The downside to fragmentation (1 Viewer)

[ManW_TheUncool]

I don't see anyone painting Alibaba as the wronged party in that piece though -- seems like a fairly helpful piece at least for us not-in-the-know anyway. Are you talking about some other articles instead?

_Man_

 

[Hanson]

Just referring to the internets in general, mostly from the comments sections.

It is interesting that Google allowed a smaller Chinese OEM in their OHA to release an Aliyun handset. There is some speculation that this measure was a message to Samsung after Verizon's CEO hinted that Samsung might want to develop their own OS, which would likely be an Android fork.

There is an inconsistency here with the way Google is handling this issue. But it's a matter of Google letting it slide earlier then realizing the can of worms they were opening up. The OHA agreement that Acer and others signed with full consent is being enforced. But this does not mean that Android is not open.

Interestingly, the BB Playbook has an Java runtime feature that will run Android apps. Obviously, BB isn't in the OHA, but this would have put it in the same boat as Aliyun.

 

[Sam Posten]

Again, it all comes down to the carriers first, google second, oems third and users last.
Anyway, Thomas Hawk continues to vent his frustrations over JB:
https://plus.google.com/+ThomasHawk/posts/P4TQJANDw5a
Love the comments telling him to just root

 

[Hanson]

The commenters don't seem to understand that iphone updates come straight from Apple and not via the carriers.
It was a huge mistake on Google's part to release a Nexus phone through Verizon. Verizon has a vested interest in seeing it fail. The one thing Verizon doesn't want to be is a dumb pipe, which is exactly what the Nexus is about. The iphone is already there.
The irony of the update problem is that a lot of the people who are affected by it are also willing to root - most Android owners don't know or care about updates. They don't even apply them when they get them. My wife has an iPod touch running iOS4. She has no interest in changing. Most people hate change, even if it's ultimately better.
The problem then is Android is beholden to carriers to push out updates. Yet outside of a vocal minority, most users don't care. That's why it's not perceived to be a big deal by he carriers.
Ultimately, Google struck a deal with the devil. Without Verizon's aggressive Droid marketing or Sprint's Evo campaign, Android would have been bumping elbows with BB and WP for distant second place. Until more owners care about getting updates and one carrier (say, Sprint) starts picking up activations because of their reputation for fast updates, none of the carriers are going to do squat.
BTW, while the GB to ICS path was anything but smooth, the ICS to JB path is relatively easy. So the fact that even Sprint is able to push out updates after coming late to the Nexus party means that Verizon is just being dicks about it.

 

[Sam Posten]

Noted. The alternative is that Google could have and still could ensure that there is a mechanism for every user to update if that was more important to them than it is to make carrier specific concessions. You know, like Apple does. But that messes up their business plan.
That's the downside of that choice. There are alternatives.
Anyway, for those who want to rah rah Android, here's a good list. You can argue about whether the choices on it are good or not for your individual tastes but they do clearly offer alternatives that Apple does not.
http://www.nbcnews.com/technology/gadgetbox/10-ways-android-beats-iphone-5-1B5919523

 

[Sam Posten]

The Aliyun thing continues to heat up:
http://arstechnica.com/gadgets/2012/09/google-blocked-acers-rival-phone-to-prevent-android-fragmentation/

 

[Sam Posten]

Danny Sullivan lays out the big picture here, and this is what I'm talking about regarding hypocrisy: Google wants to have it both ways, with it's truly open source components of AOSP and the closed requirements of th OHA.
http://marketingland.com/what-is-the-one-true-android-and-how-open-is-it-21664

 

[Sam Posten]

Legit question to Android fans. Are you creeped out by this or do you think it's a valuable,exciting development that is not possible on iOS?

Glympse‘s CEO, Bryan Trussel, told me his team develops its contextual mapping app on Android first, then moves it to iPhone.
Why is this?
A few reasons:
1. Android lets developers have access to the dialer so that app developers can watch who calls you and who you call.
2. Android lets developers look at the wifi and bluetooth radios on the phone so app developers can build better systems to track where you are, who you are near, and whether you are near things like your car.

http://scobleizer.com/2012/09/12/context-is-the-new-battleground-between-android-and-ios/
I only have non-phone Android devices, if this kind of thing WAS on my device I would lock it out or delete it if I could.

