Tag Archives: Android

May 20, 2015 · 00:43

Fear is a tool

It started with a thought, one I have had for a little while and one that had been voiced in the past. Today, in the Guardian we see part of this in the article called ‘How we sold our souls – and more – to the internet giants‘ (at http://www.theguardian.com/technology/2015/may/17/sold-our-souls-and-more-to-internet-giants-privacy-surveillance-bruce-schneier). I respectfully disagree with parts of this.

The first premise is the important one.

Did we sell our souls, or were governments on a global scale lacks and slow regarding the rights of privacy?

That is an important question as it is linked all over the place. We tend to look (as I have mentioned numerous times) regarding the information the intelligence community gets, but at the same time we allow ourselves to get mined and exploited by every social network available. A nice example that the article uses is the Hello Barbie. The Washington Post gave us loads of information in March (at http://www.washingtonpost.com/blogs/the-switch/wp/2015/03/11/privacy-advocates-try-to-keep-creepy-eavesdropping-hello-barbie-from-hitting-shelves/), but it did not get the global visibility it required to have.

You see, there is nothing wrong with an interactive toy. I reckon that as programs became more and more interactive, then so would toys and the Hello Barbie doll is the premium evolution for children. The big issue is not the toy, but this simple line: “As the doll ‘listens’, audio recordings travel over the Web to a server where the snippets of speech are recognized and processed. That information is used to help form Hello Barbie’s responses” Why? Why use the web? Why not connect to a device that has the software installed? The answer is simple, this is only in one part about the doll, it is a lot more about collected data and data is value (their marketing department will come with some “it’s  all so much easier via the web answer”). Collecting the questions of children gives way to trendsetting and to marketable exploitation. Of course, in that light the adult edition, where the answer to every question becomes “not now darling, I have a headache” is likely only 6 months away.

You think I am kidding? Data is the core of value, marketability of data is the new ‘O’ for industrials. Knowing how to push the button by answering the not asked questions in advertisement is the rage, the El Dorado of the marketing industry. So when we see the quote at the end of the article “Mattel and ToyTalk, the San Francisco-based start-up that created the technology used in the doll, say the privacy and security of the technology have been their top priority“, we should state that if security and safety were such important parts, you would have kept these issues local and not via the web. As for security, if hackers can take down Sony, then Mattel might not be that much of a challenge and in that light, that collected data would be worth a fortune, so people will get that data one way or another.

Beyond the toy need of a child is the need for health. That part is dealt with in “Many medical devices are starting to be internet-enabled, collecting and reporting a variety of biometric data. There are – or will be soon – devices that continually measure our vital signs, moods and brain activity“, now we get to the juicy stuff! You see in the UK there is the Data Protection Act 1998. Yet here we see the following issue:

Section 36 gives us: ‘Personal data processed by an individual only for the purposes of that individual’s personal, family or household affairs (including recreational purposes) are exempt from the data protection principles and the provisions of Parts II and III’. So Barbie is already exempt in this case.

Even though section 2 gives us in section 11 ‘Right to prevent processing for purposes of direct marketing’, which is in part II, so Barbie is again exempt.

However, we do see protection under part one section 8. Here we see: ‘Personal data shall not be transferred to a country or territory outside the European Economic Area unless that country or territory ensures an adequate level of protection for the rights and freedoms of data subjects in relation to the processing of personal data’. Yet the danger here is that this regards ‘personal data‘, the definition under part one states: “personal data means data which relate to a living individual who can be identified”, which is not the part that is transferred, so it does not count. The personal data is what mommy, daddy or junior enter within a website or social media, outside of the UK (or Commonwealth), so that they can receive a much more personal ‘experience‘ with Miss Barbie. This is at the core of the problem, but it is only one factor. The same applies in 99% of the cases to healthcare and fitness equipment that connects through the Bluetooth, Wi-Fi and the web link. All this gets collected. So when we wonder regarding the excuses on software on cheaper through the online experience, several parts give clear indication that this is about collecting data, because data is the new gold. How much do you think a health care provider is willing to pay, so that they have data that allows to cut off, or additionally charge the riskiest 10%? Even though those people are already paying premium, to have a check on the safest group and to flag the least safe group is worth a bundle. Anyone selling that data for less than a 9 figure number is getting royally screwed.

And it goes on beyond the mere computer and the internet. More precisely your smartphone. The apps you install track you here as well. They track your location and sometimes download your address book, calendar, bookmarks and search history. Not to mention a host of other parts. The most annoying part of it all is that you the user gets to pay for your bandwidth, so if your data gets downloaded, you are likely to see background usage of the data and the bandwidth used goes to your total usage.

The gem of the Guardian article is shown near the end “And it’s all possible because laws have failed to keep up with changes in business practices

This has been the number one issue for well over 4 years now and the lawmakers have basically been sitting on their hands, pretty much all over the commonwealth I might add, because data is money and those captains of industry require overhead (read data profits). It comes down to the same issue with the laughingly disturbing discussion on movie piracy. Telco’s rely on bandwidth, without that, there profits go down to the basement, in that same light their reliance on data seems to hinder governments to react in a timely manner. Research, investigations and commissions. We have seen data issues since before Edward Snowden. Yes, in all these years, how many successful alterations were made to the Data Protection Act 1998, via either legislation and/or the House of Lords? You do the math, yet the answer is simple. As I see it, look at your two hands and do not use the 10 fingers that is how often, a mere ZERO times! Just like the internet consumer change, the internet data change has seen just as many evolutions.

The worst is however yet to come!

