Why Android Security is Broken
hint: it isn't technical
A recent slashdot post was discussing a privilege escalation hole in Android and by looking at the comments, it was obvious to me that most geeks just don't get it when it comes to security.
Android has a huge, gaping security hole but it isn't a technical one, it's the design. The flaw is the same one that afflicted ActiveX in Internet Explorer: Assuming that the majority of users
- Have a clue what any of the permissions actually mean
- Can trust the app not to abuse the permissions it has (or contain flaws that allow it to be hijacked)
The reality is that 100% of people (rounding up from normal people to geeks) simply tap Accept and move on with their lives. Those annoying dialogs are just how you use the device. Like a daily ritual, tapping install just annoys you with a stupid "Are you really sure?" dialog box, just like the thousands they've dismissed throughout their lives.
Computers pester people. That's what they do. Consequently, people learn that if they choose Cancel they don't get the game or app they wanted, so the correct course of action is to always accept. Done and done.
Any security decision that relies on users to take the correct course of action is an automatic failure. If the penalty for making the wrong choice is high, e.g. having a $10/mo premium SMS subscription added to your bill or having your banking login stolen, then the system is badly designed and broken.
This blog represents my own personal opinion and is not endorsed by my employer.