> Google now has its own phone—Pixel—that gets security updates quickly and regularly.
The Nexus 5 line used to have this until Google decided after three years to stop supporting it despite the hardware continuing to last well beyond that.
three years of frequent updates is pretty much the best support you're going to get with any android phone. i personally love my pixel 2, but they sold about half as many pixels in 2017 as samsung sold phones in a week. [0][1] samsung does give monthly security updates to its flagship products, but it won't support anything for more than two years. i think it's clear that consumers don't actually give a shit about updates when they choose their next phone, so i find it hard to fault google for having the best update policy on a series of phones that they struggle to break even on.
Apple also has a nasty habit of coercing users into upgrade to new models, reducing the need for supporting older devices and artificially limiting the amount of older phones in circulation: https://www.wsj.com/articles/apple-faces-multiple-lawsuits-o...
>>three years of frequent updates is pretty much the best support you're going to get with any android phone.
I have an HP computer with an OS from big, bad Microsoft and get updates even though my computer is 7 years old. I paid around $400 then (rebates and all.)
The problem was hardware manufacturers ie processor etc would not support newer versions of the OS and kernals. Thats why they have come up with project treble with that you would be able to install newer versions of android long after they themselves stop giving updates.
Treble doesn't help anything because OEMs are the ones still pushing updates, and only devices released with Oreo are oblieged to be compliant with Treble.
Which is why even in 2018 most new devices have been released with 7, upgradable to 8.
But I am glad OEMs keep ignoring Google, as they finally added update clasues on their licensing contracts.
Make no mistake: their phones are data gathering devices serving one master. They may keep up to date with patches, but you have very little knowledge or control of what they collect from you and what they do with it.
> I have not seen any evidence that they violate their own policies, even when I worked there a while ago and had internal knowledge.
Whether Google violates their policies today is the wrong question to ask. Nothing about these policies is long-term legally binding for Google and they can be changed on a whim.
While Google includes this language:
> We will not reduce your rights under this Privacy Policy without your explicit consent.
I'm not sure that covers them increasing their own rights to collect, share, and sell data.
Remember - nothing lasts forever. One day Google will be in a financially desperate situation and their investors will demand that they do anything they can to stop the losses. Meanwhile they will have a valuable trove of data on millions of people.
This is not just hypothetical. When Google decided that Google+ was a priority and only real names should be allowed many were forced to de-annonymize formerly anonymous Youtube and Gmail profiles or be removed from the service.
The only real way to assure the security and privacy of data is to not collect it. The only way ensure that the likes of Google/Apple/Facebook won't collect the data is through legislation that gives privacy policies real teeth when they're violated and gives users power to choose to reject changes to these policies in whole or in part.
Okay, so that's the outward intent. The practice is a little different. If they get hacked or an employee does misuse data, the public will probably not find out. Most of the company probably doesn't even know.
If you were an engineer working at Google on one of the services that handles, say, location data from phones, how difficult would it be for you to go into the environment and find a specific person's location history? Also, what logging or other audit trail is there for that access?
Google has amazing controls and audit capabilities around access to customer data. When I worked on the security team there the number of people who could access a specific person's data without an audit record and an alert being triggered was zero.
If I had to trust a company with private data, there is no other company I would trust more to keep it safe from rogue employees and accidental leaks/hacks.
Is that for someone going through the user interface, or is it a fundamental feature of the database (or whatever)? In other words, is there no case where someone could log into a server and see some PII in a debugger or a direct query without being detected?
This is both for people using tools and people accessing servers and databases directly.
Logging into production servers is audited and triggers alarms. There's basically no-one who has "root" level access to a large number of boxes (when I left in 2013 there were only a handful of people who could login to arbitrary boxes and systems were being built so that their access would no longer be necessary). Logging into a server that holds live data would be investigated and so would running a custom query against a production database. The goal was to have it basically impossible for an engineer or admin to directly access data on boxes to force people to use the tools.
The tools themselves had a great permission system as well as a way for users to elevate their permissions in emergency (triggering an investigation). It worked well because it was also easy to create dummy databases to develop on (for example by requesting a database extract of your own location data).
In my career to date I have yet to see a more privacy conscious / secure approach to handling customer data.
FWIW, the ex-googlers I've asked about this claim it would be very hard for an individual to do this surreptitiously. One even claimed that Larry Page would probably get caught if he tried.
