Difference between revisions of "Android"
(→Distributions with Pre-installed Malware: wikifying) |
m (typo) |
||
| (8 intermediate revisions by 3 users not shown) | |||
| Line 6: | Line 6: | ||
|description=A widely used mobile [[operating system]] | |description=A widely used mobile [[operating system]] | ||
}} | }} | ||
| − | '''Android''' is a widely used mobile [[operating system]] developed by [[Google]]. It is generally | + | '''Android''' is a widely used mobile [[operating system]] developed by [[Google]]. It is a generally reliable{{cn}} [[open source]] OS, but as sold to consumers it almost invariably comes bundled with manufacturer malware to facilitate [[universal surveillance]]. |
| − | == | + | ==Pre-installed Malware== |
Although [[open source]], Android is often sold pre-installed on [[mobile phone]]s with dozens of pieces of proprietary [[malware]], usually not able to be uninstalled and sometimes even invisible to end users. The proprietary Android [[cellphone]], in this state, has been described as "the most sophisticated surveillance machine to date for monitoring your routines."<ref>https://elpais.com/elpais/2019/03/22/inenglish/1553244778_819882.html</ref> Even with a custom ROM, [[Google Play Services]] itself can act as spyware, tracking one's location <ref>https://www.buzzfeednews.com/article/nicolenguyen/heres-how-to-actually-prevent-google-from-actually-tracking</ref>, for example. | Although [[open source]], Android is often sold pre-installed on [[mobile phone]]s with dozens of pieces of proprietary [[malware]], usually not able to be uninstalled and sometimes even invisible to end users. The proprietary Android [[cellphone]], in this state, has been described as "the most sophisticated surveillance machine to date for monitoring your routines."<ref>https://elpais.com/elpais/2019/03/22/inenglish/1553244778_819882.html</ref> Even with a custom ROM, [[Google Play Services]] itself can act as spyware, tracking one's location <ref>https://www.buzzfeednews.com/article/nicolenguyen/heres-how-to-actually-prevent-google-from-actually-tracking</ref>, for example. | ||
| + | |||
| + | According to a study by [[Douglas Leith]] from [[Irish]] [[Dublin University/Trinity College|Trinity College]], Android devices send almost 20 times more data to [[Google]] than [[iPhones]] to [[Apple]]. [[Telemetry]] (GPS position, telephone number and IMEI, whether the SIM card is inserted, MAC addresses of the closest WLAN router, etc.) is continuously transmitted - even if the user has not activated a Google account or has objected to the collection of statistical data. Even in standby mode, information is transmitted every 4.5 minutes on average. In 12 hours, Android sends its creator one megabyte, iOS sends 52 kilobytes.<ref>https://www.scss.tcd.ie/doug.leith/apple_google.pdf</ref>. Spokespeople from Google contradicted Leith's findings and pointed to errors in his methodology. According to the corporation, the scientist simply described how modern smartphones work.<ref>https://arstechnica.com/gadgets/2021/03/android-sends-20x-more-data-to-google-than-ios-sends-to-apple-study-says/</ref> | ||
===Rooting phones=== | ===Rooting phones=== | ||
| Line 15: | Line 17: | ||
===Avoiding malware=== | ===Avoiding malware=== | ||
| − | To avoid software-based malware on Android phones, one should use one that gives the user full control (i.e. are rootable) and allow reinstall of an alternative OS such as plain [[AOSP Android]] | + | To avoid software-based malware on Android phones, one should use one that gives the user full control (i.e. are rootable) and allow reinstall of an alternative OS such as plain [[AOSP Android]] (such as [[Pixys OS]]<ref>https://github.com/PixysOS</ref>, [[LineageOS]] or [[Resurrection Remix OS]]. |
| + | |||
| + | ==Software sources== | ||
| + | Some Android apps abuse their privileges to subvert the phone and serve adverts.<ref>https://arstechnica.com/information-technology/2015/10/android-adware-wields-potent-root-exploits-to-gain-permanent-foothold/</ref> The most popular software repository is the [[Google Playstore]]. | ||
| + | |||
| + | ===F-Droid=== | ||
| + | {{FA|F-Droid}} | ||
| + | F-Droid, started in 2010, is the best established repository which contains only freely available [[open source]] apps. | ||
| + | |||
| + | ===Google Play store=== | ||
| + | {{FA|Google/Play}} | ||
| + | By July 2017 "at least 500 apps collectively downloaded more than 100 million times from Google's official Play market contained a secret [[backdoor]] that allowed developers to install a range of [[spyware]] at any time".<ref>https://arstechnica.com/information-technology/2017/08/500-google-play-apps-with-100-million-downloads-had-spyware-backdoor/</ref> | ||
| + | |||
| + | In March 2019 a joint investigation by researchers from [[Security Without Borders]] and ''[[Vice]]'' concluded that the Google Play store had around 20 government-sponsored [[malware]] apps that had been undetected for 2 or so years.<ref>https://motherboard.vice.com/en_us/article/43z93g/hackers-hid-android-malware-in-google-play-store-exodus-esurv</ref> | ||
| + | |||
| + | ===Alternatives=== | ||
| + | Another (closed source) alternative software repository is [[Aptoide]], launched in 2009. | ||
| + | |||
| + | ==Drivers== | ||
| + | Some phones use proprietary drivers, which being closed source, cannot be independently verified to be safe. Dealing with these requires either a phone with open drivers available or one writing open drivers themselves. Since reverse engineering hardware protocols can be an extremely challenging ordeal, one should usually avoid phones with proprietary drivers if they want maximum security. | ||
| − | |||
| − | |||
{{SMWDocs}} | {{SMWDocs}} | ||
==References== | ==References== | ||
{{reflist}} | {{reflist}} | ||
Latest revision as of 12:43, 4 April 2021
 Android  (Operating system)   | |
|---|---|
 | |
| A widely used mobile operating system |
Android is a widely used mobile operating system developed by Google. It is a generally reliable[citation needed] open source OS, but as sold to consumers it almost invariably comes bundled with manufacturer malware to facilitate universal surveillance.
