Funny how all the news is coming internationally nowadays. WAPO would be almost irrelevant without Snowdens leaks. Even the downing of Morales plane was almost invisible in the US press.

Our system is corrupted by corporate interests.

It's on the list of topics for one of the major computer security conferences taking place next month, which means at least some of the researchers knew for a few months prior.

It would not be surprising at all, given all the latest revelations. It really changes the definition of "paranoia". How do you define "paranoia" in a world where spying is widespread and real?

It seems almost obvious that it would be a government in.

so they can track us. Those laws, of course, will be selectively enforced against people who oppose the secret government, but us they will have plenty of time and money to track down.

back for full credit. Period.

Google may be worse if they deliberately engineered this.

At best, you can expect a "We are aware of the problem and taking steps to rectify it", be it from Google, MS, Apple, IBM or any other company. It's the way the tech world turns - I suspect an "explanation" could open them to liability especially seeing as how Android (at least the Google part) is released under the Apache software license which openly states (caps original, bold added):

Unless required by applicable law or agreed to in writing, Licensor provides the Work (and each Contributor provides its Contributions) on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied, including, without limitation, any warranties or conditions of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A PARTICULAR PURPOSE. You are solely responsible for determining the appropriateness of using or redistributing the Work and assume any risks associated with Your exercise of permissions under this License.

I would NEVER use an Android product. Never.

They are a slime bag company, interested in getting any information (aka Facebook) about you (hell, who needs to worry about the NSA!) they can...and use Gmail? Ha! Never...the "Droid" stuff is SO subject to viruses, Trojans, intrusions, etc. that I hope millions have fun with that.

I keep waiting for that headline.

newest Apple app-Hack A Phone.

i guess i'll wait before i start banking on my phone.

Right now this is a good thing. A security flaw has been discovered. Google now knows about it and will fix it.

It has nothing to do with data streaming to remote servers. It has everything to do with how apps function on the system. To exploit it, however, requires what the researcher in the last paragraph shares:

One other hurdle is that in order to catch out Android users, malicious hackers would have to get their booby-trapped version of a legitimate application on to the Google Play store, said security expert Dan Wallach in an interview with Ars Technica.

The danger from the loophole remains theoretical because, as yet, there is no evidence that it is being exploited by cyber-thieves.

" It will be fixed and Android will return to good security.." Android phones are currently under scrutiny by the FTC because they are not distributing updates fast enough.
Apple at least has a program of regular all-but-mandatory updates. Android has so many different phones and licensees that updates are the sole purview of the handset maker, and they don't consider poor security a good enough reason to make any. Just about every handset is a custom version of android and the testing requirements alone would cripple any manufacturer.

This is a fundamental security flaw in the Android base code in dealing with apps and signatures. Therefore, it will be fixed in the next point release of Android which phone manufacturers can then base their own versions off of. Google will have done their job. Now it is up to HTC, Sony, Samsung, etc.

Apple is closed and locked down. Sure, you supposedly get extra security - cough ahem jailbreaking cough cough - but at the price of a locked down walled garden. Android is open and therefore there is more freedom.

I have an iPod Touch with iOS and a Zenithink Tablet with Android 4.1. Both have their strengths and their weakness. With Android, however, I could easily root the device and take over security for myself. With iOS, I could jailbreak and did so, but it is still difficult to control what is happening.

Calling it a master key makes it sound intentional.

It's an operating system bug which leaves Androids open to a particular attack. They happen. Just ask Microsoft. Hell, ask Linux developers!

They happen all the time with any complex system.

Yes! I'm a friend of his...

key my ass

It's called a "bug".

Click traffic needed, ergo, sensationalist headline.

Computerworld Security has a better writeup of this issue:

http://www.computerworld.com/s/article/9240556/Android_flaw_lets_attackers_modify_apps_without_breaking_signatures?taxonomyId=17

This gave Google time to try and restrict their app store before this information went public.