We know from the Snowden leaks that there were direct data links between Google and the NSA. Despite their vehement denials and public outrage, I still find it hard to believe that it was possible for the NSA to install such massive surveillance without some complicity from Google.
Technically this might have been possible without any Google involvement, I agree with that, but given past involvement of other companies like e.g. AT&T with the NSA, this seems kind of unlikely to me. It just seems more credible to assume that some people in the higher ranks of Google willfully complied, and I wouldn't be surprised if something similar still occurred.
Nothing in Snowden's leaked documents contradicted Google's statements. The New York Times reported the setup correctly from the start, and the rest of the news media picked up on it shortly thereafter. https://www.cnet.com/news/no-evidence-of-nsas-direct-access-...
Your understanding of PRISM matches Greenwald's incorrect reporting, which was based on a high school dropout's misreading of some slides he found on the SharePoint system he administered. Greenwald could have gotten the story correct if he had bothered to run the documents by an expert first, but instead he made ridiculous errors like thinking that DITU is a government system running inside the companies' networks instead of the FBI's Data Intercept Technology Unit, whose court-ordered wiretaps PRISM actually accesses.
lol, so google can lose even more money selling you the next phone?
of all the companies out there, i really doubt that google deliberately makes their phones obsolete. just look at how they run their phone business; i don't think they ever expect it to be a profit center.
Would you accept the same logic for the software in a car? I don't think it would be acceptable if e.g. Tesla, a company that relies heavily on software in the car, would stop fixing security (and safety) issues after three or even five years after you bought the car. Like the phone, you can still use it, but it might just not be safe anymore to do so. To prevent this problem and the waste of resources that goes with it, it would even be okay for me to have laws that sanctions abandoning software like this.
> Would you accept the same logic for the software in a car? I don't think it would be acceptable if e.g. Tesla, a company that relies heavily on software in the car, would stop fixing security (and safety) issues after three or even five years after you bought the car.
yeah, i would be pretty mad if my car stopped getting critical updates after three years, but there are a lot of reasons why this is not an apples-to-apples comparison. software defects in a car directly risk your physical safety. vulnerabilities in a phone can also have severe consequences, but it's a very different kind of risk.
let's also not forget that a new car costs at least fifteen times as much as a new phone, and cars are regularly driven for ten to twenty years before they are scrapped. during this time, the manufacturer is getting a steady stream of revenue from selling replacement parts that they can use to offset the cost of providing safety recalls for old models. and even car companies aren't obligated to do recalls after fifteen years.
> To prevent this problem and the waste of resources that goes with it, it would even be okay for me to have laws that sanctions abandoning software like this.
do you really think the typical consumer cares about updates or security? they don't buy a new phone because the old one isn't getting updates. they buy a new one because they've smashed the shit out of their old one or they just want a new thing. i'm not sure what "resources" would be saved by forcing phone manufacturers to support old models that consumers don't want anyway. you would just end up deleting the $100-200 range of phones.
Which is why you swap the battery - be careful of those nasty small plastic clips when you open the thing - after which it'll happily chug along for another 3 years.
BTW, I'm using a number of 8 year old phones, with 8 year old batteries which still keep enough charge for about 2-3 days. A typical lithium-ion battery in typical operating conditions (i.e. body temperature, cycling between 20-40% and 100% charge) can generally be charged about 500 times (full charge cycles) before its capacity significantly decreases (i.e. <80%, [1], for a more in-depth study of the topic see [2]).
For me battery life in phones used heavily seems to typically loose 50% in two years and then rapidly become unusable. Which kind of sucks if they can barely last one day when they are brand new. Fakes are of course much worse, and getting original parts when you can't officially replace the battery can be very challenging.
Yes, I still have a Nexus 5 I bought on launch day. Yes I've replaced the battery twice. Yes the battery is a fake knockoff. Battery life is still miserable, but since I only use wifi on I save lots of power that way which makes it usable for my use case.
Are you discharging the battery to very low levels regularly? That wreaks havoc on capacity. My two year old iPhone still reports 90% of its maximum capacity, but I can count the number of times I let it go below 20% on the fingers of my hands.
I'd say that 10% is very common, sometimes 20%, somtimes less than 10.
But to combat this my previous phone was a moto z with a battery-mod that kept it at 80%. But the constant charging/discharging was probably too much for it. After 20 months the battery was beyond useless without the battery-mod.
