If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below. |
|
|
|
Thread Tools | Rate Thread | Display Modes |
#16
|
|||
|
|||
Game-over HTTPS defects in dozens of Android apps expose user passwords
Slimer wrote:
On 2015-06-21 1:53 AM, VanguardLH wrote: Slimer wrote: On 2015-06-20 10:49 PM, VanguardLH wrote: Slimer wrote: Remember kids, Linux is _secure_ and Android is the best evidence of that: http://feeds.arstechnica.com/~r/arstechnica/index/~3/pe9l4loZCRk/ snipped the plagarized article Do you often shoot yourself in your own foot? Android OS is Linux. So Linux (the variant of which you don't bother to mention) is secure but Linux (Android OS) is not secure. Uh huh. Looks like you wanted to slam Windows but hit the wrong target. My reading of the article says the *apps* are ****ed up by *them* not using HTTPS, not there is a problem in the Linux-based Android OS. The point here is that Google Play, the store from which Android users get their software, is dishing out insecure software which allows for their passwords to be stolen. People like to say that Windows is a magnet for malware, but here is evidence that Android is the mobile equivalent of a malware magnet. You're right, this doesn't point to a problem with the Linux kernel, but it DOES point to a problem with the Android ecosystem which is continuously showing people that it has no interest in providing a stable, secure and safe environment for users. So what's new? The Mozilla plug-ins site is dishing out tons of add-ons that are crap code, spyware (sometimes announced, sometimes not), conflicts with other add-ons (to reduce stability), have been abandoned, or have severe problems. Mozilla claims to have a review process but it doesn't seem much effective to ensure a source of stable, non- conflicting, and supported plug-ins. Sourceforge.net is rifled with abandonware, works in progress (that are distributed as finished products but are not), and other crapware. Every download site (Cnet, Softpedia, etc) has crapware, spyware, adware, and badly coded programs. Microsoft pushes updates that cause severe problem, even to the point of prevent the bootup of Windows. The drivers pushed by Windows Update may not even be for your hardware or the correct version of it. The Microsoft Store carries programs that obviously Microsoft didn't write. You can get Far Cry games through the Microsoft store and they have bugs that can not only crash the game but halt the OS even after applying patches. I doubt that everything at the Apple Store is "clean". Even with review process, if present, asking a software distribution center to ensure all software from their site that is written by someone else is like asking your ISP to ensure that all web traffic to your host is safe, not in a category you find offensive, and is always legal. That's not really their job. Actually yes, it IS their bug to make sure that any software being made available in the Store isn't malware. It is ridiculous for you to claim otherwise. It's known as quality control, something sorely lacking in American enterprises nowadays. Only because you want someone to usurp the role of your parent. You think someone else is supposed to protect you. How much have you paid Google for that protection? About as much as you did your parents. The apps are NOT Google's products to regulate. You want Google to perform quality control on code that isn't there own. Doesn't matter in what country exists a software store. Some may have a review process, some will run submitted programs through AV scans, and some may have a feedback process for users to report problems with the software outside the scope of reporting problems to the software author. Despite you wanting your parent to continue shielding you from the bad world, it is not the job or responsibility of Google, Cnet, Softpedia, or other software store to perform code reviews. One, they may not have access to the code. Two, that would require a huge programmer staff to perform disassembly or code analysis. Three, just how much are you paying these software stores to protect you under ANY condition? I suppose you think LifeLock should provide their services for free, too. If you want the protection you claim others should provide you then go hire a team of code analysts. Good luck finding any that will work for free. So, when you buy a television at a retail store, go home and plug it in, and it explodes causing you injury, you really think the store is at fault for not opening the shipping carton, running the television through a series of quality, durability, and protection tests, and then re-box the television so then it is safer for you to purchase? Uh huh. |
Ads |
#17
|
|||
|
|||
Game-over HTTPS defects in dozens of Android apps expose userpasswords
On 2015-06-21 8:22 PM, VanguardLH wrote:
