Good news first...
- Google wrote Android with security in mind (we'd like to think) and its applications run within an isolated "sandbox" type environment
- So... trojan'ing the browser (which is WebKit-based) means you don't get acces to the entire system
- The wording from the body that discovered the flaw (Independent Security Evaluators, ISE) indicates that there is an existing fix for the flaw (which exists in one of the many open-source packages used)
Since most people use the browser on their phone for nearly everything, this means that you can't trust the browser in your phone - thus defeating a vast majority of the functionality people crave.Perhaps it was the rush to market, or perhaps it was the lack of attention to security - I won't speculate; what I can tell you is that it's obvious security researchers couldn't wait to find a flaw in Android... it sure didn't take long.
Does it mean that you shouldn't buy one? Probably not.
Does it mean that Google's security is bad? Probably not.
Does this mean that Android is just another piece of consumer-ized gadgetry? Absolutely.
No comments:
Post a Comment