Doing *nothing* is more difficult than sending a specially crafted MMS message? I suppose I can see that with the younger generations, as doing nothing would require them to put their damn phones down. You're also missing the point that the entire catalog of already existing x86 Windows malware will be available on an x86 Windows phone. Anything capable of attacking a current version of Windows on an x86-based PC will be able to attack Windows on an x86-base phone. That's millions of pieces of malware right there.

And let's not ignore the fact that the sheer number of Android devices that are and will remain vulnerable to this exploit falls squarely on the shoulders of the device manufacturers who don't release updates and the carriers who don't distribute them once released. This is not an issue on Nexus devices, nor is it an issue on "Google Edition" devices, for both classes of which Google directly releases updates. My Nexus 6 was patched against this weeks ago; the lack of updates is not an Android problem, it is a manufacturer and carrier problem, easily worked around by selecting a device for which Google does directly supply updates, and getting the better, faster, and cleaner "vanilla" Android experience as an added benefit.

Depending on language, "Hello World" may inherit bugs from the compiler used to produce its binary. Otherwise, it gets its bugs from the interpreter or VM.

System-corrupting malware installed onto an on-call doctor's phone via this exploit, causing a boot-loop so no calls or messages can get through.

Uhm... yes, they do. Simple Choice is $50, which has unlimited everything except LTE data (if which you get 1GB; data itself is technically unlimited at 2G speeds, though. For $60, you can get the same but with 3GB, for $70 you can get the same but with 5GB (which appears to be what you have) and, for $80, you can get the same with unlimited LTE, which is what I have had since the day they launched Simple Choice and I switched from AT&T. I just checked their website to get the current numbers for the lower plans, as the $50 level included only 250MB when I first signed up and has been doubled twice since then, so this is their current offering.

Oh, just wait until the x86 Windows phones come out, though. It'll be just as attractive as the Windows desktop, because it will be the exact same software. For anyone already writing a Windows exploit, the effort required to exploit an x86 Windows phone will be 0.

Why, yes, when you exploit bugs in the underlying OS, your application breaks when those bugs are fixed. In this case, the bugs exploited were design flaws in Dalvik; ART was designed differently; not necessarily better, just with a different set of design flaws.

Har har. Seriously, though, it's a solved problem.

Step 1: Don't get an Apple Watch
Step 2: Let your Pebble charge for 15min/day
Step 3: Laugh at everyone who has to charge their Apple Watch for 2hr every 12-19hr
Step 4: Profit!

Not often do we get to see step 3. And the profit is real; less time waiting for my watch to charge. Time == money.

And if you read the rest of the thread..................

I do seem to recall my mother's Chevette having this, now that you mention it.

Agreed. Too bad you're AC.

This.

I'm no kid and the symbol on that switch has been standard for longer than I've been alive. It's not always in the same place, but it's always prominent and always looks the same.

Except that... well... that's exactly what Apple allows. The Pebble app can communicate with the watch bidirectionally, iOS will happily send every notification to the Pebble watch, and there is nothing stopping the Pebble watch from forwarding those back to the app. Where's the security? You either allow access for *all* notifications, or for *none*. That's precisely what iOS does right now.

Does iOS allow access to the list of possible notifications? Or does Pebble just have to guess? Without the list, yes, it is that hard; Pebble would have to know about every app that even could send a notification (and there are more and more of those every single day) and list all of them for the user to pick from whether they are installed or not. Of course, if iOS does, in fact, provide apps access to a list of notification sources (and I don't see why it would, given that it does not allow apps to access notifications) then yeah, it's pretty simple at that point.

But I'm confused... Why do you think allowing apps to "limit" their own access to user data is secure? The OS has the functionality already, they just need to enable it for this use case; *that* would be secure.

Why should Pebble have to spend the CPU cycles, RAM, and battery life on that? Why, since Apple makes each device register to receive notifications in the first place, can't Apple add a toggle for each registered device? I mean, there's already a Notifications config page for each app, where you can set how you're notified by that app; why not add toggles for devices to those pages? Simple, really, and when you think about it, more secure because you can limit notifications sent to your watch to only those that you don't mind whoever is sitting or standing next to you reading when the pop up on your watch.

Android also makes you visit a config page and check a box to allow the Pebble app to intercept notifications. The difference is that, on Android, the app gets to decide which notifications it gets, where Apple makes it an all-or-nothing proposition. That's not a security measure, that's a security risk. The irony is that, the way iOS notofications are configured, iOS is actually in a better position to mitigate it (by doing what I suggested in the above paragraph) than Android is; iOS could add those toggles to the notifications config and simply not pass deselected notifications to the app in the first place, which actually would be secure. They have the framework for that already in place. Android leaves it up to the app to decide which notifications it wants passed to it; it isn't passing them all, but it isn't giving the user the choice at the system level like iOS does, either; except that, in the case of a 3rd-party app requesting access to notifications, iOS isn't doing it either.

In other words, neither platform handles passing off notifications to 3rd-party apps in a secure manner once an app has been granted that access, but Android does allow apps to only receive the notifications they want. If iOS allowed this to be configured, within their already in-place configuration framework, not only would it have feature-parity with Android, it would have the security upper-hand, as well.

But then I'm missing out on activity tracking. Personally, I take mine off when I'm taking a dump, so that's when it charges. I don't take enough dumps to sustain an Apple Watch like that.