Slimer wrote: On 2015-06-21 1:53 AM, VanguardLH wrote: Slimer wrote: On 2015-06-20 10:49 PM, VanguardLH wrote: Slimer wrote: Remember kids, Linux is _secure_ and Android is the best evidence of that: http://feeds.arstechnica.com/~r/arstechnica/index/~3/pe9l4loZCRk/ snipped the plagarized article Do you often shoot yourself in your own foot? Android OS is Linux. So Linux (the variant of which you don't bother to mention) is secure but Linux (Android OS) is not secure. Uh huh. Looks like you wanted to slam Windows but hit the wrong target. My reading of the article says the *apps* are ****ed up by *them* not using HTTPS, not there is a problem in the Linux-based Android OS. The point here is that Google Play, the store from which Android users get their software, is dishing out insecure software which allows for their passwords to be stolen. People like to say that Windows is a magnet for malware, but here is evidence that Android is the mobile equivalent of a malware magnet. You're right, this doesn't point to a problem with the Linux kernel, but it DOES point to a problem with the Android ecosystem which is continuously showing people that it has no interest in providing a stable, secure and safe environment for users. So what's new? The Mozilla plug-ins site is dishing out tons of add-ons that are crap code, spyware (sometimes announced, sometimes not), conflicts with other add-ons (to reduce stability), have been abandoned, or have severe problems. Mozilla claims to have a review process but it doesn't seem much effective to ensure a source of stable, non- conflicting, and supported plug-ins. Sourceforge.net is rifled with abandonware, works in progress (that are distributed as finished products but are not), and other crapware. Every download site (Cnet, Softpedia, etc) has crapware, spyware, adware, and badly coded programs. Microsoft pushes updates that cause severe problem, even to the point of prevent the bootup of Windows. The drivers pushed by Windows Update may not even be for your hardware or the correct version of it. The Microsoft Store carries programs that obviously Microsoft didn't write. You can get Far Cry games through the Microsoft store and they have bugs that can not only crash the game but halt the OS even after applying patches. I doubt that everything at the Apple Store is "clean". Even with review process, if present, asking a software distribution center to ensure all software from their site that is written by someone else is like asking your ISP to ensure that all web traffic to your host is safe, not in a category you find offensive, and is always legal. That's not really their job. Actually yes, it IS their bug to make sure that any software being made available in the Store isn't malware. It is ridiculous for you to claim otherwise. It's known as quality control, something sorely lacking in American enterprises nowadays. Only because you want someone to usurp the role of your parent. You think someone else is supposed to protect you. How much have you paid Google for that protection? About as much as you did your parents. If I BOUGHT their phone, I DO expect some sort of protection. How much did I pay? How much does a phone cost usually? $500 to $1,000? Yeah, I expect something out of that. The apps are NOT Google's products to regulate. You want Google to perform quality control on code that isn't there own. Doesn't matter in what country exists a software store. Some may have a review process, some will run submitted programs through AV scans, and some may have a feedback process for users to report problems with the software outside the scope of reporting problems to the software author. Despite you wanting your parent to continue shielding you from the bad world, it is not the job or responsibility of Google, Cnet, Softpedia, or other software store to perform code reviews. One, they may not have access to the code. Two, that would require a huge programmer staff to perform disassembly or code analysis. Three, just how much are you paying these software stores to protect you under ANY condition? I suppose you think LifeLock should provide their services for free, too. If you want the protection you claim others should provide you then go hire a team of code analysts. Good luck finding any that will work for free. So, when you buy a television at a retail store, go home and plug it in, and it explodes causing you injury, you really think the store is at fault for not opening the shipping carton, running the television through a series of quality, durability, and protection tests, and then re-box the television so then it is safer for you to purchase? Uh huh. I assume that you also believe that it isn't the car manufacturer's responsibility to make sure that the car doesn't cause an accident which kills the owner. You have a very bizarre way at looking at products and the responsibility a manufacturer holds towards them. -- Slimer Proud "wintroll" Encrypt. |
#18
|
|||
|
|||
Game-over HTTPS defects in dozens of Android apps expose user passwords
Slimer wrote:
On 2015-06-21 8:22 PM, VanguardLH wrote: Slimer wrote: On 2015-06-21 1:53 AM, VanguardLH wrote: Slimer wrote: On 2015-06-20 10:49 PM, VanguardLH wrote: Slimer wrote: Remember kids, Linux is _secure_ and Android is the best evidence of that: http://feeds.arstechnica.com/~r/arstechnica/index/~3/pe9l4loZCRk/ snipped the plagarized article Do you often shoot yourself in your own foot? Android OS is Linux. So Linux (the variant of which you don't bother to mention) is secure but Linux (Android OS) is not secure. Uh huh. Looks like you wanted to slam Windows but hit the wrong target. My reading of the article says the *apps* are ****ed up by *them* not using HTTPS, not there is a problem in the Linux-based Android OS. The point here is that Google Play, the store from which Android users get their software, is dishing