Educause Security Discussion mailing list archives

Re: Google power over Android

From: Charles Seitz <cseitz () UTM EDU>
Date: Mon, 28 Jun 2010 16:34:34 -0500

They do this with the Chrome browser already. I love the browser - it's
fast, it's clean, works with just about everything. But you'll notice that
you're never asked to update it, never see a pop up box saying that it is
updating, it just happens in the background very smoothly and cleanly with
no notice. Firefox, IE, Safari, much bigger deal to update and a much more
manual process. I assume that they've taken the same approach with Android
of making patches a seamless thing that just happens without the end user
noticing any difference.

My concerns revolve around how far they can take this process and how much
data they can remotely access on the device. I think Google needs to open up
about this before these can be acceptable to business or academia.

Charles A. Seitz
Senior Security Analyst
University of Tennessee Information Security Office
Martin Campus
cseitz () tennessee edu


On 6/28/10 4:17 PM, "Jones, Dan" <Dan.Jones () UMASSMED EDU> wrote:

To me this makes the Android/Google platform a non starter for (even
tangential) use with any sort of validated environment.

I suppose any OS patches could just be pushed without notice as well, and
wonder what recourse one would have if data was lost or the device became a
doorstop as a result. Any change in applications or OS should require prior
acceptance by the user (as a sort of change management).

Given Google's approach to protecting privacy, and this ability to install or
remove applications without notice, I've removed the HTC Incredible from my
short list of phones I would like to have.

Dan Jones
UMass Medical School



-----Original Message-----
From: The EDUCAUSE Security Constituent Group Listserv
[mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of randy marchany
Sent: Monday, June 28, 2010 4:06 PM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: [SECURITY] Google power over Android

Something sinister about this statement:

"Google has the power to not only remove applications from users'
Android phones, but remotely install them as well."

http://www.theregister.co.uk/2010/06/28/google_remote_android_application_inst
all/

Guess we have to start re-evaluating our smart phone initiatives......

-Randy Marchany
VA Tech IT Security Office & Lab.

Current thread:

Google power over Android randy marchany (Jun 28)
- Re: Google power over Android Stanclift, Michael (Jun 28)
- Re: Google power over Android Jones, Dan (Jun 28)
  - Re: Google power over Android Charles Seitz (Jun 28)
- Re: Google power over Android Adam Carlson (Jun 28)
  - Re: Google ps over Androidj ib Nick Gagliardi (Jun 29)
    - Re: Google ps over Androidj ib randy marchany (Jun 29)
    - Re: Google ps over Androidj ib Ozzie Paez (Jun 29)
    - Re: Google ps over Androidj ib Doty, Timothy T. (Jun 29)
    - Re: Google ps over Androidj ib Russell Fulton (Jun 29)
  - Re: Google power over Android Dexter Caldwell (Jun 29)
- Re: Google power over Android Ozzie Paez (Jun 29)