Re: Google ps over Androidj ib

[Ozzie Paez <ozpaez () SPRYNET COM>]

You bring up some really good points with regards to private/sensitive
information.  The technical concern I have is the possibility of a developer
inside or most likely outside of Google pushing an application that can
search, gather and send back sensitive information to a repository, where it
can then be further searched for information of interest and/or to identify
the best targets.  There are a number of data search, gathering, processing
and targeting models for this that raise the possibility of significant
threats.  At this point, the huge volume of end user appliances offers a
kind of protection in numbers, similar to being in a herd of dear to lower
your chances of being eaten, but that strategy can be undermined when
automatic searching and pre-processing takes place.  Hopefully, there are
systems in place to detect and respond to such automated attacks, but I am
always surprised when they succeed in new platforms where lessons learned
have not been fully integrated into the underlying security model.
Ozzie
SSE/SAIC

-----Original Message-----
From: The EDUCAUSE Security Constituent Group Listserv
[mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of randy marchany
Sent: Tuesday, June 29, 2010 8:40 AM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: Re: [SECURITY] Google ps over Androidj ib

> The concern raised by this shouldn't stem from the fact that Google
removed these apps without notice, but rather that your >users may have
installed them in the first place and never known the implications (meaning
they could be running rootkits without >your knowledge).  If Google uses
this power to remove applications that have known rootkit behavior, I don't
think they'll get much >grief from me.  Like most people, I would prefer
this power not exist, but I wouldn't consider this particular example an
abuse.
>

The concern is that the phone provider has access to ANY file on the
smart phone. Has this always been the case? Yep. It's just this
article brings this ugly truth to the forefront. This has serious
implications in the way we develop mobile/smart phone
policies/procedures.

If your institution's "sensitive" email/data will be stored on a smart
phone (let's face it's a likely scenario) in the form of email
attachments, files with passwords (the electronic equivalent of the
sticky note), etc. then Google/Apple/Generic has potential access to
that data. Yes, there might be license agreements about the Google's
procedure for removing data from a smart phone but that process is not
clear.

I might have a file called "rootkits" on my smart phone device because
my job is computer security. I don't want any phone provider to decide
for me what should or shouldn't be on my phone. The "security because
I know better"  model that AV and other "preventive" security model is
a reactive strategy and still results in compromises. Removing a
suspicious app from their store (Apple store, Google store, etc.) is
one thing and I'm in favor of that to some degree. Removing a
"suspicious" app from my phone w/o my knowledge/permission/control is
a completely different thing.

> And FWIW, Apple has much more draconian control over their apps, so if
control over your device is something you value, then the Android is still a
much better choice than an iPhone.  I would say the iPhone is a better
choice for people who specifically want others to control their experience
and environment (including which apps you're allowed to run on your phone).
>

This isn't a "android vs. iphone" conflict. It's a phone
manufacturer/service provider vs. end-user/customer thing. This is
similar to the "who owns the computer data on your car" conflict where
car manufacturers say they own it and the car owner says it's mine.
Who owns the data on a smart phone? Who has access to that data? Is
end user privacy being "facebooked" by the phone manufacturers?

We need to consider these new threats to our institutional data.

-Randy Marchany
ISO, VA Tech