out insecure software which allows for their passwords to be stolen. People like to say that Windows is a magnet for malware, but here is evidence that Android is the mobile equivalent of a malware magnet. You're right, this doesn't point to a problem with the Linux kernel, but it DOES point to a problem with the Android ecosystem which is continuously showing people that it has no interest in providing a stable, secure and safe environment for users. So what's new? The Mozilla plug-ins site is dishing out tons of add-ons that are crap code, spyware (sometimes announced, sometimes not), conflicts with other add-ons (to reduce stability), have been abandoned, or have severe problems. Mozilla claims to have a review process but it doesn't seem much effective to ensure a source of stable, non- conflicting, and supported plug-ins. Sourceforge.net is rifled with abandonware, works in progress (that are distributed as finished products but are not), and other crapware. Every download site (Cnet, Softpedia, etc) has crapware, spyware, adware, and badly coded programs. Microsoft pushes updates that cause severe problem, even to the point of prevent the bootup of Windows. The drivers pushed by Windows Update may not even be for your hardware or the correct version of it. The Microsoft Store carries programs that obviously Microsoft didn't write. You can get Far Cry games through the Microsoft store and they have bugs that can not only crash the game but halt the OS even after applying patches. I doubt that everything at the Apple Store is "clean". Even with review process, if present, asking a software distribution center to ensure all software from their site that is written by someone else is like asking your ISP to ensure that all web traffic to your host is safe, not in a category you find offensive, and is always legal. That's not really their job. Actually yes, it IS their bug to make sure that any software being made available in the Store isn't malware. It is ridiculous for you to claim otherwise. It's known as quality control, something sorely lacking in American enterprises nowadays. Only because you want someone to usurp the role of your parent. You think someone else is supposed to protect you. How much have you paid Google for that protection? About as much as you did your parents. If I BOUGHT their phone, I DO expect some sort of protection. How much did I pay? How much does a phone cost usually? $500 to $1,000? Yeah, I expect something out of that. The apps are NOT Google's products to regulate. You want Google to perform quality control on code that isn't there own. Doesn't matter in what country exists a software store. Some may have a review process, some will run submitted programs through AV scans, and some may have a feedback process for users to report problems with the software outside the scope of reporting problems to the software author. Despite you wanting your parent to continue shielding you from the bad world, it is not the job or responsibility of Google, Cnet, Softpedia, or other software store to perform code reviews. One, they may not have access to the code. Two, that would require a huge programmer staff to perform disassembly or code analysis. Three, just how much are you paying these software stores to protect you under ANY condition? I suppose you think LifeLock should provide their services for free, too. If you want the protection you claim others should provide you then go hire a team of code analysts. Good luck finding any that will work for free. So, when you buy a television at a retail store, go home and plug it in, and it explodes causing you injury, you really think the store is at fault for not opening the shipping carton, running the television through a series of quality, durability, and protection tests, and then re-box the television so then it is safer for you to purchase? Uh huh. I assume that you also believe that it isn't the car manufacturer's responsibility to make sure that the car doesn't cause an accident which kills the owner. You have a very bizarre way at looking at products and the responsibility a manufacturer holds towards them. Now you're trying to obfuscate the seller from the maker. Notice now you are relating how the MANUFACTURER of the product is responsible for its performance. So use the same logic for the Android apps. Yep, the DEVELOPER of the apps is the one responsible for it not using a secure login. Google does not manufacture the apps at its store. So go blame the manufacturer just like you did in your example above. |
#19
|
|||
|
|||
Game-over HTTPS defects in dozens of Android apps expose userpasswords
On 2015-06-21 10:33 PM, VanguardLH wrote:
