getting any updates after a few months I felt they wanted me to upgrade the OS (to something still over a year old) by purchasing the latest model. No thanks, I’d rather you properly support the device you just sold me.
If you can’t handle flagship prices and you want an up-to-date and fully patched system use an older iphone model. Avoid the cheap android phones.

That G4 is very close to stock. The motions stuff is custom. Here are some decent phones shipped with stock android

Please don’t call Samsung a solid brand. They muck about with Android more than anyone else causing the experience to go down the toilet.