Home

Google Gets to the Root of the Problem

Nov 10, 2008  By Justin Ryan

It was this time last year — almost to the day — that Google revealed their plan for gaining a share of the ever-so-profitable mobile phone market. Though we all thought it would be a true gPhone — designed, manufactured, and marketed entirely by Google — we were nonetheless excited and intrigued by what was actually revealed: Android, an Open Source, Linux-based mobile OS.

The path through Android's development to the eventual release of the first "Googlephone" — the T-Mobile G1 — had its fair share of bumps and potholes. Post-release is proving to be rather rough as well: A high-profile vulnerability discovered in late October and patched last week brought the company criticism not only over the flaw itself, which involved a long-since-patched vulnerability, but more so over Google's response to security-researcher Charles Miller's public disclosure of the vulnerability. Now, a new vulnerability has come to light and has drawn the search giant even more fire.

The latest flaw — which is in the process of being patched via an over-the-air and reportedly involuntary update — was disclosed last week in what was characterized as a "jailbreak" of the G1. At first glance, most sources believed the glitch to allow as-needed root access to the phone, providing users with the opportunity to bypass limitations on the phone and run applications outside the "sandbox" designed by Android's developers. However, it was quickly discovered that the issue was not a "jailbreak," but rather a serious flaw in Android's code which caused a root shell to run invisibly on the device — a root shell which received and executed every keystroke entered on the device. rm -rf, anyone?

Though obviously embarrassing for Google, the bug is not out-of-the-ordinary, and was likely a debugging hack that failed to find its way out of the production release. Some — presumably before learning the full extent of the vulnerability — were quick to criticize Google, comparing the company's actions to Apple's ironfisted control of the iPhone. Questions were raised over Google's commitment to keeping Android an Open Source project — questions which echo, though in a radically different context, ones raised just a few months ago.

This time at least, it appears Google's motives lacked sinister overtones of corporate control — but who knows what evil lurks in the code of Android?

______________________

Justin Ryan is a Contributing Editor for Linux Journal.

Comments

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.

Jailbreaking and such...

daved1948's picture
Submitted by daved1948 on Fri, 01/08/2010 - 01:13.

Let us all keep in mind that both Google and Apple have to appease the wireless providers. To go big, you need either AT&T or Verizon, and a real win would include both.

In any case, the providers in the current wireless service model must have segregation of voice and data services in order to keep their networks from being overwhelmed - by being tethered or used as VoIP phones or just hacked.

Do I like this limitation? Heck no. I want to do what I want to do with my "unlocked" phone, especially when I pay $500 or more for it.

Do I understand the provider's viewpoint? Sure I do. And if the providers aren't happy with your product, they sure aren't going to allow you to connect it to their network.

Until the whole wireless thing shifts over to basically wireless broadband and embrace the idea of being a data provider WITH VoIP, there's little chance they're going to be happy about someone jailbreaking any phone they service.

To better understand their plight, look at what's happening with Verizon and Comcast broadband. Both firms offer cable TV, and are now also providing the very pipe which will erode their cable offerings as Apple TV, Hulu, Vulu and a zillion others all get into the video-over-IP market.

Will all this eventually happen anyway? Sure it will. But one thing's for sure - they're gonna drag their feet along the way as they try to come up with some kind of new business model that allows them to still make money. And their wireless phone service is really very narrow band. So transitioning to broadband using cellular frequencies will be expensive and in reality, will most likely NOT be possible with the equipment they now use.

This is going to be a very interesting next ten years for both content and service providers.

dave...

Webcast
More Resources
How to Build an Optimal Hadoop Cluster to Store and Maintain Unlimited Amounts of Data Using Microservers

Realizing the promise of Apache® Hadoop® requires the effective deployment of compute, memory, storage and networking to achieve optimal results. With its flexibility and multitude of options, it is easy to over or under provision the server infrastructure, resulting in poor performance and high TCO. Join us for an in depth, technical discussion with industry experts from leading Hadoop and server companies who will provide insights into the key considerations for designing and deploying an optimal Hadoop cluster.

Learn More

Sponsored by AMD

White Paper
More Resources
Red Hat White Paper: Using an Open Source Framework to Catch the Bad Guy

Built-in forensics, incident response, and security with Red Hat Enterprise Linux 6

Every security policy provides guidance and requirements for ensuring adequate protection of information and data, as well as high-level technical and administrative security requirements for a system in a given environment. Traditionally, providing security for a system focuses on the confidentiality of the information on it. However, protecting the data integrity and system and data availability is just as important. For example, when processing United States intelligence information, there are three attributes that require protection: confidentiality, integrity, and availability.

Learn more about catching the bad guy in this free white paper.

Learn More

Sponsored by DLT Solutions