And I only did the above to be able to prolong the life of the phone, yet it lasted much shorter than any previous phone I've had.
you also have to consider the climate that the user lives in. one can be very diligent about discharge levels, but if you spend a lot of time outside in the heat, you are subjecting the battery to worst case operating conditions a lot.
The original NYTimes article suggested that calls would be intercepted because of the transmission network:
But the calls made from the phones are intercepted as they travel through the cell towers, cables and switches that make up national and international cellphone networks. Calls made from any cellphone — iPhone, Android, an old-school Samsung flip phone — are vulnerable.
Are cellphone calls different from landlines in this respect? Don’t landline calls go through cables and switches too? I know in the old days landlines were connected via direct circuits, but that can’t be true anymore, can it? Can anyone shed light on this?
Nokia 6.1 (2018 model) costs $270 USD with Android One (at least 2 years of monthly security updates), metal body, fingerprint sensor (no notch), headphone jack and hardware-based remote attestation for tamper detection.
> iPhones are harder to hack, which is reflected in the prices companies pay for new exploit capabilities. In 2016, the vulnerability broker Zerodium offered $1.5 million for an unknown iOS exploit and only $200 for a similar Android exploit.
I'm curious, given the fragmentation of the Android ecosystem, how many phones each of those two exploits would affect.
I think there are several things driving up the prices of iPhone exploits:
1. Supply: iPhones are more secure so exploits are harder to come by
2. Demand: It is worth more money to break into an iPhone because the users are more likely to be wealthy or politically interesting (or rather, such people are more likely to own iPhones)
3. Demand: Fragmentation—an exploit for the latest iOS version is going to be able to hit a lot more phones than one for some version of Android (maybe limited to specific hardware too)
4. Supply: If Apple discover an exploit they will patch it and people will soon have software upgrades which counter it. Now that exploit is worthless and so the supply has decreased. When an Android exploit is discovered it will be fixed but those who were vulnerable probably won’t get updates and so there is no need for another exploit targeting that platform.
I've not owned, but I'm interested in the Punkt phones and have followed them for several years. That said, the MP01 adapted an operating system from MediaTek, which I'm pretty certain was Nucleus RTOS:
Their new phone, the MP02, uses a cut down version of Android managed by Blackberry. Ostensibly, Blackberry has produced some secure devices in the past, but it's still Android, which is a large, complicated code base and the there're dozens of comments around here about the insecurities in the Android ecosystem. Now, given how cut down their version of Android is, is it more secure? Possibly, but I don't think Punkt or Blackberry has committed to releasing their source and, even if they did, it's a somewhat niche market, so it's not clear to me that an appropriate, public audit would occur.
I really do like this device and may end up buying one, but I'm not confident that this is the ultimate in secure devices that I'd love to have.
As an aside, it seems like all the 4G feature phones use Android or some derivative. Does anyone know why? I can find non-Android 2G feature phones, but 4G seems universally Android and it's not clear to me why a phone that can't run much for apps needs that.
I would think the secrete service would put an always on VPN connection on cell phones, have all calls go through a self hosted VoIP service, and then the device is arguably as secure as any other computing device someone in the federal government with high security clearance might use.
These people have blackers and all the rest. That's not the issue. The issue is that Trump doesn't want a security hardened phone. He's being petulant.
> "I’d say that the major international powers like China and Russia...It’s safe to say that President Trump is not the only one being targeted..."
Who is doing it? Anyone - not just govs - that are capable, and where the reward outshines the risk.
Who are they doing it to? Anyone whose conversations offer (potential) rewards that outshine the costs / risks. Finding the critical nodes isn't that difficult. Hiding likely impossible.
Yea, ttat's a pretty wide net, and getting wider all the time.
Nobody’s phone is really that secure... but an iPhone vulnerability costs more than an average Bay Area house, while an Android vulnerability is more like the cost of cleaning that house once.
Edit: turns out the figure for an Android vulnerability is off by several orders of magnitude. What a garbage article!
The article (which says in 2016 Zerodium offered up to $1.5 million for an iOS zero day and only $200 for android) seems to have a typo. The source it links to [1] quotes $1.5 million for iOS and $200,000 for Android, which makes more intuitive sense.
Going to Zerodium itself [2] shows the same (in their rather weird little chart[3] at the bottom): They’ll pay up to $1.5million for a zero-click iOS remote jailbreak, and $200,000 for an Android Chrome RCE with sandbox escape.
The Nexus 5 line used to have this until Google decided after three years to stop supporting it despite the hardware continuing to last well beyond that.