[OT] Draconian computer company policies, was: Mobile LC Apps Downloading Stacks After installation

Richard Gaskin ambassador at fourthworld.com
Sat Aug 12 16:48:26 EDT 2017 

Richmond Mathewson wrote:

 > So, I wonder why there is not a way of putting one's iPad app onot the
 > web in a way (and I don't mean via Cydia)
 > that will allow people to download it onto their tablets
 > independently, as one can do on an Android device?

Because China.  And maybe Singapore, and a few others.

Android has an inappropriate reputation for malware, mostly due to 
unscrupulous activities of some vendors in those regions.

True, given is vastly larger market size, there are more malware 
*attempts* on Android than iOS.

But in terms of actual exploits the numbers are very close:  most 
devices exploited have been altered from the default settings Google and 
Apple ship with.

Some carriers in Asia aren't shipping true Android phones.  What they're 
shipping are "Android-compatible", but they are not using the OS images 
provided by Google.  Android is open source so that's allowable, but to 
use the Android trademark they need to be a member of the Android 
Alliance, which requires following Google's security guidelines.  In 
countries like China, where intellectual property enforcement is more or 
less nonexistent, some even claim to be authentic "Android" devices.

Many of these have their own app stores, and they have the built-in 
protection against side-loading turned off so allow those custom apps 
stores to work easily.

While Google provides at least seven layers of security for apps 
distributed through Google Play, most of those are beyond the reach of 
side-loaded apps through these hastily tossed-together third-party app 
stores.

So on the rarer day when you see a tech journalist talking about actual 
exploits rather than number of mere attempts, if you read past the 
headlines you'll find that most of those exploits are occurring in Asian 
and other markets on non-authentic Android-compatible devices, where 
Google's security mechanisms have been bypassed.

In an ideal world, we'd recognize that everything connected to the 
Internet is vulnerable to one degree or another, and cybersecurity 
basics would be a required course in public school.  Beyond the reach of 
any OS vendor lie a nearly infinite variety of ways people can endanger 
their privacy, data security, or even physical safety through a mix of 
ignorance and a nearly complete lack of guidance from gadget vendors 
(ever see a smart car dealer discuss how to avoid having your car 
hijacked while you're driving it?).

But we don't live in an ideal world, and the average person apparently 
has little interest in investing the time needed to use 
Internet-connected devices safely (observe the widespread use of 
Facebook by people announcing their going on vacation, thus signaling to 
burglars which houses to target).

So for now vendors at least try to compensate for the public's apparent 
disinterest in their own safety.

Those who care deeply about using devices they have complete control 
over have plenty to choose from.  Linux has become the de facto standard 
for most forms of computing, and its license explicitly allows use for 
any purpose whatsoever without restriction of any kind, all the way down 
to guaranteeing source code availability.

-- 
  Richard Gaskin
  Fourth World Systems
  Software Design and Development for the Desktop, Mobile, and the Web
  ____________________________________________________________________
  Ambassador at FourthWorld.com                http://www.FourthWorld.com

More information about the use-livecode mailing list