Pick your poison - which Android Version is the least insecure?

Discuss The Products
1

Reading through different topics in the forum I often found posts about security concerns of different FP users taking decisions upon this issue.

Now, Android is close to free for anyone to use. But this is not only because it is some kind of Linux derivative.

Users today must not be naive believing Google has got that fat because they launched one of the first usable search engines 20 years ago.

Recently I could read on the net that (big) “data” is the new (digital) currency rising.
Different companies are running their business making lots of money with it someone couldn´t imagine.

The more personal and sensitive data is the higher the value is. Bank data, health data etc.
So there are concerned users out there considering if Lollipop, Marshmallow or Nougat would be the best joice…aha…:astonished:

Guess who is maintaining and developing all of them?
So who actually has his hands on them?

I assume there is no Android user out there without Google account. And some of them also use the available cloud space, puh…
We are making it so easy for them…
Also many are using their email app and account regularly…let alone what users do via their handsets - like online banking…:pensive: The latter I simply think is highly risky and crucial.

I do believe most users did not entirely read all of the companies terms of business/service. Often it is promissed that your data is protected (for whom/by whom??), but anyway it is massively collected in the background (just watch your data traffic using an (Android) firewall).

The best way to keep your data protected is to simply keep it wherever possible under your direct control and safety.

Furthermore there are users of cloud services giving whatever data directly to the provider. There is still a markable offset between what´s written/agreed on and what the company actually does with your data (Yahoo??)

Some providers not only give you tiny 10 GB of cloud space, but massive 100GB!! (Telekom). What for? A 100GB
mechanical HD still is about 50-100€. Maybe data storage is for free at some point, but I have doubts.

Internet providers usually offer free email accounts, (and a free background meta scan service) many customers don´t even know of.
That is also a statement of the “Startmail” service.

A bit of common sense could help, but it would also be inconvenient.
Using my brains…OMG - hell no!

This is only half of the truth. It is not only Google making money, but the programmers of different apps too.
So whom you would put more trust in? A global company or a single less known programmer from somewhere around the world promissing whatever as long as his app is used?

We have a nice feature in FP2 called “privacy impact”. But I believe it is too inconvenient for many users to keep it active.
But again reading each and every time all of the requested permissions from an app also could turn out as annoyance.

So often apps are installed requesting lots of permission not necessarily needed but simply ignored as long as the app or the game runs.

More central in this issue are updates for the OS version. FP2 receives them on a monthly basis. So I think actually there is not much more that can be done for OS security.
But I know users with Marshmallow phones receiving updates only every few months. And in between??? No security? Shouldn´t the phone be used until updated?
So is there a higher security over Lollipop even if not being updates just as often??
Again this clearly shows that security is not necessarily an OS only question and should be put into consideration.

I think as long as we are dealing with FPOS/Lollipop and Google any security aspects can be held on a rational basis.
Our data is only as secure as Google (respectively other companies/programmers out there in the big “data” business) let it to be.
Maybe unknown third party data collectors have some more struggle with more state-ot-the-art OS.

After all considerations like “will I rather have Lollipop, Marshmallow or Nougat” are as senseful as having the choice between cancer, cholera or aids (no specific order intended).

1 Like
2

Have you never heard about livingwogoogle?

5 Likes
3

Yup, those google-avoiding-cavemen exist. Here is another one… :wink:

This means also to block the anoying google-analytics-scriptin the browser thats running in this otherwise nice forum…

7 Likes
4

Hm, not yet. I do read alot about keeping the device as Google clean as possible.
Keeping an Android system completely Google free sounds abnormal. I did not expect it to be doable. But also never done any research on it. Never met an Android user of this “individual” type.
Obviously my assumption was wrong.

1 Like
5

I’m #livingwogoogle since 2014. :sunglasses:

4 Likes
6

2013 here, I think. Google remotelly force-installing Google Play Services on every live Android in the world at Q3 2012 made me do the jump.

Edit: Yeah, that’s the year I bought my now-death Nexus 4, first phone I completely freed from Google (ironic!)

