When is a phone not a phone? When it's an Android security key People with suitably modern Android phones can now use their handsets as a hardware security key to safeguard both their Google Accounts and Google Cloud accounts. The ads and compute-time rental biz announced the change at Google Cloud Next '19 in San Francisco, in conjunction with some hand waving about a variety of other …
Clearly you are having trouble understanding what this is, and just jumped to the idiot kneejerk reaction.
To assist idiots here are some important bullet points, I will try and keep them short to not over fill their simple minds.
1/ It's a one time code.
2/ it uses independent secure protocol called FIDO (https://fidoalliance.org)
3/ it's substantially more secure than SMS
4/ Most idiots still don't use and second factor
:-)
yup Google is good for search. Nothing else they have interests me. My 5 year old phone runs Lineage and I have a huge hosts file. And I still don't trust it with information I do not want to be shared with second parties, never mind third parties. Go ahead and laugh at me for being paranoid.
When is a phone not a phone? It is always a phone, its just a spying device too.
Wondering where you got your 1% number from, or did you pull it out your arse?
I guess you just took the full version Android adoption rates and assumed that the full picture, when its obviously not the full picture, as Android 6,7,8 and 9 are patched every month with the same security fixes, meaning, unlike iOS (which only patches the latest), Android gets patches regardless of latest version uptake, and this number is not reported in an easy way for clickbait hacks to throw together sensational "news".
I'm going to pull a number out my arse, and say 60% of Android devices launched in the last couple of years are running a patch version from 2019... If you cut out the budget sub £100 tat, that number would be closer to 80% given pretty much every OEM has signed support agreements with Google for releasing patches within 180 days if they want to include Google play services on their kit.
Still nice try numpty.
> unlike iOS (which only patches the latest),
Yeah, that's because the latest version of iOS is on 80% of ALL iOS devices (as of Feb 2018), whereas the latest version of Android is only on 21.5% of devices.
Even if you add up the percentages of Android devices on every version since v6, it still only accounts for 71% of devices.
Poor try numpty.
"Then you need to speak to your carrier, as you should be running the Feb 2019 update...
next time, if you really care about security updated, don't rely on your network being kind to you. #fail"
Why do you think a carrier should be involved at all? I have the same phone with the same patch. Lenovo made the phone, Lenovo issue the patches, and that's the most recent one that's available. No-one else is involved at any point, nor should they need to be.
As for those suggesting LineageOS, that's a decent idea if you happen to be lucky enough to have a supported phone. However, given that not a single phone I've ever owned is supported that's a bit of a problem. That's including flagships from the likes of Samsung, Sony and HTC. Unfortunately, much as we like to mock Google for constantly dropping support for things, it's even more of a problem for free open-source things which rely entirely on some volunteer somewhere deciding to do the work. I love the idea of projects like LineageOS in principle, but in practice whether your phone is supported, and whether it will remain so a few months or years down the line, is basically a matter of random chance and the goodwill of strangers. Neither of those are great things to be basing your security on.
Because it's Google's platform. They decide all the specs, they write most of the code, and they have effective control over who can make devices and how by licensing Google Play Services which every manufacturer wants. This means that they have the potential to enforce security updates, or for that matter feature updates. A simple "if your device meets the spec for the feature update and was released less than [insert reasonable value] months before the release of that feature update, you must release a version of that update within two months of its release. If you don't, we will not license Google Play Services for your next generation of devices" would do the trick. It is entirely in their rights to decide not to care, but that also means we can complain about their choice not to do this. Their choice, ergo their responsibility.
The difference of course, is every iOS update takes 180 days after release to get rid of all the bugs, and then it's time for a new OS update that brings a huge slew of new bugs, and features to slow down your 2 year old device to a point where you seemingly want to buy another Apple product.
I've got a lovely android-tv device, fitted with 512GB local storage, NFS, and 'airmouse' keyboard/mouse combo.
I'm actually writing this on it now - from my sofa!
It runs Android 5.1. I'd love to upgrade it.
Despite it working perfectly - being powerful enough for me to run windowed apps (browsers, terminal emulators, x-client) and has hardware support for 1080p h264 etc. for my 100" screen, and audio data passthrough for my surround-sound setup, I did actually buy a more recent box to get a newer android version. But the new box is not as good, and it puts up a harder fight when I try to do lower level customisations.
As I said, I'd love to upgrade it. Please tell me how.
"We're essentially allowing multifactor authentication using your Android device as a security key, so you don't need a separate device," said Jennifer Lin, director of security for Google Cloud, at a press briefing on Tuesday."
What the heck? I've been using Google Authenticator extensively for all of our 2FA stuff (Except for DuoSecurity for RDP) for years... is this is a new product, or are they just attempting to re-release the same thing under another name?
"To turn their devices into key conveyors, Google account holders need an Android 7.0+ phone, with Bluetooth active, and a Bluetooth-enabled ChromeOS, macOS or Windows 10 computer running a Chrome browser. "
I stopped at this point..
(apologies to Tennessee Ernie Ford)
Unfortunately, the mention was purely implied and could best be stated outright as "It doesn't run on a Linux machine and we are not going to do anything to fix that". They probably don't want to waste the tiny amount of employee time it would take to have chrome on Linux properly interact with the various options for bluetooth controllers. They probably also are aware that Linux users are less likely to use Chrome directly, instead opting for Firefox or a derivative of Firefox or Chromium, none of which would support it. Finally, they've probably done the math and realized that Linux users are more likely to see that this isn't very new and could potentially be quite unwanted, so why bother? Sorry, you're out of luck.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
