The Dumber Android Is, the Better, Say Experts

ZDOne writes "ZDNet UK is reporting that it will not be known until the Android software development kit comes out on Monday whether the Gphone will be strictly Java-based, but security experts claim that the less smart a phone is, the less vulnerable it is. Android developers should stick to a semi-smartphone platform because the Java sandbox can protect against the normal kinds of attacks, experts claim. The article also discusses some of the pros and cons of open vs. closed source security. 'The debate about the relative security merits of open-source as opposed to proprietary software development has been a very long-running one. Open-source software development has the advantage of many pairs of eyes scrutinizing the code, meaning irregularities can be spotted and ironed out, while updates to plug vulnerabilities can be written and pushed out very quickly. However, one of the disadvantages of open-source development is that anyone can scrutinize the source code to find vulnerabilities and write exploits. The source code in proprietary software, on the other hand, can't be directly viewed, meaning vulnerabilities need to be found through reverse engineering.'"

Huh?

[Matt867]

The dumber the smart phone is the better? Sounds like someone doesn't want to take their programming job seriously.

Re:The most secure phone ever!

[Billosaur]

I know it's meant to be funny, but strangely it's one of the reasons I haven't ditched my land-line to go all wireless. Mobile phones, especially those that try to do everything, aren't particularly good at anything and the more things you cram onto them, the greater their vulnerability profile. My wife just traded her old broken-down phone for a T-Mobile Shadow, and it's not the world's greatest phone (it runs Windows Mobile, but that isn't the root of the problem). The sound quality is horrendous and I haven't tried the MP3 player in it, but I'm not holding out hope.

I don't think we're at the point where phones can handle multiple tasks well, and using one is leaving yourself open to all sorts of mischief.

This is more "smart network, dumb device" logic.

[argent]

This is the old telecom industry chant. "Let's put the smarts in the network, they say, where they're out of touch and nobody can even get in to attack them, and have dumb devices out on the edge. Blue boxes are just a rumor."

By all means it should be possible to make dumb phones with Java sandboxes around third party software using Android. Yes, every layer of security is good. But it's not perfect... if you put everything you want to protect inside the sandbox, who cares whether someone breaks out of it or not?

Don't forget, the OS they're basing it on was designed for timesharing use, where it was common for people who had very different security requirements running code together on the same computer. Linux is a relatively young implementation of UNIX, but it's still using the same design that was able to keep some of the world's smartest CS undergrads from getting at the test papers and scores stored on the very same computers as their class accounts in the early '80s.

And some of the biggest vulnerabilities available to attackers on any platform are in application layers, in code doing what it was designed to do, with no individual component violating any constraint that a sandbox would prevent. The biggest problems are not implementation flaws, they're design flaws.

That's why, despite years of warnings from antivirus company experts, we don't have a flood of smartphone viruses... because PalmOS and Pocket PC and the rest don't have multiple internal firewalls like UNIX or Windows NT, but they're also not designed around a model of accepting code from untrusted sources and running it, like Windows is.

Get the application design right, and you're solid. Get it wrong, and you lose... no matter whether the kernel is inviolate or not.

Can you say DLL Hell?

[erroneus]

People will want to make their phones do special and complex things. To facilitate this, they will write API libraries that other parties will also use because the phone's basic API will not support much.

The results of a non-robust API will be large amounts of object code libraries being built and installed, varying dependencies and conflicts and on and on. As much as possible, it would be best to maintain the API from a single point. This will also enable a much smoother user experience since people won't be forced to create their own GUI libraries and the like.

It needs to be complex and it needs to support everything... at least potentially. Ideally, everything except the data and the object code should be provided through the OS and OS supplied libraries. This would best guarantee compatibility and stability. But we know it won't happen that way. We can't even get KDE and GNOME unified. Some "smarter-than-you-and-me" guy will write something that will be rejected by the masters of the API but will be used by a variety of other developers and then it all begins.

And what happens when the OSS community rebels? Recall how XFree86 became stagnant and people rebelled to create X.org? That wasn't a disaster, but what happens when it happens on users' phones? And will there be multiple phone distros? And will AT&T and T-Mobile try to lock them up? And if they "can't" then will they block those phones from being used on their network (in spite of laws to the contrary)?

Re:The most secure phone ever!

[sm62704]

In March 2006 We got hit by two tornados [wikipedia.org] in one night. They went right through my neighborhood; the big tree behind my apartment looked like Godzilla had stomped on it. Half the utility poles were gone (as were a lot of buildings). My power was out for a week, my cable and internet were out for a month, and the landlines were all out as well.

My cell phone worked, however. It also was a very handy flashlight, as there was no power AT ALL anywhere near my apartment and boy, was it dark there at night! It's been years since I've had a landline.

-mcgrew

From the wha...?

[Pojut]

are-we-talking-lore-dumb-or-kryton-dumb depart.

Whoa...wait...is that...no...it couldn't be...

Is that a Red Dwarf reference right there at the top?!?!??!

I woulda thought a place like teh slash would have had more references to that show, honestly...and for the record, Kryton was WAY smarter than Rimmer or Lister...

Unless...this is a reference to something else, and I'm being my usual dumb self..

Re:proprietary security is like creationism

[ichthus]

Ah, the new buzzword of the day, "consensus." There is hardly consensus on the superiority of openness in a security model. The scrutiny of many eyes argument is valid, but is arguably countered by a "probing of many eyes" for exploits argument.

And, there are good arguments for security through obscurity -- a concept all too quickly shot down here at Slashdot. For example, leaving a house key inside a fake rock in your garden is arguably more secure than leaving the key under your welcome mat. Another example, in which I have personally experienced the behefits of security through obscurity, is network ports. I used to have ann SSH server running on the standard, port 22. Every day, my logs showed numerous login attempts by unknown individuals trying to gain access to my system. Once I moved the server to a different, more _obscure_ port, though, my logs rarely show any connection attemps. Now, is this new port more secure? No. But, because it's further hidden it does afford _more_ security.

And, as for your final, fanny-pat statement to the "consensus" of the "scientific" world: I'm a creationist, and I'm not out of touch. For me, the incalcuably small probability of spontaneous generation of a lifeform able to be nourished by it's environment and then able to reproduce is not a large-enough foundation on which to build a scientific consensus.

Re:The most secure phone ever!

[adamziegler]

"Actually I was cracking not hacking" ... ... actually you were phreaking not hacking.

Re:The most secure phone ever!

[BizidyDizidy]

I'm obviously a moron, but what WAS Bridge 1300?