You see, the newer mobile phones often have the capacity that surpasses many laptops and tablets. I witnessed just 4 days ago how a friend used his mobile as a SharePoint because he had to update his PS4. What He had not realised is that the PS4 also started to update his installed games. It took him less than two minutes to realise this and in that time his 2GB bandwidth was gone! Welcome to 4G bandwidth!

He’ll lose an additional $10, so he did not think it was a biggie, but now consider how much data can be passed over to wherever the applications decides. So when we get these small messages, when we are lulled into a sense of ‘security’ consider where your data is and who else has access. That is at the heart of the matter, as well as the heart of the legislative failing. Who else has access! When data is stored at any third party provider, the app maker might guarantee that THEY will not allow access to the data, but that does not state that this is the case, you see, if they have the data parked in any other provider, what does the rules of those providers stipulate? Only they? Only the executing service agents? The world of data is quite literally the new Wild West of Business and IT, a reasonable untapped frontier and we all forgot that we think that data is there and only we can access our little field of data, whilst in reality and corporation with a tractor can get to any part of that data field. It is all nicely settled in the line “are exempt from the data protection principles”, so as we consider our data and why we are not keeping it local, consider one final ‘deletable’ part, which is also in the Guardian article “In 2009, Amazon automatically deleted some editions of George Orwell’s Nineteen Eighty-Four from users’ Kindles because of a copyright issue. I know, you just couldn’t write this stuff anymore ironically“, yet even though the irony is out there, consider that your data is also on the cloud. So what happens when that gets deleted? Not by you or by the provider, but by a third party who got around it all? You might wonder why that is an issue, if you do then consider the final question in this dilemma: ‘Who is the owner of a deleted file?’

So here is the fear part:

Where is your data?
Who ‘owns’ it?
Who has access to it (besides you)?

These are one side of the fear equation, on the other side you have the data local storage, which you must personally manage, you must backup this data and you must keep track whether it is all backed up. Some users feel uncomfortable with that. A nice example can always be found when someone in your vicinity cries over a crashed mobile and all contacts lost (I saw that a few times happen to people I know in 2014).

One fear or another, they’re gonna getcha!

So you the user have gone with the flow and the privacy for billions is up for grabs because no one wondered, asked or pressured, now that part is almost indefinitely gone, only by adjusting the laws can we see a restoration of proper privacy of data and information, but those who rely on the value of data are extremely intent on not letting those changes happen. Consider this part from an earlier Guardian article “Facebook places tracking cookies on users’ computers if they visit any page on the facebook.com domain, including fan pages or other pages that do not require a Facebook account to visit“, do you think Google is any different? So as you are tracked and as data is combined from social media, from websites, devices and even toys. How much privacy do you think you are enjoying at present?

Now we get to a truly speculative part. Consider Google with its Nexus range. Now the new Nexus 6 looks nice (way out of my budget range), there is a 32GB and a 64GB version. No issues here! In all aspects a decent game changer for the Nexus fan. Now we get to the Nexus 9, the tablet. Before I give my view, let’s refer you to Forbes, here we see some interesting details (at http://www.forbes.com/sites/ewanspence/2013/01/29/apples-128GB-ipad-just-gave-every-android-tablet-manufacturer-a-headache/), an important fact is that this is a January 2013 review, so more than two years old! In that regard the specs do not seem to have changed! So this ‘new’ tablet is only to be begotten in a 16GB or 32GB version. So it has a lot less storage than the Nexus 6 mobile phone. It has a few more weaknesses, but basically, as Apple already had a 128GB edition, Google remains at 25%. In my view this was intentional! The machine was released late November 2014. Why would they not have a version that is at least 64GB? My iPad 1 (yes version One) which I bought in 2011 already had 64GB). This is not a mere oversight from a bungling manager, as I see it this is an intentional drive to get people towards Google drive, with data stored in a place where some might have access (the non-user that is). Remember, this is pure speculation on my side! Google could have made a contender and is offering nothing more than a consolation price. Offering it at a very competitive price, but it comes with the foresight that people will be driven to the Google Drive, sooner rather than later!

Please feel free to reject this notion, but ask yourself, in the fight between IOS and Android, why would Google not offer a machine a lot more competitive? This is at the heart of the matter, this is as I see it the crux of it. There is of course a danger that we make ‘relationships’ between fiction and facts in events that are a figment of our imagination, but in the competitive industry that is called ‘mobile devices’ to remain behind to this extent to that degree calls for questions, does it not?

There is one part to add, the Guardian article was originally adapted (by the Guardian) from ‘Data and Goliath’ by Bruce Schneier, Bruce Schneier is a security technologist and CTO of Resilient Systems Inc. He can also be found tweeting his heart out as @schneierblog.

 

Leave a comment

Filed under IT, Law

Tagged as , , , , , , , , , , , , , , , , , , , , , , ,

April 15, 2015 · 18:33

When you BS the customer

I have had three issues on that matter, all in one week, so I reckon that I am slightly agitated in regards to projected presenters of misinformation with intent (also known as recruiters). If that was not enough, in the tech sector Verizon added to this with the article in the Guardian (at http://www.theguardian.com/technology/2015/apr/14/mobile-malware-report-verizon-smartphone-adnoyance). The article is interesting for more than one reason, so let’s get to it.

The title is a valid question as it states ‘Is mobile malware a lot of fuss over nothing?’, some will say yes, a lot more will say no. Yet, how much of an issue is mobile malware? That is in the end a valid question. Verizon, a telecom provider goes for the ‘adnoyance’ key. They are depending on people relying on a provider as without it there is no phone, but is malware just the annoyance of advertisement? Many, including me are not convinced.

One source http://securityxploded.com/demystifying-android-malware.php, gave us clear goods. The article is very ‘techie’, but also very clear, showing step by step the issue in play.

