Why we need Android to become a truly open source phone OS

When the serious SSL exploit “Heartbleed” was announced, I was at lunch. By the time I got home from work, there was already a patch in the Debian repositories, and there was one in the Ubuntu repositories before I went to bed.

Both Debian and Ubuntu are distributions of linux, and are installed on all sorts of different computers – from laptops to desktops to servers to the tiny Raspberry Pi, so the “oh, Android’s on lots of different hardware” argument seems a little thin to me.

Contrast that with the response to the “Stagefright” Android security hole. Announced at the end of July, it still took the big Android manufacturers a week to simply state that they were going to provide monthly security updates.

What they didn’t say was that the patches would roll out slowly, and only for selected models of phones. If you look at this list of patched phones, you’ll see that whether or not you’re patched has a lot to do with how new your phone is and who your carrier is. Have a Galaxy S3? I hope you’ve got Sprint as a carrier.

This, unfortunately, isn’t new. A vulnerability discovered in older versions of Android (and by old, I mean “the primary version in mid-2013”) simply will not get a patch.

Which is kind of crap. It’s leaving people who can’t afford to get a new phone every year or two (or simply don’t want to give up a perfectly good phone) in the dust.

And yet, my near end-of-support cycle Ubuntu laptop got a software patch for Heartbleed within 24 hours.

But this is not just a customer service issue. This is a national security issue. Take a listen to RadioLab’s story about Darkode. Realize that everything that applies there also applies to your smartphone.

Yes, I realize that our government (hello NSA!) thinks that there’s a benefit to having the code be closed. But just like ISPs and PC manufacturers realized it was less expensive to provide antivirus software to consumers, so must our defense industry realize that having the ability to quickly and easily stop exploits will be far less expensive than dealing with the fallout from huge mobile botnets.

We don’t have to abandon Android (or iOS with its linux-style backend); we do have to make it so that these commercial providers have the same kind of security consciousness and responsiveness that free and open source software does as well.

It’s entirely possible there’s a real reason what I’m suggesting couldn’t happen. If so, please educate me.

Writing, Critiquing, and Challenges, oh my!

I've not been making the posts recently, but the challenge has still been going strong. Come write with us this
Read More
<span class='p-name'>Writing, Critiquing, and Challenges, oh my!</span>

Tracking, Advertising, Your Privacy, and this blog

Given the (hopefully temporary) defeat of net neutrality in the United States and my evolving desire to protect your privacy,
Read More
<span class='p-name'>Tracking, Advertising, Your Privacy, and this blog</span>

Four Things To Do on World Refugee Day

About every other post or tweet/toot thread I see about the way the US is treating families of immigrants has some variation of this: "But what can we do?" Here's four ways.
Read More
<span class='p-name'>Four Things To Do on World Refugee Day</span>

Never forget: This land was made for you and me

I'd like to remind you that with countries, just like people, it's easy to let the best of yourself slip away. This land was made for you and me.
Read More
<span class='p-name'>Never forget: This land was made for you and me</span>

It is time to stand.

Read More
<span class='p-name'>It is time to stand.</span>

Neo-Confederate = Current Racist

"Neo-Confederate" is an ugly euphemism, nothing more.
Read More
<span class='p-name'>Neo-Confederate = Current Racist</span>

A Father’s Day Wish. Copy, share, repeat.

Read More
<span class='p-name'>A Father’s Day Wish. Copy, share, repeat.</span>

Weekends are writing time.

The challenge has still been going strong. Come write with us this weekend!
Read More
<span class='p-name'>Weekends are writing time.</span>

There is no perfect candidate. There is only the best one available.

Oh. My. Sweet. Lord. We're already seeing it. The threats that if Democrats aren't "pure" enough, then they're not getting the
Read More
<span class='p-name'>There is no perfect candidate. There is only the best one available.</span>

If there’s one Nazi (or a racist) at the table…

Because this post by David Avallone needs signal-boosted outside of Facebook (or Twitter) alone: "As we say in Germany, if there’s
Read More
<span class='p-name'>If there’s one Nazi (or a racist) at the table…</span>

Popular posts:

  • HOWTO Make Your Hamburger Helper Better
  • If there's one Nazi (or a racist) at the table...
  • The Songs That Chronicle Our Lives
  • Word Porn Quotes
  • I am not a number; I am a free man, OR, why you should never rely on social media
  • It's not being "Awkward", and the difference between Excuses and Explanations
  • I really like you, but I have to break up with you before I don't.