Google Gets to the Root of the Problem

It was this time last year — almost to the day — that Google revealed their plan for gaining a share of the ever-so-profitable mobile phone market. Though we all thought it would be a true gPhone — designed, manufactured, and marketed entirely by Google — we were nonetheless excited and intrigued by what was actually revealed: Android, an Open Source, Linux-based mobile OS.

The path through Android's development to the eventual release of the first "Googlephone" — the T-Mobile G1 — had its fair share of bumps and potholes. Post-release is proving to be rather rough as well: A high-profile vulnerability discovered in late October and patched last week brought the company criticism not only over the flaw itself, which involved a long-since-patched vulnerability, but more so over Google's response to security-researcher Charles Miller's public disclosure of the vulnerability. Now, a new vulnerability has come to light and has drawn the search giant even more fire.

The latest flaw — which is in the process of being patched via an over-the-air and reportedly involuntary update — was disclosed last week in what was characterized as a "jailbreak" of the G1. At first glance, most sources believed the glitch to allow as-needed root access to the phone, providing users with the opportunity to bypass limitations on the phone and run applications outside the "sandbox" designed by Android's developers. However, it was quickly discovered that the issue was not a "jailbreak," but rather a serious flaw in Android's code which caused a root shell to run invisibly on the device — a root shell which received and executed every keystroke entered on the device. rm -rf, anyone?

Though obviously embarrassing for Google, the bug is not out-of-the-ordinary, and was likely a debugging hack that failed to find its way out of the production release. Some — presumably before learning the full extent of the vulnerability — were quick to criticize Google, comparing the company's actions to Apple's ironfisted control of the iPhone. Questions were raised over Google's commitment to keeping Android an Open Source project — questions which echo, though in a radically different context, ones raised just a few months ago.

This time at least, it appears Google's motives lacked sinister overtones of corporate control — but who knows what evil lurks in the code of Android?

______________________

Justin Ryan is a Contributing Editor for Linux Journal.

Comments

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.

Jailbreaking and such...

daved1948's picture

Let us all keep in mind that both Google and Apple have to appease the wireless providers. To go big, you need either AT&T or Verizon, and a real win would include both.

In any case, the providers in the current wireless service model must have segregation of voice and data services in order to keep their networks from being overwhelmed - by being tethered or used as VoIP phones or just hacked.

Do I like this limitation? Heck no. I want to do what I want to do with my "unlocked" phone, especially when I pay $500 or more for it.

Do I understand the provider's viewpoint? Sure I do. And if the providers aren't happy with your product, they sure aren't going to allow you to connect it to their network.

Until the whole wireless thing shifts over to basically wireless broadband and embrace the idea of being a data provider WITH VoIP, there's little chance they're going to be happy about someone jailbreaking any phone they service.

To better understand their plight, look at what's happening with Verizon and Comcast broadband. Both firms offer cable TV, and are now also providing the very pipe which will erode their cable offerings as Apple TV, Hulu, Vulu and a zillion others all get into the video-over-IP market.

Will all this eventually happen anyway? Sure it will. But one thing's for sure - they're gonna drag their feet along the way as they try to come up with some kind of new business model that allows them to still make money. And their wireless phone service is really very narrow band. So transitioning to broadband using cellular frequencies will be expensive and in reality, will most likely NOT be possible with the equipment they now use.

This is going to be a very interesting next ten years for both content and service providers.

dave...

White Paper
Linux Management with Red Hat Satellite: Measuring Business Impact and ROI

Linux has become a key foundation for supporting today's rapidly growing IT environments. Linux is being used to deploy business applications and databases, trading on its reputation as a low-cost operating environment. For many IT organizations, Linux is a mainstay for deploying Web servers and has evolved from handling basic file, print, and utility workloads to running mission-critical applications and databases, physically, virtually, and in the cloud. As Linux grows in importance in terms of value to the business, managing Linux environments to high standards of service quality — availability, security, and performance — becomes an essential requirement for business success.

Learn More

Sponsored by Red Hat

White Paper
Private PaaS for the Agile Enterprise

If you already use virtualized infrastructure, you are well on your way to leveraging the power of the cloud. Virtualization offers the promise of limitless resources, but how do you manage that scalability when your DevOps team doesn’t scale? In today’s hypercompetitive markets, fast results can make a difference between leading the pack vs. obsolescence. Organizations need more benefits from cloud computing than just raw resources. They need agility, flexibility, convenience, ROI, and control.

Stackato private Platform-as-a-Service technology from ActiveState extends your private cloud infrastructure by creating a private PaaS to provide on-demand availability, flexibility, control, and ultimately, faster time-to-market for your enterprise.

Learn More

Sponsored by ActiveState