Hacker News new | past | comments | ask | show | jobs | submit login

> how do we know if an android app is the real deal?

You don't.

Not that it really matters, if you care about security you shouldn't be using Android in the first place.

Don't let the perfect be the enemy of good. Or in other words, I try to adjust my opsec/persec to a realistic threat model, not to my worst dystopian nightmares.

I think the point is that, Android is not what we would consider "good" security.

This is not about dystopian nightmares, this is about an OS where it's exceptional to EVER get an update, let alone get it in time.

If you go out to a shop and buy 100 Android phones, at least 99 will be running outdated OS versions with known security issues and no updates available.

But why aren't these Android phones getting hacked left and right, everywhere? Any idea?

Where I am (the Netherlands), Android is way more popular than iOS--I'm not attaching value judgement to popularity or otherwise, nor am I particularly doubtful of your claim that the average (cheap) Android phone is running an outdated version.

But if that's the case then what is going on?

Are they not juicy targets for hackers? (tons of personal information, botnet possibilities, seems valuable to me)

Or are they in fact being hacked quietly and we're not hearing much about it? Is everyone's cheap phone already part of a botnet and nobody realizes?

Is it perhaps that the exploits require physical proximity that hackers don't deem worth the risk?

Looking at active Android clients your claim might be correct (although I assume it is not 99%), but if he actually went out and bought a new "premium" phone which I assume most here would do it is most likely updated.

Is there a smart phone OS, that's actually usable, that is any better?


BB10 would have been even better but they pulled the plug on that one.

Is iOS really that much better than an updated stock Android? Even if you find differences, they are not as big as you make it sound.

Comparing stock iOS with some old unupdated cheap phone with bloated Android is not fair.

I can't say if it's much better, but iOS devices does have some security features most Android devices don't have :

- hardware Secure Enclave (as time of writing, only Samsung devices and latest Google Nexus also have a similar hardware, as far as I know)

- strong sandboxing (again, only Samsung devices with Knox can really compare)

- restrictions on which apps you can get, that filters on malicious apps (ex: fake gmail app). It is void if you use jailbroken iOS or allow sideloading on Android.

- security updates are both more frequent (except Google devices, all Android manufacturers always lag behind for updates), and available to older devices (varies from manufacturer to manufacturer, but it's generally way less than Apple)

Of course, you need to factor in the delay to respond to security flaws (I don't have that kind of data), and other factors too, as well as decide if iOS suits you. That's for you to decide.

> Is iOS really that much better than an updated stock Android?

No, but updated stock android phones are not really a thing, are they ?

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact