web analytics

Home of my tech rants, free programs, and a story or two…

All aboard the fail boat…

Millions of Android devices are getting hit by a new batch of malware called Gooligan.
Android ‘Gooligan’ Hackers Just Scored The Biggest Ever Theft Of Google Accounts
http://arstechnica.com/security/2016/11/1-million-android-accounts-compromised-by-android-malware-called-gooligan/
Gooligan malware roots 1M Android phones in “largest Google account breach to date”

As the Forbes article mentioned…

Once downloaded, Gooligan determines which Android phone it’s infected and launches the appropriate exploits to “root” the device – i.e. take complete control over it. To do that, the attackers have used long-known vulnerabilities, such as VROOT and Towelroot, on devices running Android 4 through 5, including Jelly Bean, KitKat and Lollipop. Together, those operating systems account for 74 per cent of Android devices in use today, totalling around 1.03 billion. Most infections (40 per cent) are in Asia, though 19 per cent are in the Americas, most of which are in North America, Shaulov said. Another 12 per cent are based in Europe.

And I bet you’re all asking why? Yeah… it’s because your Android device hasn’t received any critical software updates. This is why I switched to the iPhone. The reason… security updates and operating system updates.

To those that don’t know about all of this, let me inform you. Your device has two major software layers; the operating system and the apps that you use like Facebook, email, web browser, etc. What many people see as updates are just app updates, these aren’t patching issues with the operating system itself (Android). The problem is many devices don’t get these operating system updates. Think of operating system updates like Windows Updates. Well… your apps may have been updated but your operating system is still very very vulnerable to being hacked by hackers to steal your data.

I bet you’re asking why. Why doesn’t my device get these updates? Simple. Money. That’s right… money. Your carrier and your Android OEM (Samsung, LG, HTC, etc.) would much rather have you buy a new device instead. But here’s the kicker… if you buy that new device they’re only going to turn around and do the same thing that they did to your older device, that is… abandon it only to tell you to buy a new device instead. This keeps you forever on the upgrade treadmill because it makes them money, truckloads of money.

Now, you may have heard about something called the Apple iPhone. The difference between Android and iPhones is that when Apple came out with the iPhone they pretty much told the carriers (AT&T, Verizon, etc.) that they were going to do things their way. They were going to push the software updates themselves. This allows Apple is be able to push software updates to every iPhone across the world so that your iPhone gets the latest and patched iOS version the same day that everyone across the world gets it so that your device remains far more secure than any Android.

Security experts agree… if you care about security and that data on your phone, you buy an iPhone. They may be more expensive but in the end your device is getting supported by Apple unlike Android in which they don’t care about you.

Not only that but if you have a problem or question a simple trip to the Apple Store or a phone call to Apple is all you need, they will help you figure out what’s wrong and help you fix it. You don’t get that kind of safety net with Android devices.

Open Android vs. Apple iPhone

I’m not denying that Android is more open and that it does allow for the user to change a lot of stuff but outside a small circle of geeks, most people don’t change a thing about their Android phones. Geeks like to say that on Android you can change your launcher, your default web browser, email client, text messaging app, image/photo viewer, music player, camera, phone app, calendar, and everything else under the sun. But let me tell you something… 99% of users that aren’t geeks don’t change a thing about their Android phones, heck… most people don’t even change their ring tone for God’s sake. Do you have any idea how many people still have the default T-Mobile ring tone? Yeah… lots of people.

For those people who really couldn’t care one bit about how their phones work and just want it work, an iPhone is the best choice. It gives that category of users everything that they could ever need right out of the box with little to no tweaking or adding of things. If there is one thing that Apple excels at more than anyone else in the industry, it is ease of use. Everything a normal person could ever want is already on an iPhone ready to be used the moment they pick it up.

And the best part is, the device is supported. If you have a problem or a question and you don’t know the answer and you would rather talk to someone and not just a faceless user on a forum, you can call Apple or walk into any Apple Store and talk to a Genius Bar person and they can walk you through on how to do something. There’s no safety net for Android users and their devices.

