Skip to content

Evil Google

Google to kill passwords on Android, replace ’em with ‘trust scores’

Quote

Bad idea – basically adds new features for google to identify you, track you, and sell your private info to their empire. Yeah, I need protection from Google, not protection from them.

Google is planning to use “trust scores” to kill off traditional passwords on Android.

The internet giant wants to get rid of password logins, at least for Android apps, by 2017. Google outlined its plans at its I/O conference last week.

Chrome trumps all comers in reported vulnerabilities

Quote

More vulnerabilities were discovered in Google Chrome last year than any other piece of core internet software – that’s according to research that also found 2014 clocked record numbers of zero-day flaws.

The Secunia Vulnerability Review 2015 report [PDF] is built on data harvested by the company’s Personal Software Inspector tool residing on “millions” of customer end points, each with an average of 76 installed applications.

It said the Chocolate Factory’s web surfer had more reported vulnerabilities than Oracle Solaris, Gentoo Linux, and Microsoft Internet Explorer which rounded out the top four among the analysed core products. ….Chrome leads the browser pack with 504 reported vulnerabilities followed by Internet Explorer with 289 and Firefox with 171. Some 1035 flaws were reported across all browsers including Opera and Safari, up from 728 in 2013.

Wait, but isn’t Google itself a threat?

Rooting your Android phone? Google’s rumbled you again

do-evil-google

Quote

Google’s crackdown on rooted Android devices continues. Citing security reasons, Google doesn’t want rooted ‘Droid phones to use mobile payments via the Android Pay infrastructure.

This is a standard not required by Pay’s predecessor, the now-deprecated Google Wallet.

In turn, this has led to a cat-and-mouse game with Android’s substantial global enthusiast community. Now a door that modders opened slightly a few months ago has been slammed shut.

A developer last year found a way of rooting Android without disturbing the /system partition (aka “systemless root”).

A Google engineer acknowledged last year that if it had to scan and verify every file on the partition, the phone would be “bogged down for tens of minutes”.

Respite was temporary. Systemless rooting will now fail to fulfil an Android Pay transaction. Pay now introduces an additional check, performed by Android’s SafetyNet framework.

This post at XDA Developers explains that several further tweaks are required to work around the latest security check.

Ah if it was only that simple. Google fears malware, but the real reason is that is that it looses the ability to hoover up all your private information. One of the comments in the article was spot on:

The trouble with that is if Google Pay refuses to work, then Google Play (with an L) refuses to work *even for free apps*.

And you can’t uninstall Google Play Services without it taking all your downloaded apps with it. It uninstalls them when you turn it off in the settings.

This is the linkage game no different than when Microsoft did it.

Google Play Services is one of the most virulent spyware apps ever. Tracking, surveillance, access to cameras, microphones the lot. It has no purpose doing that, yet it does it for Google’s benefit.

You probably don’t know its tracking your location, and monitoring your app usage and all the other things “Carrier IQ” was doing. Sadly it is.

We need a true open source phone (which is what Anrdoid was supposed to be) away from the spying eyes of Google, the carriers and their ilk. Google is a monopolist. Why root? to get rid of the crapware, and spyware installed on the phones and to get security fixes faster and for longer. But if your entire life is on the phone (and then hoovered up and sold on), rooting is not for you. Just bend over for the likes of Google.