The last two weeks to Android have not been the easiest. From the serious vulnerability discovered Stagefright another two days later, to finally finish with an oversight of our fingerprint security on the part of manufacturers, the operating system Google has been highlighted for their security flaws. The worst thing is that there seems to be a solution , not only for this case but for security in Android in general.
Yes, it is true that the case of Stagefright has It was something beneficial for Android, but already said Ron Amadeo: security Armageddon Android can arrive any day , and preparation by both Google and by the OEM is very inadequate. So that Google through the updates to manufacturers and hopefully weeks and even months to arrive is something inadmisibile, and if the latter are not going to do anything to improve this situation Google has to take the controls, and may have the solution for all long in their ranks. Google Play Services
Without getting too technical, the function of Google Play Services is simple but extremely useful: it allows full access to Google APIs between applications to regardless of the version of Android that has the user , Play Services serve as a bridge between an application and a Maps API , Location, Drive, among others. However, what really matters to Google Play Services is its scope: between 95 and 99% of Android devices Google Play Services installed from Android 2.2 Froyo to Lollipop 5.1, the latest version
Imagine a hypothetical but plausible situation. A new vulnerability embedded in the system itself, extended to all Android versions. Google might just catch slide a new update of Google Play Services through the Play Store to include an fix this exploit , and let the application should address the rest without having to account to manufacturers , unable to get an upgrade to all your devices, including the old and now abandoned. It would be a quick, safe and above all, with a broad scope, very sued Android, which leaves (or left) to devices with three years at his mercy on security issues.
The problem is not security on Android per se , but in getting the updates when they need it. ASAP
course This solution is purely theoretical and might even enough: there may be some exploit can not be corrected by this method, so it would have to find another way. There is also the risk that, if you could bring in all kinds of code in Android through Google Play Services, developers of malware attempting to exploit this gateway to do even more damage to the operating system , so Google Play Services should be “shielded” so that only Google makes changes by this route, either through a form of identification that only Google could issue or something similar.
This leaves us with another worrying issue: whether Google can enter any data type in my Android device, by definition could also offload , which can leave even more evident when it comes to Google to respect privacy data, so Google Play Services would not be a final solution . Anyway, one thing is clear: the security situation of Android has to be corrected immediately and in the event that Google could become reality of Google Play Services, whether through root permissions or include it directly in the root Android, you can save the company from Mountain View many headaches. It is now a matter of implementing it.
No comments:
Post a Comment