

Goodbye Android - koevet
http://motherboard.vice.com/read/goodbye-android

======
clinta
Josh Drake(the researcher who found the stage fright exploit) was interviewed
on the last episode of the risky business podcast. His opinion is that iOS and
Android are very similar in their level of security, but the barriers to entry
in researching iOS causes security researchers to spend more time looking at
android.

A state who can finance themselves around those barriers to entry may have
similar exploits against iOS, but we're less likely to find out about them.

------
jon-wood
This is possibly one of the best reasons to use something like Cyanogenmod,
giving you control over updates rather than waiting on manufacturers and
mobile operators.

~~~
freethinky
I'm currently using Cyanogenmod (on a Samsung Note 3) but have a problems
where I really consider to switch back to the stock ROM:

\- Battery life is reduced quite much, I spent quite some time finding the
root cause with BatterBatteryStat, but in the end, it are just the core
services which seem to use more power, there is no app in the background. With
Cyanogenmod it discharges in the night for ca. 30% without doing anything and
disable WLAN. When I still had the stock ROM I was out in the mountains for 5
days and could take almost 400 photos without recharging. SlimROM was much
better in this regard, but they didn't had the PrivacyGuard and so far do not
support the Note 3 on their newer ROMs.

\- I tried to avoid Google Play, unfortunately a few apps depend on it
(especially all the ones using Google Map). But my main problem is more that
I've no idea how dangerous alternatives like Aptoide are. I accidentally
downloaded some apps which were already fully unlocked, while only available
for money on Google Play. I found a Java Program
([http://www.onyxbits.de/raccoon](http://www.onyxbits.de/raccoon)) to download
apps through a Google Account on your PC and then transfer it onto your phone,
but this is somewhat cumbersome.

------
uph
Use TextSecure
([https://play.google.com/store/apps/details?id=org.thoughtcri...](https://play.google.com/store/apps/details?id=org.thoughtcrime.securesms))
by Open Whisper Systems
([https://whispersystems.org/](https://whispersystems.org/))

 _Supposedly the vulnerability is in stagefright, which is the Android
framework responsible for audio /video encoding/decoding and playback.
TextSecure doesn't do any pre-processing of received audio/video messages, so
it seems unlikely that a vulnerability in stagefright could be triggered
simply by sending audio/video to a TextSecure user._

 _TextSecure plays audio /video by handing it to the system's default media
player. If there's a stagefright vulnerability, it's possible that the
system's default media player is vulnerable. From TextSecure, that interaction
should only happen by physically tapping on an audio/video attachment, then
tapping through a warning dialog about insecure playback. At that point, it's
out of our hands._

 _\- moxie_

[https://lists.riseup.net/www/arc/whispersystems/2015-07/msg0...](https://lists.riseup.net/www/arc/whispersystems/2015-07/msg00084.html)

------
ColinWright
Will this fare better than when it was submitted 3 days ago?

[https://news.ycombinator.com/item?id=9968214](https://news.ycombinator.com/item?id=9968214)

That one was flagged and sank without trace.

[http://hnrankings.info/9968214/](http://hnrankings.info/9968214/)

~~~
koevet
I was quite surprised my submission wasn't already in HN. Hopefully the link
will spark an interesting discussion.

~~~
ColinWright
Nope. And it's been flagged again. I don't know why people think a discussion
about this doesn't belong here, but there you go.

------
kevsim
It's a shame people are associating the name StageFright with the
vulnerabilities instead of the media framework itself because it's possibly
the best named library I've ever seen ;-)

------
anthnguyen94
I'm on a Samsung device, which means updates are pushed several months after
Google pushes theirs. I'd love to go to CM, but then the camera quality is
just downright awful because of a lack of TW drivers... Quite annoying

