No you can't, and yes they are. You're being deliberately obtuse about this, but I know why. You don't want to be told what you can't do. Plain and simple. You don't really care how it affects the general public... you just want to be able to do it. I can see you raging against the FCC and its limits on pirate radio stations. Seriously. Let me break this to you in as clear a way as possible:
WHY YOU CANNOT COMPARE MOBILE PHONES AND COMPUTERS
#1. First, look at the way Android breaks down access permissions. Users must explicitly OK any new application to access each of numerous groups of capabilities. Why is that if they're comparable?
#2. Secondly, mobile devices are about communication, and as such work over wireless cellular lines for voice and cellular data. In many instances, these services are capped, and incur immediate additional charges for their usage. Are any COMMON readily available services on your computer connected to a separate billing arrangement for their use?
#3. Most modern cellphones can track where you are at this EXACT MOMENT. Do most modern computers have built-in GPS or cellular triangulation capabilities?
Honestly, you list these examples all day.
Imagine putting a pre-teen on a cellphone and another on a desktop computer. Both devices containing a certain piece of critical information...
I can virtually assure you that a piece of malware on the cellphone could find the data much more quickly than similar malware on the computer. Moreover, even MORE data is available in much more standard formats and through much more standard methods than on a computer (contacts, web browsing behavior, camera photos, audio recordings, etc). Your latest photos can easily be identified and uploaded en masse on an Android device.
All of this is true, but you're missing the point entirely. Re-read the sentence before you zeroed in on what I was saying. Here it is: "This is about social engineering." On your computer, you can have all sorts of different applications that store your information in various ways. On a mobile device, numerous pieces of information are stored in VERY standard ways, right? Doesn't that make a MUCH more attractive target? Re-read my comments about apps that UPLOAD your contacts. There was an example discussed somewhere else, where this happened, and the company identified the user's phone number, and called them back for "follow-up" purposes. I'm sorry, on what desktop system do you use that such a thing is even considered by the most insensitive companies?
Data consumption habits on iPhone's have pretty much single-handedly given AT&T a black-eye on service. At conventions, people often note that the convergence of cellular data users often times maxes out available spectrum. The "spectrum gap" is not some fairy tale invented by carriers and the FCC to hog tie users to the fallacy of limited wireless resources. I honestly believe carriers need to step it up. Sprint seems to be way ahead in having a network capable of taking a lot of load. Verizon seems to do well too. Don't pretend however, that MASSIVE load caused by a cellphone botnet couldn't take down a network.
When a major carrier responds to a request for c
omment on its latest outage with: "After investigating the cause, we have determined that a backend system software error had generated abnormal congestion on the network." Ah... but its SERVER software you say. Mobile apps from multiple users can't cause similar congestion? Let's
look to the FCC for comment:
And, this is NORMAL usage, remember... this isn't about "rogue applications" (or faulty ones that are poorly programmed to use massive bandwidth for little reason).
Really? Because Android does what? Gives you a handful of more options? The concern is NOT a "handful of more options". The main concern is badly written apps and malware having access to profoundly sensitive information. You remember when people jailbroke their iPhones and accidentally left the root SSH password as Alpine, and someone just sniffed around, and started remotely logging into iPhone's left and right?
Remember the story that put Digg on the map?
http://macdevcenter.com/pub/a/mac/2005/01/01/paris.html
Exactly HOW did Paris Hilton's phone book get hacked? Well, if it were her computer, this wouldn't have happened. It occurred because T-Mobile's servers got hacked, and these servers provided a backup of her emails and address book (and phone numbers). Now, AT&T was recently hacked, exposing the identities of numerous iPad 3G purchasers. This all feeds into the whole issue with Windows and how people find more vulnerabilities because its so popular. Android HAS NOT been very popular until this year, so its "OPEN" system has hardly been tested. iPhone's (and the iOS) on the other hand, are EXTREMELY high profile (so finally Apple is getting a taste of what real hacker attention feels like).
Using social engineering, if the popular iPad (or its non-Apple twin, gaining the same attention, sales and profile) was running Android TODAY... someone could have easily used the AT&T breech to "handshake" with a popular Android Marketplace app that does something amusing, light-hearted, topical, and engaging.
Read a message from the Android security team:
http://android-developers.blogspot.com/2010/06/exercising-our-remote-application.html
But, note comments like "centralized market". These aren't "desktop" concepts. "Remote Kill"? Why would desktops need such "big brother" tactics? Chiefly because mobile users are at the mercy of BAD SOFTWARE designed to trick, fool, and swindle them out of private data and sensitive identity information.
hitekalex, take a time-out for a moment and recognize where we are in this world right now. Think about the rash of identity theft, and the proliferation of spam and Nigerian scams to steal things SO much more useful than your credit card number.
As Android Market's deleted Banking apps from earlier this year showed... just think if you'd been fooled into thinking your "Bank of America" application was official, and that the developer didn't say "Bank of America", because they'd likely contracted the app out. You log in, and the app merely "processes" the "Bank of America" site into a mobile form automatically for you. Not very good, but it does the job. Later, you find to your horror that your bank account has been emptied, and your receive a message from Google stating that the app you'd purchased has been remotely deactivated due to fraudulent activity reported by users. You contact Bank of America, but they have no answers. You run to Google and the forums are filled with angry customers.
http://articles.moneycentral.msn.co...vacy/bank-fraud-there-is-an-app-for-that.aspx
I'm sorry. Don't tell me you'd rather wait and see the fruits of their labor. Personally, we ALL need to be talking about this in DEPTH, and understanding the nature of risk. Right now, Google's security precautions read VERY OPAQUE to me. Moreso than Apple's. The problem with Google's model, is that they have allowed something Apple expressly prohibits. Namely... Apps in the marketplace, can download additional code that CHANGES ITS NATURE after its been installed (code that does NOT go through Google's checks and balances for protection). They only need to access the Internet, and they're golden.
~ CB
