[PCWorld]

Post your comments for Why Android App Security Is Better Than for the iPhone here

[travisgamedev]

The jailbreakme site as it turned out, didn't do anything to iPhone users either except those who went there for the sole purpose of jailbreaking their devices so the typical iPhone customer was never affected. Also, Linux has no better security than UNIX which is what the iOS devices run on so they have the same root security level as they are security-wise practically the same. This article seems to have a lot of correct information about Android devices and incorrect about iOS devices. Very one-sided.

[ViNoi552]

Here's why you should take anything that "PC" world has to say with a pinch of salt or try to keep that gag reflex down. Ofcourse Andriod Goobois will think differently - as long as they can use the most OPEN OS of them all on the "PC" - Windows!

These are the list of headlines at "PC" world for Android and iPhone:
Google Finds Android Wallpaper Apps Were Not a Threat
Free Android Apps Caught Stealing Personal Info
Google: Android Wallpaper Apps Were Not Security Threats
Five Ways Android Will Defeat iPhone and BlackBerry
Your IPhone May Be Spying on You
Reality Check On Those 'Data-Mining' Android Apps

Now here's the list of headlines in the Operating system section of "PC" world:
Why Android App Security Is Better Than for the iPhone
Prepare for Record Patch Tuesday
Five Ways Android Will Defeat iPhone and BlackBerry
Acer Debuts New Dual Android, Windows XP Netbook
Which Smartphone Should I Get?
11 Free Linux Apps Your Business Needs Now
Why Linux Is More Secure Than Windows
Firefox Falls Further Behind in Browser Wars
Is Linux Really Harder to Use?
Five Secrets to Windows 7 Success

Did you notice the absence of one desktop OS based on Unix that has taken the world by storm and produced by a company that has sold more of those OS based systems every year? Heard of Mac OS 10 ? I would think you did - but "PC" World has not.

Biased attitudes are biased no matter where it comes from whether from iPhone fanatics, GooBois or Android Nuts.

ViNo

[Jailbreaker101]

This is a bit backwards. You talk about how compared to Jailbreaking an iphone users on Android are more protected. That's the point of jailbreaking - and why it's not protected by Apple.

You can't compare how much more "protected" a regular Android handset is compared to a JB iPhone, especially if you're unaware that Android devices can also be "jailbroken," except it's called rooting, which you should understand since you referred users not having root privileges. In which case, users can also change settings, add unrecognized programs, and the like.

If you're set on the fact that jailbreaking is unhealthy and should be avoided, you need to compare Jailbreaking and Rooting, and not Jailbreaking vs Android.

You're facts are also abused, as you say things like twice as many apps for iphone check data, etc, but that's got more to do with the fact that there are over twice as many apps in Apple's appstore to begin with.

Also, you're arguing that the more "eyeballs" that watch over a phone, the more the security. Jailbreaking allows the same thing for iphone users. The security flaw that allows Jailbreakme isn't the problem, the flaw is. Comparing them as if Jailbreakme itself was a virus is where most people are getting misinformed.

With a name like Jailbreaker101, I'm probably going to get flamed for a fanboy/troll. But just saying...

[FooBarm11z]

Absolutely... the approval process is anything but safe.

[mrwhite]

This article brought to by Google $$

[QUADICON]

Technically, wouldn't that be true of all OS'? Example, even in Windows it requires a person to have admin access to be able to install apps. In the consumer versions, this rule is still enforced, but is set to where the 1st user to install Windows and create an account is automatically the Admin account and thus you don't get password restriction when installing apps, unless you create a password.

But when it comes to Unix based OS' like Linux, Android and OSX/iOS, since the same policies are in place; wouldn't that technically mean that the 'i' devices should have been able to fall victim so easily? Oh wait, the work around was using a hole that existed in how iOS/OSX reads PDF code. They simply injected the jailbreak into the PDF code so when read it executed the code to jailbreak the device. Neat trick. Easily fixible as Apple has already done so. But should it have been there in the first place?

Since all OS's have a hole, or bugs by default; isn't this really fighting a battle no one is ever going to win. Windows was a bit harder to exploit. Each exploit required the user in the majority of cases to allow the malicious software into the system. The craziest one was the Flash exploit. if you go to a site that says you need an updated Flash player, how hard was it to verify you did by going to the site of the company that makes it? Most people are lazy and stupid so thus they got infected. While no one else did.

But doesn't drawing attention to these create a new way hackers can look elsewhere to hack OS'? I mean, you are saying in this article that several OS' are vulnerable to exploits. Some of the latest articles mention what the door of entry was. Now basically you gave all the hackers a gun and they simply just need to find their own ammo by checking for holes in every possible application to get access.

The most common apps to exploit are the ones that transmit and receive data, like your browser. It an easy app to exploit because the fact is everyone has to have one. IE is the most popular and most used so thus they seem to start there. But Safari has been easier to hack. yet it runs on Linux/Unix systems.

