Android 4.4.2 removed key security feature
The Electronic Frontier Foundation (EFF) literally the day before yesterday expressed its approval of an extremely important from a security point of view function that appeared in Android 4.3: setting up individual permissions for each application. In the App Ops setting, you can disable / allow each application to fix the IMEI number, collect geolocation data, read the address book, and so on. This feature has long been asked to implement in Android - and its appearance has become a big event.
Unfortunately, with the release of Android 4.4.2 update, it was decided to cancel the changes made - and the App Ops section just disappeared from the settings. Google has stated that the feature was released "by mistake."
Update Android 4.4.2 was released this week, there is no possibility of setting permissions as such.
')
The Electronic Frontier Foundation turned to Google for comment and received an unexpected response. It turns out that this function was not planned to be released at all, it was experimental and got into the final release by accident. Changing permissions for some applications can disrupt their work, therefore, to ensure the integrity of the system, the experimental function was removed with the update of Android 4.4.2.
The Foundation for Electronic Frontiers was suspicious of this explanation. They believe that it can not be an excuse for removing a useful function instead of improving its work. “In many cases, a“ breakdown ”of an application when a ban is placed on geolocation, reading an address book or IMEI can be easily corrected, for example, by submitting an application with fake coordinates, an empty address book or an IMEI number consisting of zeros, the EFF said. - Alternatively, Google could have added to the developer documentation that such API calls might not work for privacy reasons, so the program should provide an exception for this case. A good compromise would be to use fake data for older versions of the Android API and well-defined exceptions in future versions of the API . As with other changes in Android devices and new OS versions, some developers will simply make minor changes to the program code. ”
EFF believes that the disappearance of the function from the Android operating system is a very disturbing sign. The absence of such a function represents a security hole in devices used by more than a billion people. It's amazing that even Apple solved this problem in iOS a few years ago.
“Just recently, it seemed that Google took care of this massive privacy issue,” writes EFF. - Now we have doubts. The only way to dispel doubts for Google is to immediately return the App Ops interface, and also to finalize it and supplement it with fundamentally important parts. ” Here is what should be added.
The Electronic Frontier Foundation recommends that ordinary users who care about the safety of their personal information while refraining from updating to Android 4.4.2. Although, in the same update, a number of security holes are being closed, so everyone will have to make a personal choice between privacy and security.
“Google, the right actions in this situation are obvious,” the Electronic Frontier Foundation appeals.
Unfortunately, with the release of Android 4.4.2 update, it was decided to cancel the changes made - and the App Ops section just disappeared from the settings. Google has stated that the feature was released "by mistake."
Update Android 4.4.2 was released this week, there is no possibility of setting permissions as such.
')
The Electronic Frontier Foundation turned to Google for comment and received an unexpected response. It turns out that this function was not planned to be released at all, it was experimental and got into the final release by accident. Changing permissions for some applications can disrupt their work, therefore, to ensure the integrity of the system, the experimental function was removed with the update of Android 4.4.2.
The Foundation for Electronic Frontiers was suspicious of this explanation. They believe that it can not be an excuse for removing a useful function instead of improving its work. “In many cases, a“ breakdown ”of an application when a ban is placed on geolocation, reading an address book or IMEI can be easily corrected, for example, by submitting an application with fake coordinates, an empty address book or an IMEI number consisting of zeros, the EFF said. - Alternatively, Google could have added to the developer documentation that such API calls might not work for privacy reasons, so the program should provide an exception for this case. A good compromise would be to use fake data for older versions of the Android API and well-defined exceptions in future versions of the API . As with other changes in Android devices and new OS versions, some developers will simply make minor changes to the program code. ”
EFF believes that the disappearance of the function from the Android operating system is a very disturbing sign. The absence of such a function represents a security hole in devices used by more than a billion people. It's amazing that even Apple solved this problem in iOS a few years ago.
“Just recently, it seemed that Google took care of this massive privacy issue,” writes EFF. - Now we have doubts. The only way to dispel doubts for Google is to immediately return the App Ops interface, and also to finalize it and supplement it with fundamentally important parts. ” Here is what should be added.
- The ability to disable tracking features (phone numbers, IMEI, other account information) for all applications at once.
- The ability to completely disable Internet access for individual applications. Obviously, many applications, such as a flashlight, wallpaper, interface skins, many games, simply do not need Internet access, and attackers take advantage of this vulnerability.
- Interface App Ops should be improved and properly integrated into the main interface of the OS, including the "Settings" section - "Applications" and the Play Store interface.
The Electronic Frontier Foundation recommends that ordinary users who care about the safety of their personal information while refraining from updating to Android 4.4.2. Although, in the same update, a number of security holes are being closed, so everyone will have to make a personal choice between privacy and security.
“Google, the right actions in this situation are obvious,” the Electronic Frontier Foundation appeals.
Source: https://habr.com/ru/post/205950/
All Articles