Oh really?
I’m really tempted to do something similar for the door in my office.
Categories
Papers on Android Mobile Malware
Android often receives high levels of criticism when hostile programs are found in its respective app stores. While anger is high, how prevalent is malware in Android markets? A series of papers, curated by Security Research Computer Laboratory at the University of Cambridge, examine just those questions. Go read them!
From the APPA’s letter to Google concerning Google’s new privacy police:
Initially, I would like to say that the TWG recognises Google’s efforts in making its privacy policies simpler and more understandable. Similarly, it notes Google’s education campaign announcing the changes. However, the TWG would suggest that combining personal information from across different services has the potential to significantly impact on the privacy of individuals. The group is also concerned that, in condensing and simplifying the privacy policies, important details may have been lost.
It’s a short, but valuable, letter for clarifying the principles that have privacy professionals concerned about Google’s policy changes. Go read it (.pdf link).
I sympathize with people’s concern and anger when they learn more about Apple’s atrocious APIs that let developers run off with consumer data. In the most recent revelation
Accepting an iOS prompt that asks permission to access location data can also allow copying of private photo and video libraries, the Times said yesterday. Because these devices often save coordinate information along with photos, it might also be possible to put together a user’s location history, as well as recording current location.
Apparently in an attempt to make photo apps more efficient, access to private photos has been available since the fourth version was released in 2010.
All of this, however disturbing it might be, make a lot of sense. Apple is a consumer company that aims to engineer products so that users can best enjoy them. This means they don’t want to throw a whole lot of security warnings in front of you, for two reasons: First, you’ll just ignore them anyways; second, they’ll annoy you and thus could reduce your iDevice usage.
Very few mobile companies ‘do’ security. The much-maligned Research In Motion is actually about the only mobile company that sells its products on security grounds, though the need to have secured code reduces the rate that they can bring new, highly innovative, product to market. Consumers, businesses, governments, and the market point to their slower rates of innovation as indicative of RIM’s forthcoming doom, but in so doing miss that the ‘cost’ of RIM’s death would be a near-absolute dearth of secured mobile platforms.
If you’re interested in reading about the economics of ignorance and mobile security, check out a piece that was written last year on this very subject.
I’ve talked about trying to pull together a measurable comparison of Internet service in Canada for a while, but as of yet haven’t had the resources to build a tool which meets my criteria. Industry Canada had a similar idea for basic cell phone services. Specifically, the government department created a calculator to help Canadians easily compare text/voice plans across Canada’s various mobile provides. We’ll never see the calculator, however, because:
Internal departmental records released to Postmediareveal that Clement’s decision came after direct lobbying from the likes of Rogers Communications, Telus and the Canadian Wireless Telecommunications Association. Clement defended the decision to shut down the calculator by stating that it was “unfair” in that it didn’t include bundled services mainly offered by, yes, the big telecommunications providers.
It’s incredibly unfortunate that this tool wasn’t provided – it would have been of real assistance to the large number of Canadians that aren’t using bundled services. What’s worse is that, rather than providing the tool in a ‘basic’ state and then scaling it depending on demand (the approach planned by Industry Canada) the whole project was scrapped. Not even the source code has been made available. Consequently, Canadians paid a fortune to develop a tool which met its basic design specs, and have nothing to show for it save for a large government bill and the continued hassle of trying to decipher the cacophony of mobile phone plans. Carriers: 1 Canadians: 0.
Categories
2012.2.28
This notion that apps should pay for bandwidth is insane. Telcos should pay developers a commission for helping them sell bandwidth.
Tim Bray, Developer Advocate at Google
An excellent piece from Bruce Schneier, in interview, concerning the relationship between trust and security. It’s short, so just go read it. For a taste:
My primary concerns are threats from the powerful. I’m not worried about criminals, even organised crime. Or terrorists, even organised terrorists. Those groups have always existed, always will, and they’ll always operate on the fringes of society. Societal pressures have done a good job of keeping them that way. It’s much more dangerous when those in power use that power to subvert trust. Specifically, I am thinking of governments and corporations.
Categories
Categories
2012.2.27
The great evil that we as Americans face is the banal evil of second-rate minds who can’t make it in the private sector and who therefore turn to the massive wealth directed by our government as the means to securing wealth for themselves. The enemy is not evil. The enemy is well dressed.
Larry Lessig, from Republic, Lost: How Money Corrupts Congress – and a Plan to Stop it.
Categories
I get that indexing encrypted backups is a royal pain in the ass, and that doing this well is challenging to boot. That said: the notion RIM would provide discrete, encrypted, backups of the PlayBook rather than solving the problem of indexed backups is absolutely absurd.
Even in an era of 500GB+ hard drives, ‘paying’ 13GB+ for each backup is ridiculous; this kind of storage cost simply doesn’t lead to a sustainable long-term backup schema (especially when you head north to 55GB+ backups). Most users, in response, will dial back to non-encrypted backups and thus reduce the security profile of what is meant to be a secure device. This is incredibly bad form for RIM, made worse by the company’s (often contrasting) focuses on (a) consumer markets; (b) professional – and thereby more security-conscious – markets.
Apple had the same problem with storing encrypted disk profiles in the previous iteration of their operating system – OS X Snow Leopard – though this was resolved in Lion. While the lessons learned by Apple likely are not perfectly equatable to RIM’s own situation, RIM needs to move the ball ahead if they are to simultaneously deliver to their dual markets. At this point they cannot afford to satisfy only one market or the other and hope to remain competitive.
Excited Pixels 