At step 8, we get the part where we see what is going on: “The application sends an SMS to the premium number 1066185829 with the text 921X1. In the background, it blocks any incoming delivery report from this number so that the victim does not get any response regarding the SMS that the application sends in the background. Also, the SMS is sent only once and never again so that the victim has no suspicion of what caused the SMS charges to be sent to him“, premium numbers are a lot more expensive, which could be around $0.75 for one SMS. Now many will not care, thinking it happened once. So what is the deal? Well, see what it amounts to when it is done a million times. We all funded one criminal $750,000 for being clever. When we go back to the beginning of the article we get “McAfee’s first quarter threat report [Reference 1] stated that with 6 million unique samples of recorded malware, Q1 2011 was the most active first quarter in malware history“. Now, not all of them were about money, advertisement annoyance is a chunk here, but the casual air of Verizon becomes slightly offensive, or so it should be when we consider that dozens of creative souls are trying to spike their bank account in this way.

Yet, the one-time loss of $0.75 is not really an issue for the consumers at large, but what is?

Now, I get back at the issue I illustrated a long time ago, when we suddenly got those issues with Facebook messenger. Where you were giving it the right to record Audio. Before I continue, I must be fair to Facebook to and add an article here (at http://www.androidcentral.com/facebook-messenger-permissions-not-scary-stories-might-have-you-believe), it goes over many rights and it does try to suss a few issues (in a good way). There were however a few other issues, mainly connected to Facebook messenger draining the battery in massive ways. My issue here is that if it drains the battery, what is it using the energy for? Just to keep the mobile out of a sleep state?

Gizmodo (at http://gizmodo.com/facebooks-messenger-app-logs-way-more-data-than-you-rea-1633441673) gave us this: “Ever since Facebook first started pushing users over to its standalone messaging app (whether they liked it or not), there have been cries of outrage over what’s seemed like an inordinately large amount of required permissions. And while there’s still no indication that Facebook has any sort of bad intent, the company is collecting a startling cache of data, according to security researcher Jonathan Zdziarski“.

In addition we get “In an email, Zdziarski said that Messenger is logging practically everything a user might do within the app, from what and where they tap, to how often a device is held in portrait versus landscape orientation; even time spent in the Messenger app, versus the time it spends running in the background. …”[Facebook is] using some private APIs I didn’t even know were available inside the sandbox to be able to pull out your WiFi SSID (which could be used to snoop on which WiFi networks you’re connected to) and are even tapping the process list for various information on the device,” he wrote in an email.

Now, like Jonathan Zdziarski, I feel compelled to believe that Facebook is not doing anything wrong or illegal, but they are collecting huge amounts of data, by the way, when this is transmitted, will that be taken of your monthly data allowance? Seems to me that Verizon is downplaying the pressure on the monthly data allowance bill.

Now we get back to Brightcloud, who is giving us ‘Android Malware Exposed‘ (at http://www.brightcloud.com/pdf/Android-Malware-Exposed.pdf). The paper has a part on Spyware. On page 12, they state “Other types of threats are those that spy on you or steal your data. There are a number of apps that are the equivalent to commercial keyloggers found on PCs. These apps offer their services to ‘track’ your kids, spouse or employees. These behaviors are easy to incorporate into an app and this begins with the easy task of requesting the necessary permissions. For example, requesting ACCESS_COARSE_LOCATION, ACCESS_FINE_LOCATION, and READ_SMS will grant you access to SMS messages and GPS location“. This is the issue. It was not the $0.75, but the massive amounts of data that mobiles are working with nowadays. How long until these malware solutions get access to some of the larger collectors like Facebook? It is not that far a leap of suspicion is it?

In addition on that same page we see: “Threats which have used these spying techniques are NickySpy, Spitmo, GGTracker and GoldenEagle. NickySpy is interesting in that it utilizes the MediaRecorder() class to turn on the microphone and discretely record and save conversations to the SD Card. It is also able to send captured data to a remote server, although this functionality is not hard wired in. Below is a snippet of the function responsible for voice recording“. Now we get to the good part. The malware can be capturing events on audio without your consent and stream it. So, it was not just about the rights, it is about the ability that is unlocked to use. We focus on the big player like Facebook and Google, but we forget that data collecting is on the minds of governments, big corporations as well as organised crime and those into identity theft.

There are millions of examples, and Verizon trivialised it as ‘adnoyance’. The truth (as I see it) is that there is an entire echelon of dangers that people remain (intentional or not) oblivious to. One of the conclusions given in the article is “Trojans will continue to be bundled in repackaged APK’s and disguised as legitimate applications. With 900,000 daily Android activations worldwide, social-engineering tactics will continue to be used to trick users into installing malware“, so that friend you know that gave you the location of that free game, might in the end not be that good a friend. Unknown to him or not, that little freebee could be the start of your data going somewhere else.

Verizon might light of an issue, as it does not harm them, but it harms their customers. Instead of heralding Common Smartphone Sense, by making sure that people only download from reputable sources only (like Google Play Store), we see trivialisation. The added sentence ‘it’s unlikely to be the source of disastrous data breaches such as the Sony hack any time soon‘ adds to the failing of this article.

Malware is an issue, malware will continue to be an issue with added dangers over time and Yes, Android (as an open platform) has a larger issue to deal with. Yet, Common Smartphone Sense could reduce the dangers by 80% which is a huge diminishment of the risk the user has. In addition ‘the company estimates that just 0.03% of mobile devices are infected with “higher grade” malicious code each week’, sounds like a small number, but that implies that it is well over 600.000 phones each week. This makes it a clear issue, not a minute part. In the end, we are at 2,000,000,000 smartphones on the planet, and as that group grows, then so will the desire from some to infect that realm with higher grade malware.