Slimer wrote: On 2015-06-21 8:22 PM, VanguardLH wrote: Slimer wrote: On 2015-06-21 1:53 AM, VanguardLH wrote: Slimer wrote: On 2015-06-20 10:49 PM, VanguardLH wrote: Slimer wrote: Remember kids, Linux is _secure_ and Android is the best evidence of that: http://feeds.arstechnica.com/~r/arstechnica/index/~3/pe9l4loZCRk/ snipped the plagarized article Do you often shoot yourself in your own foot? Android OS is Linux. So Linux (the variant of which you don't bother to mention) is secure but Linux (Android OS) is not secure. Uh huh. Looks like you wanted to slam Windows but hit the wrong target. My reading of the article says the *apps* are ****ed up by *them* not using HTTPS, not there is a problem in the Linux-based Android OS. The point here is that Google Play, the store from which Android users get their software, is dishing out insecure software which allows for their passwords to be stolen. People like to say that Windows is a magnet for malware, but here is evidence that Android is the mobile equivalent of a malware magnet. You're right, this doesn't point to a problem with the Linux kernel, but it DOES point to a problem with the Android ecosystem which is continuously showing people that it has no interest in providing a stable, secure and safe environment for users. So what's new? The Mozilla plug-ins site is dishing out tons of add-ons that are crap code, spyware (sometimes announced, sometimes not), conflicts with other add-ons (to reduce stability), have been abandoned, or have severe problems. Mozilla claims to have a review process but it doesn't seem much effective to ensure a source of stable, non- conflicting, and supported plug-ins. Sourceforge.net is rifled with abandonware, works in progress (that are distributed as finished products but are not), and other crapware. Every download site (Cnet, Softpedia, etc) has crapware, spyware, adware, and badly coded programs. Microsoft pushes updates that cause severe problem, even to the point of prevent the bootup of Windows. The drivers pushed by Windows Update may not even be for your hardware or the correct version of it. The Microsoft Store carries programs that obviously Microsoft didn't write. You can get Far Cry games through the Microsoft store and they have bugs that can not only crash the game but halt the OS even after applying patches. I doubt that everything at the Apple Store is "clean". Even with review process, if present, asking a software distribution center to ensure all software from their site that is written by someone else is like asking your ISP to ensure that all web traffic to your host is safe, not in a category you find offensive, and is always legal. That's not really their job. Actually yes, it IS their bug to make sure that any software being made available in the Store isn't malware. It is ridiculous for you to claim otherwise. It's known as quality control, something sorely lacking in American enterprises nowadays. Only because you want someone to usurp the role of your parent. You think someone else is supposed to protect you. How much have you paid Google for that protection? About as much as you did your parents. If I BOUGHT their phone, I DO expect some sort of protection. How much did I pay? How much does a phone cost usually? $500 to $1,000? Yeah, I expect something out of that. The apps are NOT Google's products to regulate. You want Google to perform quality control on code that isn't there own. Doesn't matter in what country exists a software store. Some may have a review process, some will run submitted programs through AV scans, and some may have a feedback process for users to report problems with the software outside the scope of reporting problems to the software author. Despite you wanting your parent to continue shielding you from the bad world, it is not the job or responsibility of Google, Cnet, Softpedia, or other software store to perform code reviews. One, they may not have access to the code. Two, that would require a huge programmer staff to perform disassembly or code analysis. Three, just how much are you paying these software stores to protect you under ANY condition? I suppose you think LifeLock should provide their services for free, too. If you want the protection you claim others should provide you then go hire a team of code analysts. Good luck finding any that will work for free. So, when you buy a television at a retail store, go home and plug it in, and it explodes causing you injury, you really think the store is at fault for not opening the shipping carton, running the television through a series of quality, durability, and protection tests, and then re-box the television so then it is safer for you to purchase? Uh huh. I assume that you also believe that it isn't the car manufacturer's responsibility to make sure that the car doesn't cause an accident which kills the owner. You have a very bizarre way at looking at products and the responsibility a manufacturer holds towards them. Now you're trying to obfuscate the seller from the maker. Notice now you are relating how the MANUFACTURER of the product is responsible for its performance. So use the same logic for the Android apps. Yep, the DEVELOPER of the apps is the one responsible for it not using a secure login. Google does not manufacture the apps at its store. So go blame the manufacturer just like you did in your example above. I would blame the developer too, but Google has a reputation to uphold and the fact that it allowed those developers to sell such insecure software and its malware becomes their fault as a middleman. If they want to sell their store as being a "safe" place, it makes sense that they would actually verify the quality of the software within it at some point. The fact that they didn't makes Google look just as bad as the developer. -- Slimer Proud "wintroll" Encrypt. |
#20
|
|||
|
|||
Game-over HTTPS defects in dozens of Android apps expose userpasswords
Slimer wrote:
