Tag Archives: Android

April 15, 2015 · 18:33

When you BS the customer

I have had three issues on that matter, all in one week, so I reckon that I am slightly agitated in regards to projected presenters of misinformation with intent (also known as recruiters). If that was not enough, in the tech sector Verizon added to this with the article in the Guardian (at http://www.theguardian.com/technology/2015/apr/14/mobile-malware-report-verizon-smartphone-adnoyance). The article is interesting for more than one reason, so let’s get to it.

The title is a valid question as it states ‘Is mobile malware a lot of fuss over nothing?’, some will say yes, a lot more will say no. Yet, how much of an issue is mobile malware? That is in the end a valid question. Verizon, a telecom provider goes for the ‘adnoyance’ key. They are depending on people relying on a provider as without it there is no phone, but is malware just the annoyance of advertisement? Many, including me are not convinced.

One source http://securityxploded.com/demystifying-android-malware.php, gave us clear goods. The article is very ‘techie’, but also very clear, showing step by step the issue in play.

At step 8, we get the part where we see what is going on: “The application sends an SMS to the premium number 1066185829 with the text 921X1. In the background, it blocks any incoming delivery report from this number so that the victim does not get any response regarding the SMS that the application sends in the background. Also, the SMS is sent only once and never again so that the victim has no suspicion of what caused the SMS charges to be sent to him“, premium numbers are a lot more expensive, which could be around $0.75 for one SMS. Now many will not care, thinking it happened once. So what is the deal? Well, see what it amounts to when it is done a million times. We all funded one criminal $750,000 for being clever. When we go back to the beginning of the article we get “McAfee’s first quarter threat report [Reference 1] stated that with 6 million unique samples of recorded malware, Q1 2011 was the most active first quarter in malware history“. Now, not all of them were about money, advertisement annoyance is a chunk here, but the casual air of Verizon becomes slightly offensive, or so it should be when we consider that dozens of creative souls are trying to spike their bank account in this way.

Yet, the one-time loss of $0.75 is not really an issue for the consumers at large, but what is?

Now, I get back at the issue I illustrated a long time ago, when we suddenly got those issues with Facebook messenger. Where you were giving it the right to record Audio. Before I continue, I must be fair to Facebook to and add an article here (at http://www.androidcentral.com/facebook-messenger-permissions-not-scary-stories-might-have-you-believe), it goes over many rights and it does try to suss a few issues (in a good way). There were however a few other issues, mainly connected to Facebook messenger draining the battery in massive ways. My issue here is that if it drains the battery, what is it using the energy for? Just to keep the mobile out of a sleep state?

Gizmodo (at http://gizmodo.com/facebooks-messenger-app-logs-way-more-data-than-you-rea-1633441673) gave us this: “Ever since Facebook first started pushing users over to its standalone messaging app (whether they liked it or not), there have been cries of outrage over what’s seemed like an inordinately large amount of required permissions. And while there’s still no indication that Facebook has any sort of bad intent, the company is collecting a startling cache of data, according to security researcher Jonathan Zdziarski“.

In addition we get “In an email, Zdziarski said that Messenger is logging practically everything a user might do within the app, from what and where they tap, to how often a device is held in portrait versus landscape orientation; even time spent in the Messenger app, versus the time it spends running in the background. …”[Facebook is] using some private APIs I didn’t even know were available inside the sandbox to be able to pull out your WiFi SSID (which could be used to snoop on which WiFi networks you’re connected to) and are even tapping the process list for various information on the device,” he wrote in an email.

Now, like Jonathan Zdziarski, I feel compelled to believe that Facebook is not doing anything wrong or illegal, but they are collecting huge amounts of data, by the way, when this is transmitted, will that be taken of your monthly data allowance? Seems to me that Verizon is downplaying the pressure on the monthly data allowance bill.

Now we get back to Brightcloud, who is giving us ‘Android Malware Exposed‘ (at http://www.brightcloud.com/pdf/Android-Malware-Exposed.pdf). The paper has a part on Spyware. On page 12, they state “Other types of threats are those that spy on you or steal your data. There are a number of apps that are the equivalent to commercial keyloggers found on PCs. These apps offer their services to ‘track’ your kids, spouse or employees. These behaviors are easy to incorporate into an app and this begins with the easy task of requesting the necessary permissions. For example, requesting ACCESS_COARSE_LOCATION, ACCESS_FINE_LOCATION, and READ_SMS will grant you access to SMS messages and GPS location“. This is the issue. It was not the $0.75, but the massive amounts of data that mobiles are working with nowadays. How long until these malware solutions get access to some of the larger collectors like Facebook? It is not that far a leap of suspicion is it?