And best of all, every iPhone no matter where you are in the world, no matter the carrier, it gets iOS updates the same day that everyone across the world gets it. If you ask me, that’s a big huge plus in my book. Android is an absolute mess when it comes to software updates.

For geeks, yes, Android may very well be a better platform but for the vast majority of people who just want it to work… Apple is best. There’s no arguing this.

Why doesn’t my Android device enjoy the same updates that iPhone users enjoy? Part 2…

In Part 1 we talked about the economics of Android, namely the fact that Android is practically a money printing machine. In Part 2 we’re going to talk about the technical side of things and how the carriers in the US manage to screw things up royally for everyone involved.

In the United States the updates are not only being bogged down by the OEMs but by the carriers as well. So here is the process by which Android updates have to go through for users in the United States.

  1. New software released by Google.
  2. OEMs get the update which then they have to merge in any changes that Google made into their bastardized version Android that they’re using (TouchWiz, Sense, etc.) and hope to God that whatever Google changed didn’t break the whole house of cards in the process.
  3. The OEM sends the update pack to the carrier which the carrier then sends back to the OEM containing the changes they want added to it be it additional bloatware, carrier network changes, network additions like VoLTE, etc.
  4. The OEM then gets these change requests from the carrier and makes those changes.
  5. The OEM then sends what it thinks that the carrier wants the update to be like to the carrier which… oh wait, did you think it would be finalized now? Nope. The carriers then submit more changes to the OEM.
  6. The OEM does those changes and submits the changes back to the carrier.
  7. Repeat steps 3 through 6 a couple of times.
  8. And now finally, eight months later the end user finally gets the update only to have the whole entire shitty process start all over again when Google releases a new version of Android.

And now you know why Android phones are notorious for not getting updates on time in the United States.

Not only that but the OEMs also make it that much more difficult for themselves because they also make different variations of the same device. For instance, in Europe they have one model (using one processor) and in the United States they have another model (using another processor). So not only do they have to maintain Android distributions for every single carrier but distributions for every variation of the same device. Some carriers want added stuff in it like additional bloatware, settings, icons, etc. and another carrier wants different stuff. All in all, it’s a headache and a half to maintain.

So why can’t we all just have one variation of a device and be done with it much like Apple does? Well… we can’t do that in the Android world, everyone has to be different. Every device has to be different. We can’t have standardization. That would make Android more like Apple. But at the same time it would make things lot easier on the Android OEMs since they would only have to maintain one distribution of Android to be used on all of their hardware thus making and keeping devices up to date a relative breeze according to the mess that they have now.

Oh… and we have to tell the carriers to go f*** off. Something that Apple did from the very start. This is the way we’re going to do things and no one can tell us otherwise. This is why regardless of what carrier you have, regardless of where in the world you are, your iPhone will always get the same iOS updates on the same date.

Why doesn’t my Android device enjoy the same updates that iPhone users enjoy?

Alright, let’s get something straight here… I’m going to argue this topic purely from an economic point of view, not a technical one, but an economic point of view. With that being said, let’s continue…

When an Android OEM is about to come out with a new device what does the Android OEM do? Think about this for a moment. Have you thought about it?

When an Android OEM is about to come out with a new device they start off with a marketing blitz. In the case of Samsung (the OEM I’ve chosen for this blog post), they market the device as “The Next Big Thing”©. Why is that? I’ll give you some more time to think…

OK, time’s up. The reason why they do this is because this marketing strategy practically prints the cash for them. It practically hauls the cash in for the OEM by the semi-truck full. All they need to do is come out with a new device every year and it’s like a gold mine for the company.

So with that being said, we now ask the question which is also the title of this post. Why doesn’t my Android device enjoy the same updates that iPhone users enjoy?