 

[Hanson]

Everything is a trade-off. If these apps provide real utility, it's worth it. But if it just gives you creepy, useless stuff, it's uninstalled.

The real issue is, you can choose to install or uninstall these programs.


BTW, those two items aren't that big of a deal. Phone history and GPS location are actually very commonly used APIs.

 

[Sam Posten]

OK, but are the repercussions of that obvious? If you grant the normal "this app has access to private data" kind of thing is it clear that it is giving access to that level?

 

[Hanson]

To be honest, I don't really care that much. If it were some janky screensaver from a Chinese app store, I might be concerned, but I don't install those. I install apps based on what others are saying about them. No developer is going to go through the trouble of making a good, useful app as a cover for stealing your data. And even if they did, someone would catch it very quickly. So really, I don't bother myself with that kind of paranoia.

I see these reviews in the app store (especially in the Amazon store) where someone gives an app one start because it asks for permission beyond writing to storage. Like, the one star ratings for Swiftkey are almost all from paranoiacs who think that the permission to read what you write means they're transcribing everything you type and sending passwords to the mother ship. How else are they going to correct your spelling unless it's analyzing what you write?

 

[Sam Posten]

OK, gotcha. I take it a bit more seriously, given problems we have already seen based on what was possible with even Apple's limited amount of data given to Devs.
http://www.businessinsider.com/hacker-group-claims-to-have-stolen-12-million-apple-udids-from-fbi-2012-9?op=1
Imagine that a dev had built a database of users with everything that Android allows, and that information was compromised and sold off to hackers. Would you be more concerned then?

 

[Hanson]

The only reason that kind of data was hanging around like that is because the UDID was a poorly conceived and ultimately insecure system. The Android data from these apps is encrypted and sent anonymously. So there's no way to hack into SwiftKey's servers and swipe a database with everyone's names and addresses. It doesn't exist. And most of this data doesn't even leave the phone anyway.

 

[Sam Posten]

I don't understand how that can be. Either devs have access to this or not. And once they have access to it you can't be sure what they will do with it.
UDID was not supposed to be used as a customer identifier, it was used that way because Apple did not provide Devs any other way of doing so for just those particular privacy and tracking reasons. Once that genie is out of the bottle it is out of the OS manufacturers hands and if the dev is syncing to their own databases there is no way to know what they do or don't send other than what they admit publicly. Yes the endpoints might be secure but clearly that data can be moved off the server just as it was with the UDID data.

 

[Hanson]

Because UDID was Apple's identifier, and had addresses, names, and all sorts of information with which to commit fraud. What do I give my apps? An email address. These are incongruous.

 

[Sam Posten]

I don't think you understand what happened. The UDID is just a number, it doesn't have any other data attached to it other than what the developer had access to from within their app. Devs like Openfeint were able to put a lot of things together because they were able to triangulate from multiple apps using UDIDs. Including real names and email addresses. Other Devs, like Path, took liberties with things they had access to that they shouldnt have.

Apple has been allowing devs and ad networks to track UDIDs for years. Why the sudden backlash now?
For iOS app privacy concerns, the straw that broke the camel’s back was Path, a social networking app for the iPhone that was uploading a user’s iPhone address book and storing it on its private servers without permission. Nothing nefarious was being done with the data — and, in fact, uploading address book contents to third-party servers is a common occurrence — but the news hit at the perfect time to raise a stink about mobile app privacy in general.
The controversy surrounding Path had nothing at all to do with UDIDs, but it was so well publicized that people started wanting to know how much our apps know about us and what they do with that information. We all want our information, like an address book, to be protected. Although we constantly share everything we do online, there’s still a desire to have at least a semi-private life in a digital world.
Following severe criticism of Apple’s iOS privacy measures from the media, members of the U.S. Congress sent letters to Apple and App Store developers asking how apps collect and manage their users’ personal information. Apple eventually responded, saying that it was working on a new way for everyone to opt into sharing personal data with apps in the future.