In addition, two days ago, the Business Insider (at http://www.businessinsider.com.au/thousands-of-people-can-do-sony-hack-2015-4) stated ““There are probably a couple thousand, three, four, five-thousand people that could do [the Sony] attack today,” Miller told “60 Minutes.” He went on to explain that the technology used by the perpetrators of the Sony hack isn’t a custom-made program. Instead, Miller says it can be purchased online from Russian hackers for around $US30,000“, so if that is a fact, then how is North Korea still seen as the Cyber Boogieman? This issue is a lot bigger and the Smartphone is just adding to a Cyber world that is lacking security all over the place. Telecom operators will have to change the way they play the game, the moment that they are no longer seen as simple data provider through innocent dissemination. When the telecom companies are held to account, we will see a shift, one that will be a costly one for those who allowed massive amounts of data theft to remain unmonitored.

Verizon should be ashamed of itself!

 

Leave a comment

Filed under IT, Science

Tagged as , , , , , , , , , , , , , ,

February 12, 2015 · 21:30

Supporting exploitation

This time, there is a different issue in play, this time, I have felt the consequence of both crime and scheming, all in one nice package. Part of this is set in the article ‘Robbed of a mobile, but we have to pick up the thief’s phone bill. Why?‘ (at http://www.theguardian.com/money/2015/feb/11/robbed-mobile-thiefs-phone-bill).

Now, my mobiles has been stolen, it has been broken and a few other issues have gone my way. Now in the first, I have to admit that I was with Optus at the time, stolen mobile, we had a business account and to my surprise, a new mobile and no hassle (just a small fee). This was great, the doom feeling of what had happened was a feeling that some places are great to be connected to. Now in the article we see the following quote: “it’s worth pointing out that you are not liable for any charges once you’ve reported a phone lost or stolen. But there are often good reasons why this may not be immediately possible, and during the briefest of delays, thieves can run up catastrophic charges“. Yes, this is true, but there is also an initial solution. You see, no matter how important you are as a business person, your ego is getting in the way fast. You see, disabling International calls on day one, in addition to 1900 and 1902 numbers stops massive costs coming your way. There is also the embarrassment you have when your boss asks you which distributor had 1900-blow-my-mobile is also worth the day one blocking action.

The next paragraph is the kicker: “In 2012, Ofcom gave service providers until that summer to present plans to cap customers’ liabilities and declared they would face enforcement action if they failed. Nothing happened. In December 2013 the government announced that six of the big providers had finally agreed a cap, and that, from spring 2014, customers – like victims of bank card theft – would not have to pay more than around £50 for thieves’ phone calls. Nothing happened. A year on, only Three has introduced protection – customers are liable for only the first £100 before a phone is reported missing, provided they report it within 24 hours“, so when you are on holiday or on business abroad, and your phone gets stolen, the chance of you notifying your stolen phone in time is not an option.

The paragraph becomes even more interesting if you Google the following “Ofcom spineless useless“, you get 32,000 hits. So we can say that whatever Ofcom pretends to be, which by their own statements is “Independent regulator and competition authority for the UK communications industries” (at http://www.ofcom.org.uk/), we can state with some certainty that it has failed the British people close to 100%. This view does not evolve in any positive way when we look at http://stakeholders.ofcom.org.uk/enforcement/competition-bulletins/complaints-disputes/, where we see ‘Ofcom’s Approach to Complaints and Disputes‘, the text on that page is “This page provides links to guidance that Ofcom has produced setting out our powers and processes we will follow in conducting investigations into adherence with regulatory rules, consumer protection issues, competition issues and resolving regulatory disputes“, with a few PDF links, so how useful is Ofcom?

Well, the Guardian had this to say: “It would seem Ofcom is waiting for the government to do something and the government is waiting for the phone companies to find a solution“, which is not even close to the actual part, it seems that Ofcom is all about sort of regulating issues, but awaiting feedback from stakeholders in regards to these actions (which are likely to be phone companies and when we see the Telecoms Complaints Bulletin on Ofcom, we see a few charts on silent calls and unwanted marketing calls. So is Ofcom basically a report valve that gives the telecom companies a signal when marketeers and phone companies have to simmer down a little bit?

So when we see the claim “Ed Vaizey, the digital economy minister, met the big players last month. Once again they promised a code of practice, but, strangely, still haven’t agreed on the details. “We expect the networks to confirm shortly details of liability caps and when they will be introduced,” says the Department of Media, Culture and Sport“, we must wonder if Mr Vaizey is actually seriously looking into an issue that has played for many years now.

The next part involves Vodafone (or Vodafail as some call it) and opens up an entirely new can of worms, one that I myself have been privy to.

Vodafone says it has agreed to “explore” a cap but the sticking point is how to do that without destroying the incentive to report a phone missing. “We do not want to create an environment where it is even more attractive for criminals to focus on theft,” it says“, you see, that is not the Vodafone I have been experiencing!

So, last year I had a heart attack, this happens, as it happens I had a sim for my iPad with Vodafone, which is a data only thing. Now, I admit, I was late with paying, which is my own fault and whilst in hospital, they had cut me off. With that I had no issue; I was late, my own fault, as I stated before. Now comes the kicker, whilst in hospital  and after that in recovery, I learned that even though cut off, I am still liable for ALL COSTS, so that means that whilst cut off, I am still due all monthly expenses, even when disconnected. The fact that I had had a heart attack did not interest them. So I am still in a legal fight with Vodafone, I accept the initial costs, but the months after that I refuse, so it is due to go to court at some point. Vodafone might state it is exploring, yet its main need is to stay afloat, which makes them close to desperate. That part is seen with ‘Mobile users flee Vodafone Australia‘, which started in 2013. The quote “Vodafone Hutchison Group lost 600,000 customers in the three months ending September 30, even as its British parent first-half results showed a return to profit” is only the tip of the iceberg that will sink the ‘Vodafonic’ (that event filmed by James Cameron, where you see Leonardo DiCaprio drown in icy cold water at http://www.businessspectator.com.au/news/2013/11/13/technology/mobile-users-flee-vodafone-australia). The fact that Vodafone is still linked to a class action brought by Piper Alderman should indicate that Vodafone has a league of issues, capping is not even close to their essential need to solve.