In addition on that same page we see: “Threats which have used these spying techniques are NickySpy, Spitmo, GGTracker and GoldenEagle. NickySpy is interesting in that it utilizes the MediaRecorder() class to turn on the microphone and discretely record and save conversations to the SD Card. It is also able to send captured data to a remote server, although this functionality is not hard wired in. Below is a snippet of the function responsible for voice recording“. Now we get to the good part. The malware can be capturing events on audio without your consent and stream it. So, it was not just about the rights, it is about the ability that is unlocked to use. We focus on the big player like Facebook and Google, but we forget that data collecting is on the minds of governments, big corporations as well as organised crime and those into identity theft.

There are millions of examples, and Verizon trivialised it as ‘adnoyance’. The truth (as I see it) is that there is an entire echelon of dangers that people remain (intentional or not) oblivious to. One of the conclusions given in the article is “Trojans will continue to be bundled in repackaged APK’s and disguised as legitimate applications. With 900,000 daily Android activations worldwide, social-engineering tactics will continue to be used to trick users into installing malware“, so that friend you know that gave you the location of that free game, might in the end not be that good a friend. Unknown to him or not, that little freebee could be the start of your data going somewhere else.

Verizon might light of an issue, as it does not harm them, but it harms their customers. Instead of heralding Common Smartphone Sense, by making sure that people only download from reputable sources only (like Google Play Store), we see trivialisation. The added sentence ‘it’s unlikely to be the source of disastrous data breaches such as the Sony hack any time soon‘ adds to the failing of this article.

Malware is an issue, malware will continue to be an issue with added dangers over time and Yes, Android (as an open platform) has a larger issue to deal with. Yet, Common Smartphone Sense could reduce the dangers by 80% which is a huge diminishment of the risk the user has. In addition ‘the company estimates that just 0.03% of mobile devices are infected with “higher grade” malicious code each week’, sounds like a small number, but that implies that it is well over 600.000 phones each week. This makes it a clear issue, not a minute part. In the end, we are at 2,000,000,000 smartphones on the planet, and as that group grows, then so will the desire from some to infect that realm with higher grade malware.

In addition, two days ago, the Business Insider (at http://www.businessinsider.com.au/thousands-of-people-can-do-sony-hack-2015-4) stated ““There are probably a couple thousand, three, four, five-thousand people that could do [the Sony] attack today,” Miller told “60 Minutes.” He went on to explain that the technology used by the perpetrators of the Sony hack isn’t a custom-made program. Instead, Miller says it can be purchased online from Russian hackers for around $US30,000“, so if that is a fact, then how is North Korea still seen as the Cyber Boogieman? This issue is a lot bigger and the Smartphone is just adding to a Cyber world that is lacking security all over the place. Telecom operators will have to change the way they play the game, the moment that they are no longer seen as simple data provider through innocent dissemination. When the telecom companies are held to account, we will see a shift, one that will be a costly one for those who allowed massive amounts of data theft to remain unmonitored.

Verizon should be ashamed of itself!

Supporting exploitation

This time, there is a different issue in play, this time, I have felt the consequence of both crime and scheming, all in one nice package. Part of this is set in the article ‘Robbed of a mobile, but we have to pick up the thief’s phone bill. Why?‘ (at http://www.theguardian.com/money/2015/feb/11/robbed-mobile-thiefs-phone-bill).

Now, my mobiles has been stolen, it has been broken and a few other issues have gone my way. Now in the first, I have to admit that I was with Optus at the time, stolen mobile, we had a business account and to my surprise, a new mobile and no hassle (just a small fee). This was great, the doom feeling of what had happened was a feeling that some places are great to be connected to. Now in the article we see the following quote: “it’s worth pointing out that you are not liable for any charges once you’ve reported a phone lost or stolen. But there are often good reasons why this may not be immediately possible, and during the briefest of delays, thieves can run up catastrophic charges“. Yes, this is true, but there is also an initial solution. You see, no matter how important you are as a business person, your ego is getting in the way fast. You see, disabling International calls on day one, in addition to 1900 and 1902 numbers stops massive costs coming your way. There is also the embarrassment you have when your boss asks you which distributor had 1900-blow-my-mobile is also worth the day one blocking action.

