Android Browser Security--What You Haven't Been Told

You do not want to trust your bank account to an operating system where no one cares that hundreds of bugs are ignored, regardless of enthusiasm, hype or attractiveness. Assuming that you must use your Android device to process such sensitive information, it is likely better to use a mobile HTML site in a safe browser rather than a local app. If circumstances force you to use an app, prefer an app developer that recognizes Android libraries for the security minefield that they are and thus avoids using OS features that can compromise your data.


Users of modern, enterprise Linux are accustomed to five-year support cycles on platforms with regular security updates that rely on fine-grained package databases, allowing for easy reversal of an individual patch. All of this is available for free from multiple vendors, although paid support is available through several avenues.

For such individuals, Android releases closely resemble unsupported development snapshots. In the rare events that Android updates do arrive, they come as giant .ZIP files that are slapped over (/system)/bin in an irreversible manner. Updates commonly apply new locks over boot firmware, fencing users out of hardware that they purchased and own.

Should a new enterprise Linux distribution appear exhibiting these behaviors, no one would use it. Should an existing distribution implement these policies, the exodus of the user community would likely not be as fast as the blizzard of lawsuits that tore the vendor to bankruptcy.

A day will come when consistent security policies and updates are required on embedded, mobile, workstation and server platforms. For the good of the computer sciences and the people who use them, let's hope that day comes soon.


Charles Fisher has an electrical engineering degree from the University of Iowa and works as a systems and database administrator for a Fortune 500 mining and manufacturing corporation.