Yeah, it has a lot of obstacles. You can read really useful info about this on this awesome article:

In fact, Google is beating us on some wars… because they are the powerful. Harming alternative syncronization or obstructing alternative location providers, for example.

I’m preparing a talk about livingwogoogle for a local audience and I’ve been compiling information this week.

7 Likes
7

I am also trying to be #livingwogoogle. Therefore I use DuckDuckGo and several privacy-related browser plugins, Autistici/Inventati as a mail rovider and Syncthing as a cloud alternative, but most important(ly?) Fairphone #openos (with OpenGApps though, but I restricted them with XPrivacy). You should definitely give this a try since you still have access to the Play Store and al of it the advyntages, but without most of the disadvantages (e.g. snoping in your contact list accessing the camera, etc.)! :slight_smile:

8

No google for me either :wink: Not on the phone, not on the (Linux) PC.

9

The least insecure Android would probably be android 7
I know, it packs even more Googly stuff, but from the security point of view, it packs al the latest security fixes, modern architecture and the permission management from android 6.
From the privacy point of view, the most secure (smartphone) OS is…Replicant i think ? (fully open source version of the AOSP), no blobs, no obscure code…bare metal !
If we want to stay on more “normal” things, FPOOS and Xprivacy would be quietly secure !
iOS is, privacy wise, very secure, you are giving all your datas to Apple only (instead of, for android : Google, samsung, microsoft, all the preinstalled crap also…), and iOS device are much much less “talkative” (a magazine called CPC hardware, sniffed phones to see what they were sending)

About the Cloud : best way to have convenience and privacy is using you “own” cloud, with “owncloud” for example (or NextCloud, its even better).
For cloud providers, the HDD cost doesn’t matter (for 100€ you have 2 To, and there is lesser space available than space sold !) :), its the infrastructure that cost a lot !
Some companies, (like apple) encrypt your data with your password, which means they normally can’t see what’s inside .

About the security update , we have to say this, Fairphone is making a hell of a great job at it ! the only phones that have monthly security updates are probably Fairphones and Nexus devices, big thumbs up ! but as for the others, yeah, they are given much less updates, but it’s not because a security fix has been published that there is a massive security leak ! for almost all patches, the exploit is not used.
using a device on android 4.2 is probably fine as long as you don’t install shady apps or go to strange websites (but still, its very far from ideal)

About the data : yeah, big data is a big thing, but take into consideration that its mostly anonymized, bulk datas, companies are…for the moment…trying to find ways to attract a lot of people, and they are searching for common things among the masses and heavy duty optimization, they don’t really care about your little person…excepted when it come to ads (but it’s much more easier for us to get rid of it)

(i’m not really sure about this paragraph, please correct me !)
About Google, and his android involvement, yeah, its bad, but no, google don’t care about your bank account …and can’t access it, as far a i understood :
All apps are running inside a sandbox, named ART (or Dalvik), wich give them access to what they ask (the permissions), and the OS can’t really have a word about what is going on inside (except kill it, limit it or other stuff like that), but, even if it can read what going outside (as its the OS that making I/O), bank (and a lot of apps) are using encrypted connections (normally, or it’s really badly coded), so google won’t see anything relevant. (yeah, it could record the screen output, and interprets data to make word etc…but that’s highly improbable :stuck_out_tongue:
(i’m not really sure about this paragraph, please correct me !)

My point of view about security and privacy :

  • Encrypt as much data as possible
  • Store as much data as possible on local storage, use sync systems (owncloud)
  • Never use the same password twice
  • Always keep your things updated
  • Always try to find open source alternatives
  • Untick all the boxes
  • Don’t be an idiot when web-browsing (do you really need to give your birthday date to a forum ?)

With that in mind, i think my “data value” is pretty low, and i’m protected from most of hack and cracks.

All that i said is from MY point of view and experience, i maybe wrong, but that’s how i see it.

4 Likes
10

This topic was automatically closed 182 days after the last reply. New replies are no longer allowed.