The next paragraph is the kicker: “In 2012, Ofcom gave service providers until that summer to present plans to cap customers’ liabilities and declared they would face enforcement action if they failed. Nothing happened. In December 2013 the government announced that six of the big providers had finally agreed a cap, and that, from spring 2014, customers – like victims of bank card theft – would not have to pay more than around £50 for thieves’ phone calls. Nothing happened. A year on, only Three has introduced protection – customers are liable for only the first £100 before a phone is reported missing, provided they report it within 24 hours“, so when you are on holiday or on business abroad, and your phone gets stolen, the chance of you notifying your stolen phone in time is not an option.

The paragraph becomes even more interesting if you Google the following “Ofcom spineless useless“, you get 32,000 hits. So we can say that whatever Ofcom pretends to be, which by their own statements is “Independent regulator and competition authority for the UK communications industries” (at http://www.ofcom.org.uk/), we can state with some certainty that it has failed the British people close to 100%. This view does not evolve in any positive way when we look at http://stakeholders.ofcom.org.uk/enforcement/competition-bulletins/complaints-disputes/, where we see ‘Ofcom’s Approach to Complaints and Disputes‘, the text on that page is “This page provides links to guidance that Ofcom has produced setting out our powers and processes we will follow in conducting investigations into adherence with regulatory rules, consumer protection issues, competition issues and resolving regulatory disputes“, with a few PDF links, so how useful is Ofcom?

Well, the Guardian had this to say: “It would seem Ofcom is waiting for the government to do something and the government is waiting for the phone companies to find a solution“, which is not even close to the actual part, it seems that Ofcom is all about sort of regulating issues, but awaiting feedback from stakeholders in regards to these actions (which are likely to be phone companies and when we see the Telecoms Complaints Bulletin on Ofcom, we see a few charts on silent calls and unwanted marketing calls. So is Ofcom basically a report valve that gives the telecom companies a signal when marketeers and phone companies have to simmer down a little bit?

So when we see the claim “Ed Vaizey, the digital economy minister, met the big players last month. Once again they promised a code of practice, but, strangely, still haven’t agreed on the details. “We expect the networks to confirm shortly details of liability caps and when they will be introduced,” says the Department of Media, Culture and Sport“, we must wonder if Mr Vaizey is actually seriously looking into an issue that has played for many years now.

The next part involves Vodafone (or Vodafail as some call it) and opens up an entirely new can of worms, one that I myself have been privy to.

“Vodafone says it has agreed to “explore” a cap but the sticking point is how to do that without destroying the incentive to report a phone missing. “We do not want to create an environment where it is even more attractive for criminals to focus on theft,” it says“, you see, that is not the Vodafone I have been experiencing!

So, last year I had a heart attack, this happens, as it happens I had a sim for my iPad with Vodafone, which is a data only thing. Now, I admit, I was late with paying, which is my own fault and whilst in hospital, they had cut me off. With that I had no issue; I was late, my own fault, as I stated before. Now comes the kicker, whilst in hospital and after that in recovery, I learned that even though cut off, I am still liable for ALL COSTS, so that means that whilst cut off, I am still due all monthly expenses, even when disconnected. The fact that I had had a heart attack did not interest them. So I am still in a legal fight with Vodafone, I accept the initial costs, but the months after that I refuse, so it is due to go to court at some point. Vodafone might state it is exploring, yet its main need is to stay afloat, which makes them close to desperate. That part is seen with ‘Mobile users flee Vodafone Australia‘, which started in 2013. The quote “Vodafone Hutchison Group lost 600,000 customers in the three months ending September 30, even as its British parent first-half results showed a return to profit” is only the tip of the iceberg that will sink the ‘Vodafonic’ (that event filmed by James Cameron, where you see Leonardo DiCaprio drown in icy cold water at http://www.businessspectator.com.au/news/2013/11/13/technology/mobile-users-flee-vodafone-australia). The fact that Vodafone is still linked to a class action brought by Piper Alderman should indicate that Vodafone has a league of issues, capping is not even close to their essential need to solve.