To answer that question we have to think about the economics of Android. Android is a money printing machine for any company that makes Android devices. The hard work is already is done for them, the base OS is handed to them free of charge and not only that but they can modify it all they want and change it into whatever they want it to be. Not only that but every time an OEM releases a new model device it practically prints cash for them. So from a purely economic point of view, there’s no good business reason for the OEM to develop software updates for their older devices.

Let’s face some things here… If you were an executive in one of these OEMs, Samsung for instance. What would you rather do?

  1. Develop software updates for your older devices which not only costs the company money but also takes away from the R&D of new devices.
  2. Put the effort into making “The Next Big Thing”© which is pretty damn well guaranteed to bring in the cash like nobody’s business.

Hmm… if I were an executive which one of those choices would I choose? Choice #2 of course, silly.

So basically from a purely economic point of view there’s really no reason why the OEM should update your phone. They already have your money after all. The OEMs consider it a done deal the moment you hand over your cash.

And now you know why your Android device will never see updates like iPhone users enjoy. This is purely economics here folks, you can’t argue with economics.

The biggest mistake Google made was…

Unfortunately, when Google licensed Android to their OEM partners they made one fatal mistake; they didn’t put anything in the licensing agreement that the OEMs had to agree to to use Android stating that they had to maintain their devices. Google can release all the Android versions that they want but the OEMs can turn around say… “Meh… We don’t care.”

Proof of this is that you can still find new devices being sold today with Android 4.1 Jellybean. No, I’m NOT kidding here! Yes, Android 4.1! How Google is even allowing devices to be sold with an OS that old should be not allowed. Oh.. but wait, Google doesn’t have any control here.

If we look back in history Google was releasing Android right around the time Apple was releasing the iPhone 3G. In order to get a leg up on the iPhone Google decided to license Android to their OEM partners at the time with a very open-ended licensing agreement which, if you ask me, gave the OEMs way too much control leaving Google with very little.

Google has no control over the destiny of Android, the OEMs do. They’re the ones that ultimately decide if Android is going to die or not. But wait.. I know, you’re going to say that I’m stupid for saying that but read on and you’ll find out why I said that.

As of right now, Google has no control on whether or not your device will be updated or not. Lately they’ve been trying to take back some of the control that the OEMs have by putting a lot of things into what’s known as Google Play Services. That’s good for consumers because that’s the one thing Google has ultimate control over. But, Google has to tread carefully because if they move too fast in trying to take back the control they never should have given up to begin with, the OEMs can turn around and say “Fine Google, you want that control back? Here it is, we’re going to make our own mobile OS or we’ll just move to Tizen.” And what would happen if that scenario played out? Android would experience an instant death.

You see, without the OEMs Android is virtually dead. Yes, Google does have their own devices but they make up such a small piece of the Google Android marketshare that you might as well not even say that they exist. The biggest players in the Android ecosystem is Samsung, HTC, Sony, and a few others. If Google were to piss these players off it would be the death of Android.

Setting The Record Straight

My last couple of posts have made several people call me a fanboi. And you know what, I may have very well sounded like one. That’s right, I may have very well sounded like an Apple fanboi.

Putting The Blame Where The Blame Needs To Be Put

My last couple of mobile devices have been Android devices. First a Motorola Droid Charge, then a Galaxy Nexus, followed up by a Galaxy S4 and then finally a Galaxy Note 3. What really turned me off of Android recently is how Samsung treated the last two devices I had, namely the S4 and the Note 3. Both of those devices had not seen updates in many months. Meanwhile, Google kept churning out new versions of Android. Though, I can’t blame Samsung completely, some of the blame can be put on my cell carrier; AT&T. They don’t want to invest the time and money into approving and releasing new Android OS updates when they can just turn around and sell you a new device. Putting together, approving, and distributing software updates isn’t cheap; it takes a lot of time and effort to make sure that the update goes relatively smoothly and even then, the updates don’t always go as clean as one would want them to go. So when something does go wrong more often than not the customer blames the carrier and demands a new device which of course costs the carriers money. So really I put the blame for the mess that Android is in squarely on the shoulders of the OEMs and carriers, they’re the reason why Android is so fragmented.

