Labels

tech (10) Android (4) Google (4) tips (4) Apple (3) China (3) iPad (3) iPhone (3) marketing (3) philosophy (3) review (3) Chrome (2) branding (2) luck (2) nexus (2) root (2) theology (2) Economics (1) Games (1) Steve Jobs (1) hack (1) history (1) politics (1) remembrance (1) security (1)

Search This Blog

Tuesday, October 12, 2010

Android, a tradeoff between open and secure

Android has been developers' heaven due to its openness. It is so easy to use your imagination to develop something without worrying about whether somebody else has already built it on Android. An app with the most common features (notepads, I wonder why ;) can be published to the market as the developer wishes. Obviously, this also creates a problem, a malicious / offensive app can be available for download as well.

Not surprisingly, Google has prepared for that, and we have already heard about Google's ability to remove an app from your phone remotely, and all you have is a nice little notification to tell you it has happened. Google will also *try* to refund the money as well, not too shabby.

As I was reading about how Google does it, I came across two blog posts by Jon Oberheide. One investigates how Google removes it, and the other one describes how potentially unsafe it is.

If you really feel geeky today, you can find these two posts here and here

Essentially, if you dial *#*#8255#*#* from your Android phone, you will open GTalkService monitor. You phone keeps a connection with Google's GTalkService, and "heartbeats" are periodically sent to this service's server. In addition to many important information, you can check out the entree at the end of the monitor log. If you installed or removed apps from your phone in the past 12 hours, you can see INSTALL_ASSET / REMOVE_ASSET entries at the end. It shows how many apps are installed on / removed from your phone in the past 12 hours. These two types of messages correspond to some functions implemented in vending APK. Google can use the connection established by GTalkService to push down either INSTALL or REMOVE intent to *organize* your app collection.

Wait, if Google can do it, anybody who can forge an intent message also can do it. Apparently Google uses SSL to ensure the secure communication. However, we have long known SSL is not the foul-proof security solution (won't it be nice if it is?), and as it turns out, Google is not using their private key to digitally sign each intent message. Therefore, theoretically, if the SSL channel is compromised, all the Android phones can be unwillingly installed with malicious attackers' apps.

Granted, signing each intent message using the private key is costly, and Google probably has a very good way to keep its SSL channels safe and sound. Still, only benefits from SSL for its confidentiality not integrity is quite an irresponsible thing.

God Bless Google for the sake of every Android user out there.
Posted by at
Labels: , ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)