But we go back to the issue at hand regarding phone bills. The article ends with the realisation that in an election year these issues will not be addressed, which means that this issue will stay around until at least 2016, which is odd as we consider the article ‘Bankrupted by a mobile phone bill‘ (at http://www.theguardian.com/money/2013/dec/07/mobile-phone-bill-cap-theft), which is 14 months old. The issue, that was raised and gave way for the quote “culture secretary Maria Miller told journalists in Beijing this week that a deal had been struck to introduce a bank card-style limit to a consumer’s liability – possibly as low as £50“. In my view as a Tory, both Maria Miller and Ed Vaizey need to wake up fast and start a few fires in the halls of telecom corporations. You see, it is after all an election year and should Labour or Ukip achieve that what the conservatives could not, the fallout will be, as I see it a conservative unpopular one (well over 80% of the population worries about their mobile bill), because governing from the opposition bench is not governing at all, it is merely spouting critique to those who govern. The first course of action, as I personally see it, is to shake up the Ofcom executive committee by replacing Steve Unger, Polly Weitzman and Jonathan Oxley. I reckon the signal that the chief executive, the general council and the group director for Competition are replaced by individuals with bite, who will hunt issues for the victims and the general audience, might give the signal to the Telecom companies to act now, or accept a much harsher deal soon after the elections are done. The reality is, that when that signal comes, they will all quickly agree with the Three policy, which means a £100 cap and possible a reporting extension to a max of 72 hours, which would be fair.

Yet, this is not even close to the only thing in play, you see, last month Google made an announcement to no longer support any Android version before KitKat (v4.4). This means that not only are people almost forced into new mobiles, the flaws, gaps and other issues that might pop up are at the heart of what follows and that what is already happening to the current mobile user base (including myself). First there are the iPhones. Apple is already experiencing the class action in that regard. The fact that IOS is taking up around 20% is just bizarre. Apple could have saved itself a lot of hassle by just having the 64Gb phone at a 16Gb price, I was told (from an unconfirmed source) that the parts involved costed no more than $49. So how ridiculous is the entire issue that Apple is forcing upon Apple? Let’s not forget they have around 170 billion in loose change. Now, I am not stating that they had to pay for it, but to just set the 64Gb edition at $799 would have saved them a boatload of hassles. In this Android is not without faults either. The new phones, with 2Gb ram and 16Gb storage drops down a lot in Android. There, of the 2Gb you are only left with 1Gb and you lose an easy 30% of your 16Gb. Now, that is still a decent amount, but to consider that my old smartphone, which was 1Gb with 4Gm storage has now dwindled to a 250Mb phone (so I can run 2 apps at the most), with just 2.4Gb storage is not what I signed up for. As Google became too clever for its own good, adding more and more trash I never want or need, setting dozens of updates which no longer let my phone work is now at the core of my problem. I cannot even deactivate most, it shows up at EVERY update, selecting what I actually need and not what Google thinks I might like is at the core of my growing resent of Android. And with every app pushed out, there is additional danger that the security of my phone gets compromised, especially as Jellybean is no longer supported.

Yet there is more. I am now looking at a new phone, whilst I know the limitations I face. The strongest was the Huawei Mate7 premium. Now, here is the kicker, the 3Gb phone with 32Gb storage will only get you 1.7Gb RAM and 25Gb from day one, Android takes the rest and this is close to the strongest phone that a limited budget can buy. In Australia the smallest iPhone starts at $1000, the 64Gb, which would be a minimum choice is 20% more expensive, whilst these phones only have 1Gb RAM. This all seems as short-sighted as the developers of Xbox One showed to have. Yet, it must also be said that 1Gb seems to suffice for Apple, that is shown in this small article (at http://www.phonearena.com/news/Why-Android-phones-need-3GB-of-RAM-and-iOS-gets-by-with-1GB-of-the-stuff_id62901), yes IOS is more efficient, but as IOS evolves, so will the need for RAM, which when it starts to be too little would of force us to upgrade again. Was it such a jump to set the iPhone RAM to 2Gb? When you become a penny pincher, you face class actions and that is exactly what Apple faces now. Although I remain (for now) Android minded, and When we compare the Nexus 6 (the very latest), we see that it only almost equals the Huawei Mate7 premium. The Nexus is however $100 more, whilst the screen resolution was a lot more impressive on the Huawei, but that could just be the Jazz screensaver. This shows that Huawei is not just the Android player, with the P7 and Mate7, Huawei is now the contender that makes Google sweat. Like Apple, Google could have saved themselves a lot of hassle by not skimping on resources, which could have pulled the customers in like a magnet, now in the margins they will see customers slip through their fingers, which will be an unsettling feeling for whomever misses out on commission.

