Archive for the ‘mobile’ Category

SIM flaw makes a case for a Secure Mobile Container

Friday, August 2nd, 2013

Posted some commentary on Bitzer Mobile blog why this moving target of security makes a case for Secure Mobile Container.

Vulnerability in a mobile phone could be beyond just the algorithm, it could be architectural. For example, in the vulnerability researched by Karsten, it is not just the algorithm but the way the phone rejected an unencrypted message by sending an error code along with the card’s 56-bit private key. The private key is decrypted which is then used to create a malicious but “valid” binary SMS message. The attacker modifies the stored data and potentially accesses other areas of the phone which may contain sensitive user data and applications.

Google is being too nice and humble with Android

Wednesday, December 22nd, 2010

Engineers are humble. Take a problem to them, they would leave everything else and start debugging together. You can use their code for free (with the comments intact). They’ll accept the bugs and maybe even tell you beforehand about the bug which is not on the list. They’ll even create a single-use prototype for the benefit of other people. Google is that engineer who wrote Android.

Carriers & vendors are manipulating Android to push their own agenda and Google who could be the cop is just playing an ombudsman.

The end consumers of Linux suffered because Torvalds is humble. Everybody screwed around with the source and companies monetized at the expense of users. There are 10 different ways of installing a small piece of software on any distro. We know the Linux story. I fear that could be the Android story as well.

In the US, Verizon is pushing it’s own version of apps, screens,  and if I have read it right elsewhere, one of them does not carry the Google search app. Why can’t Google call the chops a la what ‘Intel Inside’ did for PCs? Why a buyer in India does not need to know that a Micromax mobile carrying Android is built by Google Engineers? Why the brilliant marketing campaign does not carry any Google branding?

Yes, it can be argued that the charter of Android is not to control what the carriers and vendors do to the phone. Isn’t seamless customer experience a big charter enough which Google can define?

It can also be argued that this is not scalable to build relationships with every phone vendor and telco. Good news, there are only 150-odd who are worthy of business in the markets which matter. Wouldn’t Micromax give a warm welcome to an Android engineer? Any help from a large company, plus, the permission to use the logo is always welcome!

Android does not want to be iOS, but it cannot be Linux  either. It needs to find a middle ground; maybe it needs to learn from the Intel ecosystem. Intel does not leave it on to ISVs to shuffle the chips but controls the whole ecosystem inside the PC. Intel was reportedly not nice to it’s partners. As a consumer I’m not bothered whose arms gets twisted–I need my clean screens with apps I can trust.

More than Android, Google–the brand, is losing opportunity to get into the minds of buyers for whom the phone is the first computing device. Being nice is not serving the purpose of users; Android is just a year old, it’s time to call the shots and establish some rules. Carriers do not have a choice and Google has to realize that. If it continues to be nice, I fear it would end up being the project coordinator.

Disclaimer: Using Linus’s effort is to prove a point and to wake Google up–not an attempt at taking pot-shots. He is a Deva for every engineer.

Related post: