That mess isn't getting better any time soon.
Somehow, Android’s messaging mess is about to get even worse
Google made this bed but we all have to lie in it
One of the biggest botched opportunities in all of Silicon Valley in the past few years is Google’s repeated, persistent, tragic-on-a-Greek-scale failure to get its messaging products right. Six (six!) years ago I detailed Google’s massive effort to unify everything under Hangouts. Every year since then has been either a fiasco, catastrophe, retrenchment, or an outright retreat.
After five years of that, Google threw in the towel and put the carriers in charge of text messaging on Android. It went all in on RCS Chat in April 2018, an SMS replacement that could be owned and operated by the mobile carriers.
It turns out that giving over control of your entire messaging product strategy to the companies that are focused on mergers, 5G, and TV streaming apps was a bad idea. Who could have guessed?
[automerge]1586362563[/automerge]
Let's not forget alot of those "extra apps" available for Android is malware.
Naked Security – Sophos News
nakedsecurity.sophos.com
What might some Android apps be quietly doing behind the backs of their users?
The answer, according to a succession of studies, is quite a lot, probably more than some users would be comfortable with if they knew about it.
This isn’t necessarily about outright malicious apps so much as legitimate apps taking liberties or installing with capabilities users wouldn’t expect to exist.
For example, in March researchers reported that some apps pay a lot of attention to other apps installed on a device, which in theory could be used to gather data on a user’s behaviour and inclinations.
But a recently published study from researchers at Ohio State University, New York University, and the Helmholtz Center for Information Security (CISPA) offers hard evidence that undocumented and hidden behaviours often extend far beyond mere nosy snooping.
Using a sophisticated static analysis tool called InputScope developed for the purpose, the team analysed the behaviour of 150,000 apps, comprising the 100,000 most popular on Google Play in April 2019, plus 30,000 apps pre-installed on Samsung devices, and 20,000 taken from the alternative Chinese market Baidu.
The study examined two issues – what proportion of apps exhibited secret behaviours and how these might be used or abused.
Of the 150,000, 12,706 exhibited a range of behaviours indicating the presence of backdoors (secret access keys, master passwords, and secret commands) plus another 4,028 that seemed to be checking user input against blacklisted words such as political leaders’ names, incidents in the news, and racial discrimination.
Looking at backdoors, both Google Play and apps from alternative app stores such as Baidu showed roughly the same percentage of apps falling into this category, 6.8% and 5.3% respectively.
Interestingly, for pre-installed ‘bloatware’ apps, the percentage showing this behaviour was double the other sources at around 16%.
This finding chimes with a public letter sent to Google CEO Sundar Pichai in January by Privacy International that criticised the way that pre-installed apps are often not scrutinised for privacy and security problems, creating a tempting workaround for surveillance.
As a separate 2019 Spanish study documented, the provenance of pre-installed apps is often shadowy, based on commercial tie-ups between phone makers that the end user would not be aware of.
The latest results would seem to confirm this, not only for behaviours that can be described as backdoors but for secret blacklisting.
