Google Gets to the Root of the Problem

It was this time last year — almost to the day — that Google revealed their plan for gaining a share of the ever-so-profitable mobile phone market. Though we all thought it would be a true gPhone — designed, manufactured, and marketed entirely by Google — we were nonetheless excited and intrigued by what was actually revealed: Android, an Open Source, Linux-based mobile OS.

The path through Android's development to the eventual release of the first "Googlephone" — the T-Mobile G1 — had its fair share of bumps and potholes. Post-release is proving to be rather rough as well: A high-profile vulnerability discovered in late October and patched last week brought the company criticism not only over the flaw itself, which involved a long-since-patched vulnerability, but more so over Google's response to security-researcher Charles Miller's public disclosure of the vulnerability. Now, a new vulnerability has come to light and has drawn the search giant even more fire.

The latest flaw — which is in the process of being patched via an over-the-air and reportedly involuntary update — was disclosed last week in what was characterized as a "jailbreak" of the G1. At first glance, most sources believed the glitch to allow as-needed root access to the phone, providing users with the opportunity to bypass limitations on the phone and run applications outside the "sandbox" designed by Android's developers. However, it was quickly discovered that the issue was not a "jailbreak," but rather a serious flaw in Android's code which caused a root shell to run invisibly on the device — a root shell which received and executed every keystroke entered on the device. rm -rf, anyone?

Though obviously embarrassing for Google, the bug is not out-of-the-ordinary, and was likely a debugging hack that failed to find its way out of the production release. Some — presumably before learning the full extent of the vulnerability — were quick to criticize Google, comparing the company's actions to Apple's ironfisted control of the iPhone. Questions were raised over Google's commitment to keeping Android an Open Source project — questions which echo, though in a radically different context, ones raised just a few months ago.

This time at least, it appears Google's motives lacked sinister overtones of corporate control — but who knows what evil lurks in the code of Android?

______________________

Justin Ryan is a Contributing Editor for Linux Journal.

Comments

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.

Jailbreaking and such...

daved1948's picture

Let us all keep in mind that both Google and Apple have to appease the wireless providers. To go big, you need either AT&T or Verizon, and a real win would include both.

In any case, the providers in the current wireless service model must have segregation of voice and data services in order to keep their networks from being overwhelmed - by being tethered or used as VoIP phones or just hacked.

Do I like this limitation? Heck no. I want to do what I want to do with my "unlocked" phone, especially when I pay $500 or more for it.

Do I understand the provider's viewpoint? Sure I do. And if the providers aren't happy with your product, they sure aren't going to allow you to connect it to their network.

Until the whole wireless thing shifts over to basically wireless broadband and embrace the idea of being a data provider WITH VoIP, there's little chance they're going to be happy about someone jailbreaking any phone they service.

To better understand their plight, look at what's happening with Verizon and Comcast broadband. Both firms offer cable TV, and are now also providing the very pipe which will erode their cable offerings as Apple TV, Hulu, Vulu and a zillion others all get into the video-over-IP market.

Will all this eventually happen anyway? Sure it will. But one thing's for sure - they're gonna drag their feet along the way as they try to come up with some kind of new business model that allows them to still make money. And their wireless phone service is really very narrow band. So transitioning to broadband using cellular frequencies will be expensive and in reality, will most likely NOT be possible with the equipment they now use.

This is going to be a very interesting next ten years for both content and service providers.

dave...

Webinar
One Click, Universal Protection: Implementing Centralized Security Policies on Linux Systems

As Linux continues to play an ever increasing role in corporate data centers and institutions, ensuring the integrity and protection of these systems must be a priority. With 60% of the world's websites and an increasing share of organization's mission-critical workloads running on Linux, failing to stop malware and other advanced threats on Linux can increasingly impact an organization's reputation and bottom line.

Learn More

Sponsored by Bit9

Webinar
Linux Backup and Recovery Webinar

Most companies incorporate backup procedures for critical data, which can be restored quickly if a loss occurs. However, fewer companies are prepared for catastrophic system failures, in which they lose all data, the entire operating system, applications, settings, patches and more, reducing their system(s) to “bare metal.” After all, before data can be restored to a system, there must be a system to restore it to.

In this one hour webinar, learn how to enhance your existing backup strategies for better disaster recovery preparedness using Storix System Backup Administrator (SBAdmin), a highly flexible bare-metal recovery solution for UNIX and Linux systems.

Learn More

Sponsored by Storix