Comparing my iPhone 4 to my HTC Incredible, when I download an app from either store, only the Android phone takes me to a screen that asks me for permission to allow. It doesn't matter who the app is from, what it is or what it does. Technically even tho I know I purchased or am willfully downloading the app iPhone should have a screen that explains what is being accessed. If this is an app that needs GPS or as Apple calls it 'location services' or Spotlight or whatever behind the seen activity, it should at least show the warning even if I don't plan to read it.

Apple does not do that. That seems ver laxed because at least RIM phones do warn you and their OS isn't Linux based. All Android phones warn you. Apple? Not so much. WinMo? Not so much.

[stevejluke]

Re: Jailbreaker 101

I think you need to re-read the article. It doesn't compare a jailbroken iPhone versus a stock Android phone - it is comparing stock versions of both, as exemplified by 2 - comparing the Android App Market (user patrolled) to the Apple App Market (Apple patrolled, but how?).

If you wanted to compare Jailbroken iPhones versus Rooted Android phones - go ahead but like you said, I doubt it is very useful, people who jailnreak their iPhone should know the security holes they are opening. The comparisons will go the same way though, since apps on a rooted Android phone still need to report what permissions they need, and when an app actually needs root access you generally have to grant permissions at the time of execution (I guess this could be kernel specific though). The iPhone has no such installation or execution time security because it assumes the apps were properly vetted by Apple. Circumvent the App Store process and the phone will let apps do almost anything.

Now, I don't necessarily agree that the Apple app approval process is less secure than Android's, I do agree that I trust myself more than I trust Apple, and Android makes it easier for me to make security-based decisions.

[QUADICON]

@Vino - What a whiner. For teh pass frikkin nearly 4 years, all we say were articles on iPhone this and iPhone that, and no one is going to beat iPhone, Iphone has the best this or that. That is all we heard for 4 years.

Now PCW wants to give some one else the limelight because liek with Apple, SOMEONE ELSE IS MAKING NEWS.

When RIM had there turn PCW was all oevr it, as per usual when MSFT is int he spotlight they are also on PCW. Apple has 4 years of uninterupted spotlight. Where many of us compalined about the majority of rights drinking way to much kool-aid. Now they are talking Android. This is a tech site...right? Which tech product is making headlines?

Oh its not your beloved Apple anymore. Haven't you seen this happen before? If you're even old enough. For 5 years Apple had the computer spotlight. The Apple II, IIe, IIc, IIS, Lisa, Mac and more. Then Microsoft came and blew them off the map and it was all Microsoft for nearly 2 decades. It si now someone elses turn.

How teh hell you going to cry about it? You wanna read news only about your favorite Apple. Then go to MacRumors or whatever other Mac site you can think of. PC means personal computing. Last time I checked, Apple didn't coin the phrase nor did they trademark the saying. It doesn't belong to them. No more than PC is just a Windows PC. Windows PC is only a type of PC. Mac's are a type of PC. My smartphone is a type of PC. Its only you dumb retarded egotistical Apple fans who think every word has to either only be associated with Apple, or only associated with someone else.

Oh and eco-system? Scientist coined that word to descibe various syetem found on our planet, well before Steve jobs was born. Now everytime you hear it it has to be Apple and them only. Well now the Android eco-system is making headline news. Don't want to hear or see it? get out the kitchen.

Crybaby!

[crosswordbob]

QUADICON, on 06 August 2010 - 01:14 PM, said:

.

Comparing my iPhone 4 to my HTC Incredible, when I download an app from either store, only the Android phone takes me to a screen that asks me for permission to allow. It doesn't matter who the app is from, what it is or what it does. Technically even tho I know I purchased or am willfully downloading the app iPhone should have a screen that explains what is being accessed. If this is an app that needs GPS or as Apple calls it 'location services' or Spotlight or whatever behind the seen activity, it should at least show the warning even if I don't plan to read it.

Apple does not do that. That seems ver laxed because at least RIM phones do warn you and their OS isn't Linux based. All Android phones warn you. Apple? Not so much. WinMo? Not so much.

Unless I'm missing something in your post, I'll just point out that location services do need to be authorized by the user prior to an app being able to use them, though there is certainly not the granularity of permissions that I understand Android asks for.

I would also point out that there are some who argue that fine-grained permissions can have the effect that users become lax and just click through them, or fail to comprehend the technical meanings of some of them. I can't comment on the validity of that argument without first-hand experience or some form of market research, but that might (or might not) have been Apple's reasoning.

[hastaluego249]

The only malicious apps the Android system can catch are those whose permissions differ from the advertised requirements. If I want to track the movement of users I just have to write a simple app that uses the GPS. Something like a car finder. Once I am in, I can start reporting to a server without the user knowing it. And that is why the Apple approach is better if not perfect. They have access to the code for all their apps. And they have the programing knowledge to catch malicious code. The average Android user will always click ok to all the permissions without thinking about it. Just like the average Vista user did a couple of years ago.

