back to article Using Android 4.3? Don't let malware snatch your private login keys

If you're one of the 10.3 per cent of Android users running version 4.3, aka Jelly Bean, your login keys are at risk of theft – thanks to a vulnerability in the operating system's KeyStore software. KeyStore, as the name suggests, stores a user's cryptographic keys, which are used by apps to log into services without the user …

  1. Anonymous Coward
    Anonymous Coward

    Will android for gadgets suffer the same fate as windows for PC? Meet the new boss, same as the old boss? I truly hope not.

    1. eulampios

      @Taylor 1

      Will android for gadgets suffer the same fate as windows for PC?

      Not sure it can in the future, so far it has not. Since the "old boss" has been known to

      1) lack many security mechanisms, such as, separation of system and apps, separation between apps and, finally, transparent permissions;

      2) hold security as an afterthought, that is why trojans have not been the only plague of it, remember those nasty viruses, a user can magically contract?

      3) be of a proprietary nature and dependent of one very well known monopoly.

      Besides the fact what this article says that this particular bug might not be very easy to exploit, buffer overflows pop up here and there in a lot of types of software and most operating systems. I am not sure if any of the great infections like Loveletter, Conficker or Stuxnet were some sort of consequence of it, however, it's rather insecure design of MS Windows to be blamed there. Conficker vulnerability was patched some time before it started to spread, not too many people bothered with it. The flaw was and still is with it (and partially with Stuxnet), where RPC is allowed it as a service and enabled by default. Remember, that security is an afterthought?

      1. Anonymous Coward
        Anonymous Coward

        Re: @Taylor 1

        Good points, but, as I've pointed out (and is slowly coming true), portable devices are beingf targeted more and more due to their popularity. Windows started the same way, hopefully someone has learned from MS mistakes before we have a patch Tuesday for androids.

        1. RyokuMas

          Re: @Taylor 1

          "... a patch Tuesday for androids."

          It would be worse than that - with Microsoft, we know that patch Tuesday is patch Tuesday. With Android, it will be more like "patch whenever the service provider can be bothered to push the update out".

      2. Robert Helpmann??

        Re: @Taylor 1

        Yes, all very true, though it perhaps does not match my Top x List. However, the "new boss," same as the "old boss," has many of the same issues:

        1) Lacks many security mechanisms, especially and most egregiously a meaningful way for users to grant permissions to applications based on informed consent rather than the all or nothing approach that is currently the norm.

        2) Hold security as an afterthought - in as much as the app store is a part of the Android experience, even if not part of the OS, it is unusual for there to be any thought of security at all, after or fore.

        3) Open source is no guarantee of security or flawless code, nor that it can be repaired if there are errors or vulnerabilities. It is a valid approach, but it is not the only valid approach. As far as overwhelming influence and monopolies are concerned, try breaking the internet by googling Google. For more Android flaws, try googling "android security issues"

        Here's a question that is more to the point: When MS puts out a security patch, individual users and organizations have control of when it is applied. They can test it out before deploying it on a wide scale, wait to see how other people fare, or jump right in and trust MS with an automatic patching regimen. What choice to Android users have?

  2. Stuart Halliday

    Let's see how long Samsung takes to fix it's Galaxy S3 Flagship phone of 2012 which sold millions!

    We're counting Samsung...

  3. Gannettt

    If 4.4 hadn't been dumbed down quite so successfully, I would have moved up to it. 4.3 is perfect for me at the mo.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like

Biting the hand that feeds IT © 1998–2022