Some people brought it to my attention that Google can seamlessly upgrade certain parts of the Android operating system regardless of which carrier sold you the device or what Android OEM made the device. Those updates are pushed out via updates to the Google Play Services Platform. So now people can have parts, perhaps the most critical parts of the Android system, seamlessly updated without having to do anything. This is good for the Android user. The fact that Google has to sneak these updates in behind the backs of carriers and OEMs shows how Google has lost control over Android.

I understand that Android is an open platform; one in which anyone can do anything they please to the platform. This can be anything from installing it on whatever device they choose to modifying it as they see fit. This is how Google licensed Android. This is what I have a problem with, the license that Android is licensed under. There’s far too much room for those who take Android to abuse it. We can see this in how Google has no say-so in how and when Android devices get core OS software updates. And by that I mean the base operating system (4.4 KitKat, 5.0 Lollipop, etc.) Instead, they have to sneak in updates through some kind of back door. If Google had written into the Android license a legal clause stating that when Google comes out with a new version of an Android OS release all devices running Android must get that update in a specified amount of time, we would not be in the mess we are in.

I also understand that people say that if you want a more pure version of Android you should get a Google Play Edition device or one of the other Moto devices. If you ask me, this is a sign that Google has realized their mistake in licensing Android the way they did. They have come to the conclusion that if they want control over the destiny of Android they must produce their own hardware. This is what Apple has done from the very beginning with their iOS platform.

Why Android Core OS Updates Are Important

I also understand that there is the idea that if devices get Google Play Services updates they won’t necessarily need core OS updates. I beg to differ. New versions of Android bring new features, bug fixes, and fundamental changes to how Android works at much lower levels than just updates to Google Play Services can bring to the device. For instance, the most notable change between 4.4 KitKat and 5.0 Lollipop is the forced introduction of ART or Android Run-Time.

The idea behind ART is that when an app is installed the app’s APK file (similar to an EXE file on Windows) is fully compiled to machine code upon installation of the app. Remember, an Android APK file is nothing but a compressed file that contains Java bytecode that needs to be compiled the rest of the way on the device to be run. This is very different from how things were done on versions of Android prior to 5.0. Under versions prior to 5.0, Android used the Dalvik VM in which upon running an app the app was compiled to machine code, this of course added time to the execution or opening of the app. Every time you launched an app the app’s APK file needed to be read, compiled, and executed whereas under 5.0 and ART, the app’s binary or APK file is already compiled at the time of installation saving a lot of CPU time and battery life every time you launch an app. This should also open the door for better optimization of the machine code because you have more time to compile it than during the half second before opening it under Android 4.4 and earlier. This of course should benefit devices that may not have the latest and greatest hardware in it because it reduces the CPU time needed to run apps. So you can see that having Android 5.0 Lollipop even on older devices can help increase the lifespan of the device in question.

Speaking about the Galaxy S4 and Galaxy Note 3. Both devices have quad-core CPUs and at the very least 2 GBs of RAM. The hardware is no slouch. This is modern hardware by anyone’s standard. If anything, 5.0 Lollipop would benefit these two devices a great deal and may even bring new life to the devices and allow people to keep the devices longer. The S4 is only two years old and the Note 3 is only a year old. Not old hardware if you ask me. So why isn’t Samsung and AT&T upgrading these devices to 5.0 Lollipop? It comes back to what I talked about in the second paragraph of this post, they don’t want to. They would much rather sell you a new device instead of putting the effort into updating the device. I call for the idea that if they no longer want to support the device with newer versions of Android they should be forced to unlock the bootloaders like in the case of the AT&T and Verizon Galaxy S4 and Note 3 and subsequent Samsung devices sold by the carriers. That way if the user wants to take the time into upgrading the device themselves by installing one of the any number of third-party Android ROMs they should be able to do so without issue and not have to worry about a locked down bootloader.