http://www.cultofmac.com/160248/what-the-hell-is-a-udid-and-why-is-apple-worried-about-them-feature/
It seems the Android ecosystem has even more access to the User's private data, the question is whether users have enough insight about how that data is stored and used. Again as an Android user myself I know that each time I install an app it asks me once for a list of approvals without really telling me what it is going to do with that data and what ill could come to me in case it were to be exploited in the way that the UDID and Path's access to contacts was. My understanding of Android is that once you give that permission then they have the keys to do whatever they want with it and there is really no way to be sure.
Apple on the other hand says that there is no reason to give access to the dialer and contacts to 3rd parties. Major philosophical difference. So you can choose to have that data secured at the OS level or you can trust developers after giving them permissions you don't necessarily really understand.

 

[Hanson]

How did BlueToad get personal user information? None of the articles I'm reading are explaining that.

 

[Sam Posten]

Very good question.
Again there are a number of ways you can do this:
-Ask the users
-Coordinate from other apps where users have provided it
-Snoop it
-Get it from the OS.

As we wrote in our Ask Ars on the topic, the UDID itself is just a string of characters that uniquely identifies a particular iPhone, iPad, or iPod touch—practically every developer that offers apps on the App Store has a list of UDIDs somewhere, and the UDID alone cannot reveal much about you. But many app-makers did collect some personally identifiable information from users—such as names, phone numbers, addresses, and other data—and associated it with their UDIDs. As such, it is possible to de-anonymize a UDID and associate it with other information floating around on the Internet.

http://arstechnica.com/apple/2012/09/publishing-firm-ios-udid-leak-came-from-us-not-the-fbi/
I'd suspect it's the first. Apple says the same:

But Apple has affirmed that the data stolen from BlueToad is typical of what an app developer might have on record.
"As an app developer BlueToad would have access to a user’s device information, such as UDID device name and type," Apple spokesperson Trudy Muller told the Times. She added that developers would not automatically have access to other personal information "unless a user specifically elects to provide that information to a developer."

I honestly never heard of Blue Toad before this, CNN says:

BlueToad, a privately owned firm based in Orlando, Florida, has 30 employees and works with 5,000 to 6,000 publishers to repurpose their content on various devices.
Although DeHart declined to name BlueToad's publishing clients, the company's work is seen on 100 million page views monthly, he said.
"I would like to think this wouldn't happen again, but with thousands of attacks (daily), this is an evolving, continuing process," he said.

http://articles.cnn.com/2012-09-10/tech/tech_web_apple-hack-bluetoad_1_unique-device-identifiers-antisec-hack-attack
So any of 3000 points of trusted publishing could have provided it to these (redacted) who kept it in an unencrypted file.
Think of it like Publishers Clearinghouse. PC doesn't make a single damn magazine but they know about EVERY magazine subscriber cause that's how they work with publishers to pump up readership.

 

[Hanson]

Here's an excellent article on Android updates and why you will likely never have the newest version on your phone:

http://www.androidcentral.com/why-you-ll-never-have-latest-version-android



Quote:

[COLOR= rgb(81, 81, 81)]Then open -- or [/COLOR]“openy”[COLOR= rgb(81, 81, 81)] -- nature of Android has its advantages -- a wide variety of hardware, hackability and custom ROM support, endless choice in screen sizes, software customizations, multimedia chops, chassis styles and industrial designs. But it comes with one major Achilles heel -- the labyrinthine, time-consuming and expensive process of getting phones updated with a new version drops. It’s not necessarily anyone’s fault, but it's a weakness that's built into Android's DNA, and one we doubt will ever be overcome.[/COLOR]

 

[ManW_TheUncool]

It's largely why people don't usually upgrade Windoze on their machines either.

_Man_