All this as the providers supported exploitation; we see that the massive losses are now showing as the margins are not worth considering for some. The same could be said for the upcoming Samsung S6, it looks amazing, but as they fix one issue by being a 4Gb RAM player, they waste it on bringing a 32Gb version, which might suffice for now, but what in 2 years? Getting the 64Gb version makes sense, but then it becomes a $1240 millstone around your neck. So as I see it, Huawei is the budget choice, which still gives you a top of the line contender, iPhone and Nexus are slowly pricing themselves away by offering the entry option, which is a joke as we see space used.

All this now links back to the issue of phone theft and the inactions of Ofcom. If stolen bandwidth and phone time is all there is, than you are gravely mistaken, these smartphones are not just a connection, they are a link to your diary, your details, your credit, your access and your future. Soon, we will see that organised crime will not just call their mommy in Samarkand, Zhengzou, Davao or Vung Tao. Soon they will transfer your data and access and see what else is under the hood. That is the added danger of the smartphone, because you had one more mail to read, one more file to see or one more connection to make, all that in applications that were never closed and accessed be merely starting the application. You see, what we ‘need’ to have, came first, and we all seem to forget the consequences of such choices. Ofcom cannot be held responsible for this, but they should have set up several parameters a long time ago, as they remained inactive in the phone charges issue, they also did little to nothing into changing certain parameters in connection monitoring and non-repudiation, all that left to whomever else, that is the danger we will face in 2015 and 2016. Unless there is a drastic event that shakes up the media, there is every indication that nothing will be done until it is too late.

History taught us that there is nothing as effective as taking away someone’s cushy job to make the next person consider showing their teeth from day one, but that might just be my imagination.

Exploiting mobile users

Is it not amazing that in an age, where we all move into areas where things getting cheaper and cheaper, we see that mobile phones is the one article that remains into the top priced push. Yes, when you move to the post office, or to some ‘budget’ place, the only ‘cheap’ phones are the ones that are the ones that are basically in the bottom part of functionality, phones that have less than 6 months of decent quality usage before Google pushes for more updates, more android and the applications will add towards the maximum RAM.

This is my situation, I got a new phone in 2012, I needed a new one, and the one I bought was ‘decently’ priced at $299. I never regretted buying it. It still has a good screen, I have one game and a few applications, yet over the last two months the push has shown that when I have more than 2 apps running (including the dialler) the lag, the jittery screen, it all starts getting slightly wobbly, so I lock the phone, unlock it, remove all apps except the one I need and it all works fine again. Yet, my phone needs replacing not due to the hardware, but purely due to software. Looking around has been quite the revelation.

Looking at those options, I see that the $99 phones are less and less useful (specifically the smartphones). So as I started to dig, I am seeing a new change. If you want to find the price of a phone, it is often harder and harder to get clear pricing, more important, we can find less and less about how prices were and how the prices devolve.

Is it not strange that there is such an abundance of buy now places, but less and less information on the devices, the price and how long these articles are set to be for? The mobile is the new field for the technological armistice race and there are too many parties willing to make certain that the people cannot be properly informed. You see, this field has evolved for control. In the 90’s and the decade after that, it was relatively simple to get information on what graphic card one needed, which soundcard would be best. But not unlike the gaming industry, the information places are given less and less information. Is it not strange that Ubisoft (a gaming company) did not give a testing sample of Assassins Creed Unity weeks in advance? Especially when literally billions are riding on it? This is at the core of the issue, at the core of some ‘technology’ pages that are less and less information, more and more ‘typed’ marketing, not for their readers, but for the prospective buyers of the product. The media has been changing more and more and many readers remained asleep whilst reading. I must admit that the last description might not be accurate. Many will not realise this faltering until they are confronted with the fact of change (not unlike me).

If you’re looking for a console you can Google ‘PS4 price console’ and you will get pricing information on the very first page, even price drops, all localised. For mobiles it is a jungle out there and no matter how many ‘suddenly’ appear, when you want to look for that actual good deal (like the ZTE ZMAX) you will suddenly find that no one has such a good deal in stock (finding a decent site is also a challenge). They have cheaper (ad therefor useless) smartphones (I will dwell on that shortly) and of course the really ‘up to date ones’ which are not that much better than a ZTE, but will cost you 275% – 450% more. It is all about the money in the end!