But we go back to the issue at hand regarding phone bills. The article ends with the realisation that in an election year these issues will not be addressed, which means that this issue will stay around until at least 2016, which is odd as we consider the article ‘Bankrupted by a mobile phone bill‘ (at http://www.theguardian.com/money/2013/dec/07/mobile-phone-bill-cap-theft), which is 14 months old. The issue, that was raised and gave way for the quote “culture secretary Maria Miller told journalists in Beijing this week that a deal had been struck to introduce a bank card-style limit to a consumer’s liability – possibly as low as £50“. In my view as a Tory, both Maria Miller and Ed Vaizey need to wake up fast and start a few fires in the halls of telecom corporations. You see, it is after all an election year and should Labour or Ukip achieve that what the conservatives could not, the fallout will be, as I see it a conservative unpopular one (well over 80% of the population worries about their mobile bill), because governing from the opposition bench is not governing at all, it is merely spouting critique to those who govern. The first course of action, as I personally see it, is to shake up the Ofcom executive committee by replacing Steve Unger, Polly Weitzman and Jonathan Oxley. I reckon the signal that the chief executive, the general council and the group director for Competition are replaced by individuals with bite, who will hunt issues for the victims and the general audience, might give the signal to the Telecom companies to act now, or accept a much harsher deal soon after the elections are done. The reality is, that when that signal comes, they will all quickly agree with the Three policy, which means a £100 cap and possible a reporting extension to a max of 72 hours, which would be fair.

Yet, this is not even close to the only thing in play, you see, last month Google made an announcement to no longer support any Android version before KitKat (v4.4). This means that not only are people almost forced into new mobiles, the flaws, gaps and other issues that might pop up are at the heart of what follows and that what is already happening to the current mobile user base (including myself). First there are the iPhones. Apple is already experiencing the class action in that regard. The fact that IOS is taking up around 20% is just bizarre. Apple could have saved itself a lot of hassle by just having the 64Gb phone at a 16Gb price, I was told (from an unconfirmed source) that the parts involved costed no more than $49. So how ridiculous is the entire issue that Apple is forcing upon Apple? Let’s not forget they have around 170 billion in loose change. Now, I am not stating that they had to pay for it, but to just set the 64Gb edition at $799 would have saved them a boatload of hassles. In this Android is not without faults either. The new phones, with 2Gb ram and 16Gb storage drops down a lot in Android. There, of the 2Gb you are only left with 1Gb and you lose an easy 30% of your 16Gb. Now, that is still a decent amount, but to consider that my old smartphone, which was 1Gb with 4Gm storage has now dwindled to a 250Mb phone (so I can run 2 apps at the most), with just 2.4Gb storage is not what I signed up for. As Google became too clever for its own good, adding more and more trash I never want or need, setting dozens of updates which no longer let my phone work is now at the core of my problem. I cannot even deactivate most, it shows up at EVERY update, selecting what I actually need and not what Google thinks I might like is at the core of my growing resent of Android. And with every app pushed out, there is additional danger that the security of my phone gets compromised, especially as Jellybean is no longer supported.

Yet there is more. I am now looking at a new phone, whilst I know the limitations I face. The strongest was the Huawei Mate7 premium. Now, here is the kicker, the 3Gb phone with 32Gb storage will only get you 1.7Gb RAM and 25Gb from day one, Android takes the rest and this is close to the strongest phone that a limited budget can buy. In Australia the smallest iPhone starts at $1000, the 64Gb, which would be a minimum choice is 20% more expensive, whilst these phones only have 1Gb RAM. This all seems as short-sighted as the developers of Xbox One showed to have. Yet, it must also be said that 1Gb seems to suffice for Apple, that is shown in this small article (at http://www.phonearena.com/news/Why-Android-phones-need-3GB-of-RAM-and-iOS-gets-by-with-1GB-of-the-stuff_id62901), yes IOS is more efficient, but as IOS evolves, so will the need for RAM, which when it starts to be too little would of force us to upgrade again. Was it such a jump to set the iPhone RAM to 2Gb? When you become a penny pincher, you face class actions and that is exactly what Apple faces now. Although I remain (for now) Android minded, and When we compare the Nexus 6 (the very latest), we see that it only almost equals the Huawei Mate7 premium. The Nexus is however $100 more, whilst the screen resolution was a lot more impressive on the Huawei, but that could just be the Jazz screensaver. This shows that Huawei is not just the Android player, with the P7 and Mate7, Huawei is now the contender that makes Google sweat. Like Apple, Google could have saved themselves a lot of hassle by not skimping on resources, which could have pulled the customers in like a magnet, now in the margins they will see customers slip through their fingers, which will be an unsettling feeling for whomever misses out on commission.

All this as the providers supported exploitation; we see that the massive losses are now showing as the margins are not worth considering for some. The same could be said for the upcoming Samsung S6, it looks amazing, but as they fix one issue by being a 4Gb RAM player, they waste it on bringing a 32Gb version, which might suffice for now, but what in 2 years? Getting the 64Gb version makes sense, but then it becomes a $1240 millstone around your neck. So as I see it, Huawei is the budget choice, which still gives you a top of the line contender, iPhone and Nexus are slowly pricing themselves away by offering the entry option, which is a joke as we see space used.