On 2015-06-21 10:33 PM, VanguardLH wrote: Slimer wrote: On 2015-06-21 8:22 PM, VanguardLH wrote: Slimer wrote: On 2015-06-21 1:53 AM, VanguardLH wrote: Slimer wrote: On 2015-06-20 10:49 PM, VanguardLH wrote: Slimer wrote: Remember kids, Linux is _secure_ and Android is the best evidence of that: http://feeds.arstechnica.com/~r/arstechnica/index/~3/pe9l4loZCRk/ snipped the plagarized article Do you often shoot yourself in your own foot? Android OS is Linux. So Linux (the variant of which you don't bother to mention) is secure but Linux (Android OS) is not secure. Uh huh. Looks like you wanted to slam Windows but hit the wrong target. My reading of the article says the *apps* are ****ed up by *them* not using HTTPS, not there is a problem in the Linux-based Android OS. The point here is that Google Play, the store from which Android users get their software, is dishing out insecure software which allows for their passwords to be stolen. People like to say that Windows is a magnet for malware, but here is evidence that Android is the mobile equivalent of a malware magnet. You're right, this doesn't point to a problem with the Linux kernel, but it DOES point to a problem with the Android ecosystem which is continuously showing people that it has no interest in providing a stable, secure and safe environment for users. So what's new? The Mozilla plug-ins site is dishing out tons of add-ons that are crap code, spyware (sometimes announced, sometimes not), conflicts with other add-ons (to reduce stability), have been abandoned, or have severe problems. Mozilla claims to have a review process but it doesn't seem much effective to ensure a source of stable, non- conflicting, and supported plug-ins. Sourceforge.net is rifled with abandonware, works in progress (that are distributed as finished products but are not), and other crapware. Every download site (Cnet, Softpedia, etc) has crapware, spyware, adware, and badly coded programs. Microsoft pushes updates that cause severe problem, even to the point of prevent the bootup of Windows. The drivers pushed by Windows Update may not even be for your hardware or the correct version of it. The Microsoft Store carries programs that obviously Microsoft didn't write. You can get Far Cry games through the Microsoft store and they have bugs that can not only crash the game but halt the OS even after applying patches. I doubt that everything at the Apple Store is "clean". Even with review process, if present, asking a software distribution center to ensure all software from their site that is written by someone else is like asking your ISP to ensure that all web traffic to your host is safe, not in a category you find offensive, and is always legal. That's not really their job. Actually yes, it IS their bug to make sure that any software being made available in the Store isn't malware. It is ridiculous for you to claim otherwise. It's known as quality control, something sorely lacking in American enterprises nowadays. Only because you want someone to usurp the role of your parent. You think someone else is supposed to protect you. How much have you paid Google for that protection? About as much as you did your parents. If I BOUGHT their phone, I DO expect some sort of protection. How much did I pay? How much does a phone cost usually? $500 to $1,000? Yeah, I expect something out of that. The apps are NOT Google's products to regulate. You want Google to perform quality control on code that isn't there own. Doesn't matter in what country exists a software store. Some may have a review process, some will run submitted programs through AV scans, and some may have a feedback process for users to report problems with the software outside the scope of reporting problems to the software author. Despite you wanting your parent to continue shielding you from the bad world, it is not the job or responsibility of Google, Cnet, Softpedia, or other software store to perform code reviews. One, they may not have access to the code. Two, that would require a huge programmer staff to perform disassembly or code analysis. Three, just how much are you paying these software stores to protect you under ANY condition? I suppose you think LifeLock should provide their services for free, too. If you want the protection you claim others should provide you then go hire a team of code analysts. Good luck finding any that will work for free. So, when you buy a television at a retail store, go home and plug it in, and it explodes causing you injury, you really think the store is at fault for not opening the shipping carton, running the television through a series of quality, durability, and protection tests, and then re-box the television so then it is safer for you to purchase? Uh huh. I assume that you also believe that it isn't the car manufacturer's responsibility to make sure that the car doesn't cause an accident which kills the owner. You have a very bizarre way at looking at products and the responsibility a manufacturer holds towards them. Now you're trying to obfuscate the seller from the maker. Notice now you are relating how the MANUFACTURER of the product is responsible for its performance. So use the same logic for the Android apps. Yep, the DEVELOPER of the apps is the one responsible for it not using a secure login. Google does not manufacture the apps at its store. So go blame the manufacturer just like you did in your example above. I would blame the developer too, but Google has a reputation to uphold and the fact that it allowed those developers to sell such insecure software and its malware becomes their fault as a middleman. If they want to sell their store as being a "safe" place, it makes sense that they would actually verify the quality of the software within it at some point. The fact that they didn't makes Google look just as bad as the developer. I am totally amazed that You think Google and Microsoft really care what You think.They are totally about money and the user be damned. |