You see those who choose Android (like me), will now learn what the cost of alleged abandonment is. (at http://www.zdnet.com/article/google-stops-providing-patches-for-pre-kitkat-webview-abandons-930m-users/), we saw early this week that Google is now stopping the update of the older versions. This means that as we see the headline ‘Google stops providing patches for pre-KitKat WebView, abandons 930 million users‘. This includes the bulk of the people who bought their mobile before Q4 2013. What a fine android web we weave!

You would think that it is a simple matter for updating, don’t you. Well that is not entirely correct. In my case Motorola was pretty decent in giving the information, however, when I press system update, it tells me that I am up to date, so I cannot get beyond 4.1.2 Android. This is now at the heart of several problems.

Who knows what version they are on and more important, when we consider the following text from ZDNet “In other words, the next time a researcher or hacker finds a way to exploit WebView on pre-KitKat Android, Google won’t create a patch for the vulnerability itself. However, if anyone else builds one, Google will incorporate those patches into the Android Open Source Project code“, more important, as long as this is not fixed, an increasing population will be at the mercy of forced upgrades through buying new phones outright, or chaining themselves to a new contract.

There are two sides. In fairness, should Google keep on fixing their ‘flaws’ ad infinitum? Yet on the other side, if my 2 year old mobile is now a security risk, what on earth am I paying for? More important, in this economy we would keep on paying premium just to be connected? The math does not balance out towards the need of the user. So are we witnessing a start from smartphone, back to normal phones? Let’s face it if smartphones are charged to your account and after that abandoned to this extent, what should we do?

Some will push for Apple, but there to some extent, the danger is changed, not necessarily removed. A normal phone will less likely have these issues, or change to the new player. Even though the brand leaves (from past events) a bitter taste in my month, Samsung has taken a new direction with their mobiles called Tizen OS. The following parts are known at present “It is Linux-based platform built from Nokia and Intel’s ditched MeeGo“, open source means many views, so perhaps better patches. The fact that it is Linux based is not bad either. The fact that Tizen is using HTML5, it means that we will get a wave of content that is state of the art, slim and memory efficient (no flash needed). You can look for yourself to some results (at http://www.creativebloq.com/web-design/examples-of-html-1233547), so it seems that the new road that Samsung is taking is also changing the perception that they are getting. From these upgrades, Samsung could evolve from ‘player’ to ‘top contender’. It will definitely bring the fire to the ankles of Apple, which is never a bad idea.

Tizen is not new or just a gimmick, it had been announced before and more important, it has been in development for years, yet with the Google decisions and with the issues that mobile users might be facing sooner rather than later, the timing for Tizen is pretty good and Samsung could benefit greatly, they will get additional benefit as people realise that patches are no longer coming for their less new mobiles, which will hurt consumer confidence.

If you have any doubts then the clarity from Greenbot.com should help. “Google drops Lollipop on November 3^rd2014, if you have the right device“, which makes us wonder, do I have the right device? “Maybe you don’t have a Nexus phone or tablet. Well, then the situation gets a little murky. If you have a phone purchased in the last year, odds are good that you’ll get an upgrade to Lollipop…eventually“, which gets us, what if your phone is older than one year? Then what? Which gets us the last part “Manufacturers like Samsung, LG, HTC, and Motorola have promised swift updates (typically within 90 days of release) for top devices, but those have to go to carriers to be tested before release, too“, knowing I am ‘up to date’ with my version ‘4.1.2.’ does not inspire confidence! How many people asked questions about versions of Android when they bought their phone? I am a technologist and I never gave it too much thought (other than that I wanted an Android phone). Now, it seems that my Motorola is will remain on Jelly Beans (4.1.2) and now, we have ourselves a ball game, because as this unbalanced approach is pushed from both the desire to remain free (not chained to a provider) and as the life cycle of a mobile phone is now in danger of staying under two years due to the Google changes, we now see the need to not just chastise Google, but to make it clear (actually demand) that consumers are properly informed on the limitations that they are buying at $300, if we regard that patching is done to undue the lacking security of a product sold, we get a new game where the consumer must be informed clearly in a shop regarding the purchase they make.