From the CW article:

However, with freedom comes responsibility. For most simple Android users, they never even venture beyond the GooglePlay Store let alone rooting their devices. This is not dissimilar to the majority of iPhone, iPad, and iPod users who never jailbreak their devices and therefore use Cydia.

If you have done those things, and you are savvy enough to use apps from other sources than GooglePlay, then you need to be equally savvy enough to watch out for malware, trojans, and viruses. N'est pas?

"The Play Store says we're too AWESOME, so if you want this awesome app that lets you call for free/put funny smilies in your texts/see boobies, all you need to do is go to Settings -> Security -> Allow Unknown Sources!"

I'm not necessarily arguing against allowing sideloading, just pointing out that making it overly easy is a huge ID-ten-T security risk. Google does tend to sort of look the other way when it comes to rooting, maybe they should eliminate sideloading just to make sure that people who want to do it have to meet some basic standard..

for the lowest common denominator of computer user, we are left with appliances and not tech devices.

I don't want an appliance that tells me how to use it, when to use it, where to use it, and allows me no freedom to use the computer as I would any other 'object' I own. I can mod my car. Am I knowledgeable enough to do so without hurting myself? Yes, in my case. But in others no.

Google will never eliminate side-loading. And I am grateful for that. If someone has used a computer at all in the last decade then they understand the risks of malware, trojans, and viruses. If they mess up, then they mess up and learn from the mistakes.

Now I would agree with a standard for any tech usage, however, that boat has sailed.

When your phone has your name, address, SSN, and bank and credit card info on it - it becomes an "appliance" that IMHO does in fact need to be dumbed down and secured completely. Not that breaking the lock should be trivial - I'm thinking along the lines of kiddie locks for cabinets, those cheap plastic loops that even a developmentally-disabled adult could open...but even they would have enough sense to not drink the pretty blue water contained therein.

Sadly...a lot of people just aren't that smart when it comes to tech. "If someone has used a computer at all in the last decade then they understand the risks" - dude, srsly?

I do think that "breaking out" should be trivially easy - but it should be just hard enough to keep the "pretty mouse pointer and cute smiley faces for my IM" crowd in the safe padded room they belong in.

After all, we had addresses, SSN's, and bank and credit card information long before we had cellphones and iPads.

And yes, I am very serious. In the last ten years, the number of large-scale viruses that have impacted Windows and Mac OS X have been all over the news, cost corporations millions, and have caused a boom in anti-virus application sales. They don't need to be 'tech geniuses' but yes, people do need to learn from that past experience.

We will always disagree because I do not see computers in whichever form they take as appliances similar to a toaster or TV -- plug it in, press a button, and wait for the result. If there are risks at all involved, from privacy issues to security issues, (which covers iDevices, laptops, and desktops) then they need to be treated more like cars. We do not allow people to drive until they know how to do so. They must have this knowledge in order to successfully use the vehicle safely. Of course, many still don't and pay consequences but we do start with a baseline.

Instead of putting up a wall that users must break out of, just spend that time and money on educating users so they can use the devices. Rooting and jailbreaking are not dangerous though they do come with responsibilities - no different than using Windows 7 or Mac OS X.

I will always fall on the side of education and awareness over control and dumbing down. To do that in one area leads as we are seeing to all areas.

Once some clever person has their hands on a new app, it must be pretty easy to code a hook.

This is a bug in the underlying OS that lets attackers add code to an installed apk without changing the hash - if you don't follow, it's like changing the DNA of a white blood cell to something virulent, without changing the outer membrane so your immune system doesn't see it. It's sounds like a somewhat deep-magic vulnerability based on some very low-level OS flaws, which by nature are usually highly critical and go unnoticed for years.

They have been doing this for a very long time. Started way back with a lot of the first online games.

Besides apps, games,I also think tracking cookies, general cookies are a huge security issue.

be included in Ios and Android...