All this now links back to the issue of phone theft and the inactions of Ofcom. If stolen bandwidth and phone time is all there is, than you are gravely mistaken, these smartphones are not just a connection, they are a link to your diary, your details, your credit, your access and your future. Soon, we will see that organised crime will not just call their mommy in Samarkand, Zhengzou, Davao or Vung Tao. Soon they will transfer your data and access and see what else is under the hood. That is the added danger of the smartphone, because you had one more mail to read, one more file to see or one more connection to make, all that in applications that were never closed and accessed be merely starting the application. You see, what we ‘need’ to have, came first, and we all seem to forget the consequences of such choices. Ofcom cannot be held responsible for this, but they should have set up several parameters a long time ago, as they remained inactive in the phone charges issue, they also did little to nothing into changing certain parameters in connection monitoring and non-repudiation, all that left to whomever else, that is the danger we will face in 2015 and 2016. Unless there is a drastic event that shakes up the media, there is every indication that nothing will be done until it is too late.

History taught us that there is nothing as effective as taking away someone’s cushy job to make the next person consider showing their teeth from day one, but that might just be my imagination.

 

Leave a comment

Filed under Finance, IT, Law, Media, Politics, Science

Tagged as , , , , , , , , , , , , , , , , , , , , , , , , , , ,

January 15, 2015 · 20:54

Exploiting mobile users

Is it not amazing that in an age, where we all move into areas where things getting cheaper and cheaper, we see that mobile phones is the one article that remains into the top priced push. Yes, when you move to the post office, or to some ‘budget’ place, the only ‘cheap’ phones are the ones that are the ones that are basically in the bottom part of functionality, phones that have less than 6 months of decent quality usage before Google pushes for more updates, more android and the applications will add towards the maximum RAM.

This is my situation, I got a new phone in 2012, I needed a new one, and the one I bought was ‘decently’ priced at $299. I never regretted buying it. It still has a good screen, I have one game and a few applications, yet over the last two months the push has shown that when I have more than 2 apps running (including the dialler) the lag, the jittery screen, it all starts getting slightly wobbly, so I lock the phone, unlock it, remove all apps except the one I need and it all works fine again. Yet, my phone needs replacing not due to the hardware, but purely due to software. Looking around has been quite the revelation.

Looking at those options, I see that the $99 phones are less and less useful (specifically the smartphones). So as I started to dig, I am seeing a new change. If you want to find the price of a phone, it is often harder and harder to get clear pricing, more important, we can find less and less about how prices were and how the prices devolve.

Is it not strange that there is such an abundance of buy now places, but less and less information on the devices, the price and how long these articles are set to be for? The mobile is the new field for the technological armistice race and there are too many parties willing to make certain that the people cannot be properly informed. You see, this field has evolved for control. In the 90’s and the decade after that, it was relatively simple to get information on what graphic card one needed, which soundcard would be best. But not unlike the gaming industry, the information places are given less and less information. Is it not strange that Ubisoft (a gaming company) did not give a testing sample of Assassins Creed Unity weeks in advance? Especially when literally billions are riding on it? This is at the core of the issue, at the core of some ‘technology’ pages that are less and less information, more and more ‘typed’ marketing, not for their readers, but for the prospective buyers of the product. The media has been changing more and more and many readers remained asleep whilst reading. I must admit that the last description might not be accurate. Many will not realise this faltering until they are confronted with the fact of change (not unlike me).

If you’re looking for a console you can Google ‘PS4 price console’ and you will get pricing information on the very first page, even price drops, all localised. For mobiles it is a jungle out there and no matter how many ‘suddenly’ appear, when you want to look for that actual good deal (like the ZTE ZMAX) you will suddenly find that no one has such a good deal in stock (finding a decent site is also a challenge). They have cheaper (ad therefor useless) smartphones (I will dwell on that shortly) and of course the really ‘up to date ones’ which are not that much better than a ZTE, but will cost you 275% – 450% more. It is all about the money in the end!

You see those who choose Android (like me), will now learn what the cost of alleged abandonment is. (at http://www.zdnet.com/article/google-stops-providing-patches-for-pre-kitkat-webview-abandons-930m-users/), we saw early this week that Google is now stopping the update of the older versions. This means that as we see the headline ‘Google stops providing patches for pre-KitKat WebView, abandons 930 million users‘. This includes the bulk of the people who bought their mobile before Q4 2013. What a fine android web we weave!

You would think that it is a simple matter for updating, don’t you. Well that is not entirely correct. In my case Motorola was pretty decent in giving the information, however, when I press system update, it tells me that I am up to date, so I cannot get beyond 4.1.2 Android. This is now at the heart of several problems.

Who knows what version they are on and more important, when we consider the following text from ZDNet “In other words, the next time a researcher or hacker finds a way to exploit WebView on pre-KitKat Android, Google won’t create a patch for the vulnerability itself. However, if anyone else builds one, Google will incorporate those patches into the Android Open Source Project code“, more important, as long as this is not fixed, an increasing population will be at the mercy of forced upgrades through buying new phones outright, or chaining themselves to a new contract.

There are two sides. In fairness, should Google keep on fixing their ‘flaws’ ad infinitum? Yet on the other side, if my 2 year old mobile is now a security risk, what on earth am I paying for? More important, in this economy we would keep on paying premium just to be connected? The math does not balance out towards the need of the user. So are we witnessing a start from smartphone, back to normal phones? Let’s face it if smartphones are charged to your account and after that abandoned to this extent, what should we do?

Some will push for Apple, but there to some extent, the danger is changed, not necessarily removed. A normal phone will less likely have these issues, or change to the new player. Even though the brand leaves (from past events) a bitter taste in my month, Samsung has taken a new direction with their mobiles called Tizen OS. The following parts are known at present “It is Linux-based platform built from Nokia and Intel’s ditched MeeGo“, open source means many views, so perhaps better patches. The fact that it is Linux based is not bad either. The fact that Tizen is using HTML5, it means that we will get a wave of content that is state of the art, slim and memory efficient (no flash needed). You can look for yourself to some results (at http://www.creativebloq.com/web-design/examples-of-html-1233547), so it seems that the new road that Samsung is taking is also changing the perception that they are getting. From these upgrades, Samsung could evolve from ‘player’ to ‘top contender’. It will definitely bring the fire to the ankles of Apple, which is never a bad idea.

Tizen is not new or just a gimmick, it had been announced before and more important, it has been in development for years, yet with the Google decisions and with the issues that mobile users might be facing sooner rather than later, the timing for Tizen is pretty good and Samsung could benefit greatly, they will get additional benefit as people realise that patches are no longer coming for their less new mobiles, which will hurt consumer confidence.

If you have any doubts then the clarity from Greenbot.com should help. “Google drops Lollipop on November 3rd 2014,  if you have the right device“, which makes us wonder, do I have the right device? “Maybe you don’t have a Nexus phone or tablet. Well, then the situation gets a little murky. If you have a phone purchased in the last year, odds are good that you’ll get an upgrade to Lollipop…eventually“, which gets us, what if your phone is older than one year? Then what? Which gets us the last part “Manufacturers like Samsung, LG, HTC, and Motorola have promised swift updates (typically within 90 days of release) for top devices, but those have to go to carriers to be tested before release, too“, knowing I am ‘up to date’ with my version ‘4.1.2.’ does not inspire confidence! How many people asked questions about versions of Android when they bought their phone? I am a technologist and I never gave it too much thought (other than that I wanted an Android phone). Now, it seems that my Motorola is will remain on Jelly Beans (4.1.2) and now, we have ourselves a ball game, because as this unbalanced approach is pushed from both the desire to remain free (not chained to a provider) and as the life cycle of a mobile phone is now in danger of staying under two years due to the Google changes, we now see the need to not just chastise Google, but to make it clear (actually demand) that consumers are properly informed on the limitations that they are buying at $300, if we regard that patching is done to undue the lacking security of a product sold, we get a new game where the consumer must be informed clearly in a shop regarding the purchase they make.

A costly jump that might not have been needed! This year will bring changes to the mobiles and the shops selling them, I wonder if Google considered that, or perhaps they never cared. Especially when the people get told that they will not face any issues, if they had a Nexus phone (Google’s mobile). Samsung is not without options either, as they progress towards ownership of Blackberry, they might drill into a new mobile market that revolves around data and communication security, which is another mobile hot potato, and it instantly gets them huge chunks of the financial sector for reasons not here speculated! Tactically both Google and Samsung have made brilliant moves, for the consumers not the worst move but likely a costly one this year!

Will you remain in a Google mind or move to Tizen?

Will Eva choose to try the Apple in the end?

Time will tell!

 

1 Comment

Filed under Finance, IT, Media, Politics, Science

Tagged as , , , , , , , , , , , , , , , , , , , , , ,

January 27, 2014 · 04:45

The danger ahead

It was the BBC that gave me an insight I had not been aware of. It is easy to miss an item, even though I have been involved in IT on many levels for over 3 decades. It is just not possible to keep it all in focus all the time.

It is kind of fun to consider the words of my late grandmother. It was the only issue we could never see eye to eye on. She had an expression ‘Johnny of all, master of none‘. It was not a positive expression! I always went the other way in that regard. Whilst most went to some ‘temporary’ master as they mastered a certain niche skill. I went into the width of IT. I got exposure to such a wide field that my knowledge covered the entire foundation of IT (yes, in the time of the mainframe). After that I started to grow the base of this knowledge trying to evenly grown my knowledge of all IT fields (to some degree). My knowledge grew from programming, to consulting, to training and so on.

So where is this going?

I wrote at an earlier date about IT and the iteration approach to IT (at ‘Year of the last Euro?‘). The entire field goes a lot further. In an age of the similar devices, last week as I was prohibited from moving for 4 hours, I decided to let my mind wander and I came up with an entirely new Notebook. I categorise it as a fat notebook and I call it the ‘True Mobile System’. In an age where Sony, Asus, IBM et all seem to come up with a different names for the same flavour, my mind designed a new approach to a mobile business system.

Was it clever? Not sure! The issue is that many could have come up with it and either they are limited to what their boss dictates or they are just not thinking in a user based forward motion. Here lies the crux of many issues we have seen lately. Their way of thinking is not user based. It is often revenue based, there is a HUGE difference!

If you have read my previous blogs (especially ‘Fifth in a trilogy!‘) then you might notice a trend. In my mind most corporate IT is now all about what is in charge, not who! So as marketing decides on deadlines and evolutions, many learn the hard way that marketing is basically the extension of the CFO (and/or the stakeholders) and as such it is all about the money. If development is the science, then marketing should be seen as the ‘tainted’ picture. The problem is that too many CEO’s and others are all about this tainted picture (and as such the perception of what comes next), the science/engineering side gets too often ignored, or just briefly listened to and after that they get shut down and pushed forward to meet the deadline.

In that regard I still see the game ‘Assassins Creed 4’ (yes that pirate game), which could have been truly great and ended up being less than that (at least in my personal view)! The same can be said for business based ideas. If we consider this message (at http://www.bbc.co.uk/news/technology-25859360), where Google Chrome might be considered an eavesdropping risk, then what is safe to users?