A costly jump that might not have been needed! This year will bring changes to the mobiles and the shops selling them, I wonder if Google considered that, or perhaps they never cared. Especially when the people get told that they will not face any issues, if they had a Nexus phone (Google’s mobile). Samsung is not without options either, as they progress towards ownership of Blackberry, they might drill into a new mobile market that revolves around data and communication security, which is another mobile hot potato, and it instantly gets them huge chunks of the financial sector for reasons not here speculated! Tactically both Google and Samsung have made brilliant moves, for the consumers not the worst move but likely a costly one this year!

Will you remain in a Google mind or move to Tizen?

Will Eva choose to try the Apple in the end?

Time will tell!

1 Comment

Filed under Finance, IT, Media, Politics, Science

Tagged as Android, Assassins Creed Unity, Blackberry, creative bloq, google, Greenbot.com, HTC, HTML5, Jellybean, Kitkat, LG, LINUX, Lollipop, Meego, mobile phones, Motorola, Nexus, Samsung, Tizen, Tizen OS, Ubisoft, ZDNet, ZTE ZMAX

January 27, 2014 · 04:45

The danger ahead

It was the BBC that gave me an insight I had not been aware of. It is easy to miss an item, even though I have been involved in IT on many levels for over 3 decades. It is just not possible to keep it all in focus all the time.

It is kind of fun to consider the words of my late grandmother. It was the only issue we could never see eye to eye on. She had an expression ‘Johnny of all, master of none‘. It was not a positive expression! I always went the other way in that regard. Whilst most went to some ‘temporary’ master as they mastered a certain niche skill. I went into the width of IT. I got exposure to such a wide field that my knowledge covered the entire foundation of IT (yes, in the time of the mainframe). After that I started to grow the base of this knowledge trying to evenly grown my knowledge of all IT fields (to some degree). My knowledge grew from programming, to consulting, to training and so on.

So where is this going?

I wrote at an earlier date about IT and the iteration approach to IT (at ‘Year of the last Euro?‘). The entire field goes a lot further. In an age of the similar devices, last week as I was prohibited from moving for 4 hours, I decided to let my mind wander and I came up with an entirely new Notebook. I categorise it as a fat notebook and I call it the ‘True Mobile System’. In an age where Sony, Asus, IBM et all seem to come up with a different names for the same flavour, my mind designed a new approach to a mobile business system.

Was it clever? Not sure! The issue is that many could have come up with it and either they are limited to what their boss dictates or they are just not thinking in a user based forward motion. Here lies the crux of many issues we have seen lately. Their way of thinking is not user based. It is often revenue based, there is a HUGE difference!

If you have read my previous blogs (especially ‘Fifth in a trilogy!‘) then you might notice a trend. In my mind most corporate IT is now all about what is in charge, not who! So as marketing decides on deadlines and evolutions, many learn the hard way that marketing is basically the extension of the CFO (and/or the stakeholders) and as such it is all about the money. If development is the science, then marketing should be seen as the ‘tainted’ picture. The problem is that too many CEO’s and others are all about this tainted picture (and as such the perception of what comes next), the science/engineering side gets too often ignored, or just briefly listened to and after that they get shut down and pushed forward to meet the deadline.

In that regard I still see the game ‘Assassins Creed 4’ (yes that pirate game), which could have been truly great and ended up being less than that (at least in my personal view)! The same can be said for business based ideas. If we consider this message (at http://www.bbc.co.uk/news/technology-25859360), where Google Chrome might be considered an eavesdropping risk, then what is safe to users?

The quote “The malicious site you visited can continue listening in on you long after you have left it said Mr Ater. As long as Chrome is still running nothing said next to your computer is private.” gives ample reason for worry. The danger from our side is that this could be a topic for conspiracy theory. Was this really ‘accidental’? I am not saying it was not or was not. It is however interesting how we as computer users have been exposed to a massive amount of security flaws in the last year alone.

In my mind, is this due to shoddy programming, or is their local marketing so set on certain deadlines and as such proper testing is no longer done? I personally think it is a combination of the latter two. As additional ‘evidence’ in my train of thought, my recent Yahoo experience comes to mind.

I have been a faithful Yahoo user since the early 90’s, for me it always sufficed. The e-mail was robust, it gave me the space I needed and as such I never regretted it. Yet, since the ‘remake’ of Yahoo it changed by a lot. The amount of failures I viewed are on a new low level of customer experience and as such, at present I am seriously considering leaving Yahoo mail and move to Google permanently.

