undefined | Better HN

0 pointsmd_9y ago0 comments

Wait, what?

If you are running something based off of AOSP, you're running code that was touched by Google employees. Is your fear that Google is installing backdoors to help the CIA? If so, why are you afraid of that?

0 comments

sqeaky9y ago

> you're running code that was touched by Google employees

Doesn't matter who touches code when that code is publicly visible and available to the scrutiny of everyone. AOSP can be checked out and audited independently, just like any open source project.

md_OP9y ago

Sure, I guess. As I noted elsewhere in this thread, in general your risk is that the cost of exploitation is low (e.g. Android 4.x) or your value of exploitation is high (e.g. San Bernardino shooter).

Open vs closed source is a distinction I don't see a lot of folks in the security community take seriously, and for good reason: it's a response to a very specific threat model, where your concern is not primarily accidental 0days but intentional backdoors.

I would posit that the cost of a backdoor is probably higher than the cost of an 0day: the reputational risk to Google or Apple if they were discovered to have planted one is worth potentially billions of dollars in sales, so they will spend a lot of money fighting any such court order (and, as far as we know, such an order has never been successfully made).

The counterargument here is that if the government did win such an order, the backdoor is the gift that keeps on giving, whereas 0days eventually get patched and fixed.

But that's a long digression. For most users, this is simply the wrong threat model.

jcfrei9y ago

Right, so in the scenario I mentioned, an update to a Google application would give this application more access to the kernel (through some backdoor) and enable it to intercept the communication of other apps. I'm asking whether this is possible or not - assuming the kernel itself cannot be modified. If that's the case then parts of the android kernel or the way android handles access to microphones, etc. might need to be hardened in the future.

md_OP9y ago

The Android security model doesn't work that way. Non-system applications can't access the kernel, minus a local EOP or something like that.

Is that your concern? And if so, why are you concerned specifically about Google apps? Any malicious app can exploit a local EOP.

matharmin9y ago

Google Apps are typically installed as system apps. Play Store is obvious, since it needs to be able to install/update applications without prompting. The need for other apps (e.g. Gmail) to need system-level permissions is less obvious, but most of them fail to run if you just sideload it without the permissions.

1 more reply

jcfrei9y ago

Yes, that is my concern. You mention system applications - I believe this excludes any application which can be installed (with an app store or apk)? What is a local EOP? I couldn't find any info on this abbreviation. I used Google as an example.

2 more replies

j / k navigate · click thread line to collapse

0 comments

sqeaky9y ago

> you're running code that was touched by Google employees

Doesn't matter who touches code when that code is publicly visible and available to the scrutiny of everyone. AOSP can be checked out and audited independently, just like any open source project.

md_OP9y ago

The counterargument here is that if the government did win such an order, the backdoor is the gift that keeps on giving, whereas 0days eventually get patched and fixed.

But that's a long digression. For most users, this is simply the wrong threat model.

jcfrei9y ago

md_OP9y ago

The Android security model doesn't work that way. Non-system applications can't access the kernel, minus a local EOP or something like that.

Is that your concern? And if so, why are you concerned specifically about Google apps? Any malicious app can exploit a local EOP.

matharmin9y ago

1 more reply

jcfrei9y ago

2 more replies

j / k navigate · click thread line to collapse