Contents
Pre-installed Malware
Although open source, Android is often sold pre-installed on mobile phones with dozens of pieces of proprietary malware, usually not able to be uninstalled and sometimes even invisible to end users. The proprietary Android cellphone, in this state, has been described as "the most sophisticated surveillance machine to date for monitoring your routines."[1] Even with a custom ROM, Google Play Services itself can act as spyware, tracking one's location [2], for example.
According to a study by Douglas Leith from Irish Trinity College, Android devices send almost 20 times more data to Google than iPhones to Apple. Telemetry (GPS position, telephone number and IMEI, whether the SIM card is inserted, MAC addresses of the closest WLAN router, etc.) is continuously transmitted - even if the user has not activated a Google account or has objected to the collection of statistical data. Even in standby mode, information is transmitted every 4.5 minutes on average. In 12 hours, Android sends its creator one megabyte, iOS sends 52 kilobytes.[3]. Spokespeople from Google contradicted Leith's findings and pointed to errors in his methodology. According to the corporation, the scientist simply described how modern smartphones work.[4]
Rooting phones
Android is based on Linux, and is affected by a number of Linux bugs. In October 2016, 'Dirty Cow', a Linux privilege escalation bug was published online, which was "believed to work reliably on every version of the mobile operating system and a wide array of hardware."[5]
Avoiding malware
To avoid software-based malware on Android phones, one should use one that gives the user full control (i.e. are rootable) and allow reinstall of an alternative OS such as plain AOSP Android (such as Pixys OS[6], LineageOS or Resurrection Remix OS.
Software sources
Some Android apps abuse their privileges to subvert the phone and serve adverts.[7] The most popular software repository is the Google Playstore.
F-Droid
- Full article: F-Droid
- Full article: F-Droid
F-Droid, started in 2010, is the best established repository which contains only freely available open source apps.
Google Play store
- Full article: Google/Play
- Full article: Google/Play
By July 2017 "at least 500 apps collectively downloaded more than 100 million times from Google's official Play market contained a secret backdoor that allowed developers to install a range of spyware at any time".[8]
In March 2019 a joint investigation by researchers from Security Without Borders and Vice concluded that the Google Play store had around 20 government-sponsored malware apps that had been undetected for 2 or so years.[9]
Alternatives
Another (closed source) alternative software repository is Aptoide, launched in 2009.
Drivers
Some phones use proprietary drivers, which being closed source, cannot be independently verified to be safe. Dealing with these requires either a phone with open drivers available or one writing open drivers themselves. Since reverse engineering hardware protocols can be an extremely challenging ordeal, one should usually avoid phones with proprietary drivers if they want maximum security.
Related Document
| Title | Type | Publication date | Author(s) | Description |
|---|---|---|---|---|
| Document:Huawei’s phone business would be decimated without Google’s Android | Article | 20 May 2019 | Vlad Savov | A resolution to the ongoing trade dispute between the US and China is now more urgent than ever. However, China is unlikely to react positively to the bullying tactics of the US. And that means Huawei’s phone business may be in limbo for a while yet. |
References
- ↑ https://elpais.com/elpais/2019/03/22/inenglish/1553244778_819882.html
- ↑ https://www.buzzfeednews.com/article/nicolenguyen/heres-how-to-actually-prevent-google-from-actually-tracking
- ↑ https://www.scss.tcd.ie/doug.leith/apple_google.pdf
- ↑ https://arstechnica.com/gadgets/2021/03/android-sends-20x-more-data-to-google-than-ios-sends-to-apple-study-says/
- ↑ https://arstechnica.com/information-technology/2016/10/android-phones-rooted-by-most-serious-linux-escalation-bug-ever/
- ↑ https://github.com/PixysOS
- ↑ https://arstechnica.com/information-technology/2015/10/android-adware-wields-potent-root-exploits-to-gain-permanent-foothold/
- ↑ https://arstechnica.com/information-technology/2017/08/500-google-play-apps-with-100-million-downloads-had-spyware-backdoor/
- ↑ https://motherboard.vice.com/en_us/article/43z93g/hackers-hid-android-malware-in-google-play-store-exodus-esurv