#21
|
|||
|
|||
Game-over HTTPS defects in dozens of Android apps expose user passwords
Slimer wrote:
I would blame the developer too, but Google has a reputation to uphold Perhaps Google has different reputation on different continents. When you obtain a program, its license typically includes statements to indemnify the author from harm to the licensee by the program. In this case, Google doesn't have to write an indemnification clause in their TOS because the apps weren't written by them. and the fact that it allowed those developers to sell such insecure software and its malware becomes their fault as a middleman. You've never bought a car or understand how recalls work? The retailer from whom you bought the car is not responsible for defects in the car. The manufacturer remains responsible. When you take a recalled car to the dealer, they do the service but they *bill* the manufacturer. If middlemen were responsible for everything they sold then no one would sell anything made by someone else. You'd have to get your snowblower direct from the manufacturer. You'd have to buy the materials used to build your house direct from the manufacturer. You'd have to buy your car direct from the manufacturer. Commerce doesn't work that way. You're playing the uber-liberal where everyone must be responsible for the actions by one. If they want to sell their store as being a "safe" place, it makes sense that they would actually verify the quality of the software within it at some point. The fact that they didn't makes Google look just as bad as the developer. They may have a reputation they want to uphold but that does not make them legally or even morally responsible for code with which they were never involved. Read their Terms of Service. No where do they guarantee the safety or protection of you when using apps that they distribute. Uber-liberalism promotes passing the buck. The one responsible is the one who wrote the code. Focus on them. No one else is at blame. If they do any scanning or diagnosis of what they distribute then that is at their expense and also their choice. So the author is responsible but you don't know how to target them so you go after the distributor who was never involved in the code. The apps would become prohitively expensive if Google were to hire a team of programmers to disassemble the apps to do the software QA that was lacking by the author. And since your ISP was the transport for you getting those bad apps then they must be responsible, too. And the maker of your modem, router, and computer must be responsible because they allowed that "bad" program onto your computer. And the OS maker must be at fault for not integrating a debugger that sends the code to a team of diagnostic and testing engineers to verify the program is safe for you to use. And on down the line to blame everyone but the one who is at fault: the program's owner/author/coder. No one told you the Internet is a scary place? |
#22
|
|||
|
|||
Game-over HTTPS defects in dozens of Android apps expose user passwords
If you have the time and inclination, you might want to read:
http://developer.android.com/distrib...lity/core.html Go through the various categories listed in the left pane. They describe what the DEVELOPER is supposed to do. Google does NOT perform code review. How would they know an app logs in to some site? How would they know if the app was supposed to use HTTP or HTTPS to log into sites (that they don't know about)? How would they know if the only the login credentials were to be encrypted or the entire web session? Google is not the developer. They don't waste their time checking the operation of the apps. They probably do run them through anti-virus scanners. Scanning can be automatic. Code review is far from automatic or cheap. |
#23
|
|||
|
|||
Game-over HTTPS defects in dozens of Android apps expose userpasswords
On 2015-06-22 10:51 PM, VanguardLH wrote:
Slimer wrote: I would blame the developer too, but Google has a reputation to uphold Perhaps Google has different reputation on different continents. When you obtain a program, its license typically includes statements to indemnify the author from harm to the licensee by the program. In this case, Google doesn't have to write an indemnification clause in their TOS because the apps weren't written by them. But they were _DISTRIBUTED_ by them through a store that belongs to them. The person who bought the software or downloaded it did it through them. As such, Google is responsible for the stuff that they sell. If it is malware then Google - the company peddling the crap - is responsible. If it didn't want to be, it should have tested the software before deciding to deploy it. and the fact that it allowed those developers to sell such insecure software and its malware becomes their fault as a middleman. You've never bought a car or understand how recalls work? The retailer from whom you bought the car is not responsible for defects in the car. The manufacturer remains responsible. When you take a recalled car to the dealer, they do the service but they *bill* the manufacturer. The dealer represents the manufacturer. No matter how you look at it, buying from a dealer is the same as buying from the manufacturer directly. The dealer didn't build the car, but it is responsible for the crap it sells nonetheless. If it is faulty, it needs to repair, replace or refund the buyer. If that requires them in turn to request a refund from the manufacturer, that's fine. If middlemen were responsible for everything they sold then no one would sell anything made by someone else. You'd have to get your snowblower direct from the manufacturer. You'd have to buy the materials used to build your house direct from the manufacturer. You'd have to buy your car direct from the manufacturer. Commerce doesn't work that way. You're playing the uber-liberal where everyone must be responsible for the actions by one. I believe in manufacturers and their middlemen standing by the product. I'm not a liberal, simply a consumer with an expectation of quality. If they want to sell their store as being a "safe" place, it makes sense that they would actually verify the quality of the software within it at some point. The fact that they didn't makes Google look just as bad as the developer. They may have a reputation they want to uphold but that does not make them legally or even morally responsible for code with which they were never involved. Read their Terms of Service. No where do they guarantee the safety or protection of you when using apps that they distribute. Uber-liberalism promotes passing the buck. The one responsible is the one who wrote the code. Focus on them. No one else is at blame. If they do any scanning or diagnosis of what they distribute then that is at their expense and also their choice. So the author is responsible but you don't know how to target them so you go after the distributor who was never involved in the code. The apps would become prohitively expensive if Google were to hire a team of programmers to disassemble the apps to do the software QA that was lacking by the author. And since your ISP was the transport for you getting those bad apps then they must be responsible, too. And the maker of your modem, router, and computer must be responsible because they allowed that "bad" program onto your computer. And the OS maker must be at fault for not integrating a debugger that sends the code to a team of diagnostic and testing engineers to verify the program is safe for you to use. And on down the line to blame everyone but the one who is at fault: the program's owner/author/coder. No one told you the Internet is a scary place? If Google knows that an application is malware, it has a responsibility to remove it as quickly as possible. The fact that it doesn't shows that it simply doesn't care about the consumer. -- Slimer Proud "wintroll" Encrypt. |
#24
|
|||
|
|||
Game-over HTTPS defects in dozens of Android apps expose userpasswords
On 2015-06-23 3:35 AM, VanguardLH wrote:
If you have the time and inclination, you might want to read: http://developer.android.com/distrib...lity/core.html Go through the various categories listed in the left pane. They describe what the DEVELOPER is supposed to do. Google does NOT perform code review. How would they know an app logs in to some site? How would they know if the app was supposed to use HTTP or HTTPS to log into sites (that they don't know about)? How would they know if the only the login credentials were to be encrypted or the entire web session? Google is not the developer. They don't waste their time checking the operation of the apps. They probably do run them through anti-virus scanners. Scanning can be automatic. Code review is far from automatic or cheap. Which is why Google Play will forever be known as a peddler of malware. How the Hell are people supposed to take Linux-based Android phones seriously when they know that the company will make absolutely no effort whatsoever to protect them from security issues or malware? You've just shown the world that Android phones are to be avoided. Boy am I glad that I don't use one. -- Slimer Proud "wintroll" Encrypt. |
#25
|
|||
|
|||
Game-over HTTPS defects in dozens of Android apps expose user passwords
Slimer wrote:
Which is why Google Play will forever be known as a peddler of malware. How the Hell are people supposed to take Linux-based Android phones seriously when they know that the company will make absolutely no effort whatsoever to protect them from security issues or malware? You've just shown the world that Android phones are to be avoided. Boy am I glad that I don't use one. Which would also be true of every online store and download site. Not their responsibility to write the Functional Specification and Engineering Specification documents for a program. Not their job to do code reviews. Not their job to perform Software Quality Assurance. I've "just shown" that all software is to be avoided according to your logic of who is responsible for the code in a program. |
|
Thread Tools | |
Display Modes | Rate This Thread |
|
|