The quote “The malicious site you visited can continue listening in on you long after you have left it said Mr Ater. As long as Chrome is still running nothing said next to your computer is private.” gives ample reason for worry. The danger from our side is that this could be a topic for conspiracy theory. Was this really ‘accidental’? I am not saying it was not or was not. It is however interesting how we as computer users have been exposed to a massive amount of security flaws in the last year alone.

In my mind, is this due to shoddy programming, or is their local marketing so set on certain deadlines and as such proper testing is no longer done? I personally think it is a combination of the latter two. As additional ‘evidence’ in my train of thought, my recent Yahoo experience comes to mind.

I have been a faithful Yahoo user since the early 90’s, for me it always sufficed. The e-mail was robust, it gave me the space I needed and as such I never regretted it. Yet, since the ‘remake’ of Yahoo it changed by a lot. The amount of failures I viewed are on a new low level of customer experience and as such, at present I am seriously considering leaving Yahoo mail and move to Google permanently.

The feedback does not have any options for filing bugs or complaints. It is all about ‘submit an idea‘ and ‘send public feedback‘. To me this all seems like the marketing image left by someone who should be lobotomised and left somewhere far away from any IT endeavour (preferably forever). Yahoo mail now exposes us to additional dangers as we no longer see a status bar in certain places. So, we no longer see ‘the’ link, which I consider a bad thing. The new system also ‘assumes’ spam, so I now have to scan my spam even more often. I can no longer sort by sender, which means that organising my inbox take a massive amount of time longer. The list goes on and on. Is it marketing at the expense of functionality?  To be honest, I would need a little more evidence before I can state that as a fact to some level, but the deadline push has been visible with too many corporations and for far too long.

These issues go a lot further when you consider the article called ‘Android’s biggest security flaws‘ at ZDNet (at http://www.zdnet.com/androids-biggest-security-flaws-1339338283/). As they mention the dangers of inexperienced and malicious developers, they actually forgot about the third group, the ‘callous developer’. These firms (not the individual programmer), who are all driven to meet certain deadlines and as such might not properly test or secure their application.

It is important to note that I do not see the inexperienced developer as a real threat. Yes, they offer the same level of danger, but they are not out to harm you. You, the user, who wants applications for free (as many do) should not blame that new person for trying to get a foothold. If that developer is to be held for one thing, then in my mind it would be that too many of these freebies should bare the mark ‘Beta’ or ‘Trial’, to add an extra warning level for user downloading their new endeavour.

The big issue becomes: ‘What to do about Android?’

As the influence of android increases and interacts with all manner of devices in other ways (like with a person’s Sony-id account, so that a gamer keeps online with friends and achievements when they are not at home), gives way that security flaws become more and more harmful. More important, as we become more and more oblivious of the interaction, we might be spreading all our personal details all over the internet and that danger could grow exponentially with every additional application.

These events also shine an interesting light on an article that was in the Guardian last Friday (at http://www.theguardian.com/uk-news/2014/jan/24/justify-gchq-mass-surveillance-european-court-human-rights). When we consider the issues I listed on application security, we should take a second look at the quote in the article “Nick Pickles of Big Brother Watch said: ‘This legal challenge is an essential part of getting to the bottom of why the public and parliament have not been properly informed about the scale of surveillance and why our privacy has been subverted on an industrial scale.’

Perhaps the quote could also be read as “Speed and disregard of proper development has allowed for open access to many computers and devices, which allows for almost complete collection and stored and such storage can only be done by just a few. This open level of availability allows the NSA and GCHQ (amongst others) to collect open source intelligence, hoping to gain the upper hand in the war on terror.

I am not stating this is the case, but it could be seen as such. In that regard I call for the issue I mentioned in a previous blog called ‘Internet Privacy?‘ on December 27th, where we see the dangers of some applications (at http://www.theguardian.com/media/2013/dec/27/snapchat-may-be-exposed-hackers). If we consider the dangers consumes are exposed to for whatever reason, it seems odd that Big Brother watch is not more outspoken on the industrial subversion of privacy by software designers.

So here we get back to the beginning of this blog where I wrote “I designed a new way for a mobile business system.” As Microsoft has moved into a field of computers utilising an approach in the air of “With our computers you do not need to use the brain you never had in the first place“. An automated system that assumes all the time to cover 95% of its users, loaded with gaps and security flaws.

People need to get licensed to get a gun, drive a car, a boat or a plane. Yet, the dangers that computers expose us to are currently not dealt with in any serious way. I reckon that in the next two years identity theft and identity fraud will be regularly in the back of our minds, as it grows into the very visible danger it already is. If we look at some of the numbers then I could speculate that 90% of the people will directly know one victim of identity fraud or identity theft. Lexis Nexis, in their paper ‘2013 LexisNexis® True Cost of Fraud Study‘ state numbers that should scare us all. In 2013, 58% of the merchants were confronted with credit card fraud and 36% of the 2013 population was confronted with lost or stolen merchandise. These numbers by themselves are not that useful as such (at http://www.lexisnexis.com/risk/downloads/assets/true-cost-fraud-2013.pdf). Yet consider that 12.6 million U.S. adult victims of identity fraud had to deal on average with $1,653 of damage per fraud victim. The total amount becomes a staggering one and this is just the US! As technology is not properly attuned to a better level of security, but to set to please a growing marketable population these dangers will only increase. This is the true danger ahead, not what the government can see. In that regard Foreign Secretary William Hague is quite correct when he states “law-biding members of the public have nothing to fear“.

 

Leave a comment

Filed under Gaming, IT, Politics, Science

Tagged as , , , , , , , , , , , , , , , , , , , , ,