[Gllug] Smartphone security

[JLMS]

On 21 April 2011 12:55, Geo <caparo.g at gmail.com> wrote:
> On Thursday 21 April 2011 09:15:19 T Menezes wrote:
>> Hi,
>>
>> This morning, the Independent writes about iphones 'secretly' collecting
>> data of your whereabouts and storing it in unencrypted files.
>>
>> I have an Android phone, but the article raises the more general question
>> of smartphone security.
>>
>> How do you audit the security of your smartphone? In particular, what Linux
>> tools can be leveraged for Android phones?
>>
>> Never mind apps from dubious sources. How do you audit the security of the
>> vanilla system release?
>>
>> And how do you keep 'the badies' at bay? Any views on firewalls?
>>
>> TM
>
> TM,
>  having had a chat with someone who is in aposition to know:-
>
> QUOTE:-
> The bottom line is that you cannot trust ANY platform, so you need to find a
> platform whose author's motives roughly align with yours.  Apple is
> reasonably OK, RIM is OK enough to gain government approval, and anyone who
> is deluded by the fact that Google calls the platform "open" deserves the
> data loss they are begging for (a hint you get with any Android phone is that
> a LOT of apps require you to log in to Google before they work).
>
>  Let me remind you: *Google* is the one that really, really wants your data is
> is not above "accidentally" breaking the law to get it.  Having said that,
> Apple has something to answer for right now.
>
>  So, unlike others I prefer to avoid Android - it is the riskiest platform of
> all.
>
> UNQUOTE
>
> --
> C U
>   Geo


That does not make any sense to me.

Trust is based in openness. Neither Apple or RIM are open about their
platforms. With Android at the very least I could inspect the code to
see if anything is amiss.

As for many applications needing to login to Google to work, I would
be interested to know which ones are those.
--
Gllug mailing list  -  Gllug at gllug.org.uk
http://lists.gllug.org.uk/mailman/listinfo/gllug