Android Security (was Re: Sending a message to users that floats above everything)
smaclean at madmansoft.com
Thu Aug 24 10:48:26 EDT 2017
> On Aug 24, 2017, at 3:14 AM, J. Landman Gay via use-livecode <use-livecode at lists.runrev.com> wrote:
> On 8/24/17 12:22 AM, Stephen MacLean via use-livecode wrote:
>> My point was that unfortunately that only means ~15% of currently active Android devices are fairly safe and Bob’s comment, while brief, was fair as far as it was concerned. Once Android hits iOS’s ~85% active devices on latest version of the os, then it wouldn’t be. I just don’t think that will happen anytime soon because of the way the OS is rolled out through 3rd parties for the most part.
> Actually, I was trying to make the opposite point -- Google Play Services is now on (at least) 93% of all Android devices. It runs on any Android regardless of manufacturer or customized OS, provided the device is authorized to access the Google Play Store. It's had over 5 billion downloads and is, among other things, the security layer.
> It isn't only the "Google-made" phones that are protected, it's almost all of them now.
I think it’s important to understand exactly what Google Play Services is and isn’t.
It provides a base API, like Windows .NET, that runs on a variety of Android versions giving developers something common to develop against. Google Play Services can and does update those API’s and also updates Google Apps and components such as WebKit. It also provides malware scanning and blocking similar to Windows Defender, i.e. it is a layer of security
It does NOT provide core OS security updates. Those are, except for Google’s Pixel and Nexus, incorporated and provided by the manufacturer as a patch level update to the OS. It is not THE security layer for Android, just a part of it.
So while 93% of Android devices have a layer of protection, it would be like saying Windows XP or Mac OS X 10.6 or even unpatched Widows 10 or macOS are “protected” because they have a malware scanner/blocker running. Sure, it may blunt some/most of it, but they are still vulnerable.
At least with Google Play Services you get updates to some API components like WebKit, although that only starts with Android 5.0. You don’t get that on iOS.
Also, just like other OS vendors, it’s rolling support. 4.4 is the last supported version for Google Play and Google warns that will change as newer versions come out.
See https://source.android.com/security/overview/updates-resources <https://source.android.com/security/overview/updates-resources> and https://source.android.com/security/bulletin/ <https://source.android.com/security/bulletin/> for more details.
Sorry, this is getting long winded and probably pointless. To me, this isn’t about OS vs OS. You aren’t safe/secure/protected if you don’t fix the underlying problem.
More information about the Use-livecode