The Apple Hardware Way

In the case of the Apple iPhone devices, Apple maintains control over their hardware. They don’t just control the hardware but also the software as well. This has allowed Apple to marry the software and hardware together in ways no Android device maker can ever hope to do. Some might say that that’s the reason why Apple devices run so well, the software is hyper-optimized for the hardware on which it’s running. The current version of iOS, version 8.x, is still supported on devices dating back to the iPhone 4s which at this time is nearly four years old. There’s rumors that iOS 9 will be still be supported on the iPhone 4s which at the time of iOS 9 the device will be nearly five years old. That’s an amazing track record when it comes to supporting older hardware. This is similar to how you can install Windows 7 on six year old hardware and still have it run decently.

Changing To The iPhone

I’ve had my iPhone 6 Plus for a little over a month now. So far I’ve loved every moment of it. The operating system is smooth, it runs well, and I can’t make it lag. Even with several apps open and multitasking the iPhone 6 Plus doesn’t skip a beat. The battery life is amazing on the device. Even when under heavy load the iPhone’s battery life outshines that of my previous Android devices by a wide country mile. Even the apps seem more polished on the iPhone than on Android. My iPhone experience has been nothing short of amazing, far better than Android in so many different ways.

In a lot of ways, I just want my phone to work. When I need to make a phone call, I need it to work. When I need to send a text message, I need it to work. When I need to get directions because I’m lost, I need it to work. I don’t want to worry about whether or not I have the battery life to be able to do what I need to do. Though Android also did work in those cases there were many times when I’d find my battery close to being dead and I didn’t even touch the device. There were many times when I had my Note 3 in my pocket and had not touched it for three hours and the battery life was already down 15% or more. And yes, I was connected to WiFi so there shouldn’t have been any need to use LTE to send or receive data. So the obvious question is… What drained my battery so badly?

I hate to say this but in a lot of ways, Apple was right when it comes to multitasking on mobile devices. Apps should not be able to run in the background indefinitely chewing up battery life, the OS should have the ability to tell an app to go to sleep. Android doesn’t have this ability, apps can (and do) run indefinitely in the background and more often than not can drain your battery dry. I’m looking at you Facebook, you’re the worst offender of them all! Mobile devices by their very nature are power limited devices, they need to have strong power management capabilities built into the core operating system. This is what Apple iOS has, it can tell an app that it’s time is up and it needs to go to sleep.

Apple vs. Android

People call Apple iOS the most restrictive operating system in which Android claims that they are the most open platform. Sure, Android does allow for a lot of customization but because of that customization it can result in a very fragmented system in which not everything fits together nicely. iOS may very well be a restrictive platform but everything just works. Asking Siri to do something results in it just working. I can tell Siri to set timers, alarms, calendar events, and reminders all without even unlocking my phone. I can even ask Siri for sports scores or even a weather report. I wasn’t able to do any of that on Android, or at least it wasn’t nearly as easy to do as it is on iOS with Siri.

As for the restrictions, I’ve not run into one situation in which Apple iOS 8 has prevented me from doing something I’ve wanted to do on my device. Now this may be different because I’m running iOS 8 and past versions of iOS were far more restrictive than iOS 8 is. Version 8 has really opened the iOS platform up and removed a lot of the roadblocks that were in the system. Like I said before, I’ve not run into any restrictions that prevented me from doing what I wanted to do. Even the most important app that I use, Lastpass, the app that stores my saved passwords integrates right into Safari on my iPhone and allows me to fill login forms with relative ease. This would not have been possible without the platform improvements in iOS 8 which lifted a lot of the restrictions on what apps can and can’t do on the platform. With iOS 8 Apple has managed to walk the fine line of user restrictions to maintain system integrity while still allowing the user to do what they need to do.