Educause Security Discussion mailing list archives
Re: Google ps over Androidj ib
From: randy marchany <marchany () VT EDU>
Date: Tue, 29 Jun 2010 10:40:07 -0400
The concern raised by this shouldn't stem from the fact that Google removed these apps without notice, but rather that your >users may have installed them in the first place and never known the implications (meaning they could be running rootkits without >your knowledge). If Google uses this power to remove applications that have known rootkit behavior, I don't think they'll get much >grief from me. Like most people, I would prefer this power not exist, but I wouldn't consider this particular example an abuse.
The concern is that the phone provider has access to ANY file on the smart phone. Has this always been the case? Yep. It's just this article brings this ugly truth to the forefront. This has serious implications in the way we develop mobile/smart phone policies/procedures. If your institution's "sensitive" email/data will be stored on a smart phone (let's face it's a likely scenario) in the form of email attachments, files with passwords (the electronic equivalent of the sticky note), etc. then Google/Apple/Generic has potential access to that data. Yes, there might be license agreements about the Google's procedure for removing data from a smart phone but that process is not clear. I might have a file called "rootkits" on my smart phone device because my job is computer security. I don't want any phone provider to decide for me what should or shouldn't be on my phone. The "security because I know better" model that AV and other "preventive" security model is a reactive strategy and still results in compromises. Removing a suspicious app from their store (Apple store, Google store, etc.) is one thing and I'm in favor of that to some degree. Removing a "suspicious" app from my phone w/o my knowledge/permission/control is a completely different thing.
And FWIW, Apple has much more draconian control over their apps, so if control over your device is something you value, then the Android is still a much better choice than an iPhone. I would say the iPhone is a better choice for people who specifically want others to control their experience and environment (including which apps you're allowed to run on your phone).
This isn't a "android vs. iphone" conflict. It's a phone manufacturer/service provider vs. end-user/customer thing. This is similar to the "who owns the computer data on your car" conflict where car manufacturers say they own it and the car owner says it's mine. Who owns the data on a smart phone? Who has access to that data? Is end user privacy being "facebooked" by the phone manufacturers? We need to consider these new threats to our institutional data. -Randy Marchany ISO, VA Tech
Current thread:
- Google power over Android randy marchany (Jun 28)
- Re: Google power over Android Stanclift, Michael (Jun 28)
- Re: Google power over Android Jones, Dan (Jun 28)
- Re: Google power over Android Charles Seitz (Jun 28)
- Re: Google power over Android Adam Carlson (Jun 28)
- Re: Google ps over Androidj ib Nick Gagliardi (Jun 29)
- Re: Google ps over Androidj ib randy marchany (Jun 29)
- Re: Google ps over Androidj ib Ozzie Paez (Jun 29)
- Re: Google ps over Androidj ib Doty, Timothy T. (Jun 29)
- Re: Google ps over Androidj ib Russell Fulton (Jun 29)
- Re: Google ps over Androidj ib Nick Gagliardi (Jun 29)
- Re: Google power over Android Dexter Caldwell (Jun 29)
- Re: Google power over Android Ozzie Paez (Jun 29)