The feedback does not have any options for filing bugs or complaints. It is all about ‘submit an idea‘ and ‘send public feedback‘. To me this all seems like the marketing image left by someone who should be lobotomised and left somewhere far away from any IT endeavour (preferably forever). Yahoo mail now exposes us to additional dangers as we no longer see a status bar in certain places. So, we no longer see ‘the’ link, which I consider a bad thing. The new system also ‘assumes’ spam, so I now have to scan my spam even more often. I can no longer sort by sender, which means that organising my inbox take a massive amount of time longer. The list goes on and on. Is it marketing at the expense of functionality? To be honest, I would need a little more evidence before I can state that as a fact to some level, but the deadline push has been visible with too many corporations and for far too long.

These issues go a lot further when you consider the article called ‘Android’s biggest security flaws‘ at ZDNet (at http://www.zdnet.com/androids-biggest-security-flaws-1339338283/). As they mention the dangers of inexperienced and malicious developers, they actually forgot about the third group, the ‘callous developer’. These firms (not the individual programmer), who are all driven to meet certain deadlines and as such might not properly test or secure their application.

It is important to note that I do not see the inexperienced developer as a real threat. Yes, they offer the same level of danger, but they are not out to harm you. You, the user, who wants applications for free (as many do) should not blame that new person for trying to get a foothold. If that developer is to be held for one thing, then in my mind it would be that too many of these freebies should bare the mark ‘Beta’ or ‘Trial’, to add an extra warning level for user downloading their new endeavour.

The big issue becomes: ‘What to do about Android?’

As the influence of android increases and interacts with all manner of devices in other ways (like with a person’s Sony-id account, so that a gamer keeps online with friends and achievements when they are not at home), gives way that security flaws become more and more harmful. More important, as we become more and more oblivious of the interaction, we might be spreading all our personal details all over the internet and that danger could grow exponentially with every additional application.

These events also shine an interesting light on an article that was in the Guardian last Friday (at http://www.theguardian.com/uk-news/2014/jan/24/justify-gchq-mass-surveillance-european-court-human-rights). When we consider the issues I listed on application security, we should take a second look at the quote in the article “Nick Pickles of Big Brother Watch said: ‘This legal challenge is an essential part of getting to the bottom of why the public and parliament have not been properly informed about the scale of surveillance and why our privacy has been subverted on an industrial scale.’”

Perhaps the quote could also be read as “Speed and disregard of proper development has allowed for open access to many computers and devices, which allows for almost complete collection and stored and such storage can only be done by just a few. This open level of availability allows the NSA and GCHQ (amongst others) to collect open source intelligence, hoping to gain the upper hand in the war on terror.”

I am not stating this is the case, but it could be seen as such. In that regard I call for the issue I mentioned in a previous blog called ‘Internet Privacy?‘ on December 27th, where we see the dangers of some applications (at http://www.theguardian.com/media/2013/dec/27/snapchat-may-be-exposed-hackers). If we consider the dangers consumes are exposed to for whatever reason, it seems odd that Big Brother watch is not more outspoken on the industrial subversion of privacy by software designers.

So here we get back to the beginning of this blog where I wrote “I designed a new way for a mobile business system.” As Microsoft has moved into a field of computers utilising an approach in the air of “With our computers you do not need to use the brain you never had in the first place“. An automated system that assumes all the time to cover 95% of its users, loaded with gaps and security flaws.

People need to get licensed to get a gun, drive a car, a boat or a plane. Yet, the dangers that computers expose us to are currently not dealt with in any serious way. I reckon that in the next two years identity theft and identity fraud will be regularly in the back of our minds, as it grows into the very visible danger it already is. If we look at some of the numbers then I could speculate that 90% of the people will directly know one victim of identity fraud or identity theft. Lexis Nexis, in their paper ‘2013 LexisNexis® True Cost of Fraud Study‘ state numbers that should scare us all. In 2013, 58% of the merchants were confronted with credit card fraud and 36% of the 2013 population was confronted with lost or stolen merchandise. These numbers by themselves are not that useful as such (at http://www.lexisnexis.com/risk/downloads/assets/true-cost-fraud-2013.pdf). Yet consider that 12.6 million U.S. adult victims of identity fraud had to deal on average with $1,653 of damage per fraud victim. The total amount becomes a staggering one and this is just the US! As technology is not properly attuned to a better level of security, but to set to please a growing marketable population these dangers will only increase. This is the true danger ahead, not what the government can see. In that regard Foreign Secretary William Hague is quite correct when he states “law-biding members of the public have nothing to fear“.