[epgomez]

I think what the author is trying to point out is that jailbreak.com cannot be done on stock android where as in ios its possible. This is true. In android you already know what the app manipulates because it always tell you every time you install.

[crosswordbob]

epgomez, on 06 August 2010 - 02:13 PM, said:

I think what the author is trying to point out is that jailbreak.com cannot be done on stock android where as in ios its possible. This is true. In android you already know what the app manipulates because it always tell you every time you install.

Dodgy ground using a single exploit when assessing the security model of a platform unless it exposes systemic bad practice, since technically all we know about stock android is that no such exploit has been found yet. Of course such an exploit might not exist, but if you want to see how crowing about a lack of exploits can bite you on the ass when one turns up, just look at Apple

Open source can have the benefit of worldwide peer reviews, but it's not perfect. How long were Debian/Ubuntu hosts running with predictable server keys because a source code analysis tool deemed a call to seed the random number generator was redundant in OpenSSL?

I'm not trying to tear down the arguments as they stand, just pointing out that the real world is more complex than the article seems to suggest; it does rather smack of subjectivity.

[EvanVanVan]

The author mentioned the JailbreakMe.com site as a iOS vulnerability not because jailbreaking is a harmful thing for your phone. She mentioned it because the same technique it uses (a PDF vulnerability) CAN be used maliciously by others with more harmful intentions...It is a major security risk for iPhones just goog..err...search it!

I like the earlier post with all of PC World's pro-Android headlines, I had no idea they wrote so many pro-Android stories...Most of the time I dislike PC World for their pro-iPhone stories written by clear fanboys (and girls). Obviously, like real life, PC World has a clear split of pro-Androiders and pro-iPhoners writers...This article was much more accurate then most pro-iPhone articles (remember that one about how iPhone Multitasking was so much better then Androids? HAHAHA)

This post has been edited by EvanVanVan: 06 August 2010 - 03:04 PM

[StevenHolms707x]

The point isn't that Jailbreaking isn't safe, its the fact that all you would have to do is click on a link and your phone could be hacked and remotely controlled. The same exploit used by Jailbreakme.com is a huge problem for iPhone users, because like I said, the exploit could be adapted easily by a hacker then have a perfectly normal looking link jailbreak and take control of your iPhone.

While I agree that the author was mistaken on many things about the iPhone, the Android statements were true, and they do have a point about the opacity of the App Store being a negative against security. Because a user doesn't get to see what the application can access, and as a result, the occasional app that gets passed Apple, and there are plenty that have, could easily take users by surprise and really screw them over, and the user wouldn't even know until long after it was too late.

[deiong]

wow talk about a person writing a story about something they have no idea what there talking about. sorry guy gonna have to catch you in the act of fabricating bs. just look at the folder explorer programs that let you deep inside teh os's system files. apple does not allow a program to access another programs anything. they only have access to a coommon media folder adn there own. nice set of lies but next time doa little rsearch sicne the truth is your facts are 100 percent wrong, its the exact opposite.

[deiong]

wow talk about a person writing a story about something they have no idea what there talking about. sorry guy gonna have to catch you in the act of fabricating bs. just look at the folder explorer programs for android all which let you deep inside the os's system files. apple does not allow a program to access another programs anything. they only have access to a coommon media folder and there own. nice set of lies but next time doa little rsearch since the truth is your facts are 100 percent wrong, its the exact opposite.

[mathion]

It's not that the JailbreakMe app was malicious or the website was malicious. It's HOW it worked that could cause problems for iPhone users.

And regardless of whether the JailBreakMe site was malicious or not, the fact is iPhones are not as secure as others. Apple has too often relied on the lack of adoption and flying below the radar insofar as the number of users went to avoid the interest of hackers as its primary security feature. They have NOT had the attention of the hacking community that other software makers have had - until now. Despite repeated warnings, hackings in under two minutes and other demonstrations of their blatant lack of security, Apple did nothing proactive to secure their software.

Even the patch to reduce the vulnerability exploited (benevolently) by the JailBreakMe website is primarily intended to prevent people from jailbreaking their phones more than it is to plug the security hole. Apple has depended on silence and the wall of mystery to defend themselves from hacking exploits.

That strategy will no longer fly.

Welcome to the real world Apple. I expect you'll be hearing about more exploits and experiencing far more security issues in the months to come.

[TechWatcher2010]

Katherine, seriously, please disclose to your readers how much Google is paying you to write this crap. All you ever write is pro-Android articles that are seldom, if ever, based in reality.

Please go root your phone, access TELNET and whatever other crap you do with your Android phone(mini-laptop) that no person with a life would ever care to do.

[ozoneocean]

It's funny how little the mac fans understand of what the author is saying about security.
But then, that's WHY they're Apple fans...

Be that as it may, the author assumption that an application telling a user what it will have access to before instillation makes things more secure is invalid. -Most people just want to install the application and wouldn't really necessarily know or understand exactly which permissions that each application should rightly have or not.
-I myself go most by who the App maker is and the comments of people who have installed and used it.