Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
×
Android Cellphones Privacy Security The Almighty Buck Technology

The Privacy Trade-Offs of Cheap Android Smartphones (fastcompany.com) 22

Fast Company highlights some of the "privacy nightmares" surrounding low-cost Android smartphones, which can be very attractive for those on a tight budget. One example is the MYA2 MyPhone: According to an analysis by the advocacy group Privacy International, a $17 Android smartphone called MYA2 MyPhone, which was launched in December 2017, has a host of privacy problems that make its owner vulnerable to hackers and to data-hungry tech companies. First, it comes with an outdated version of Android with known security vulnerabilities that can't be updated or patched. The MYA2 also has apps that can't be updated or deleted, and those apps contain multiple security and privacy flaws. One of those pre-installed apps that can't be removed, Facebook Lite, gets default permission to track everywhere you go, upload all your contacts, and read your phone's calendar. The fact that Facebook Lite can't be removed is especially worrying because the app suffered a major privacy snafu earlier this year when hundreds of millions of Facebook Lite users had their passwords exposed.

Philippines-based MyPhone said the specs of the MYA2 limited it to shipping the phone with Android 6.0, and since then it says it has "lost access and support to update the apps we have pre-installed" with the device. Given that the MYA2 phone, like many low-cost Android smartphones, runs outdated versions of the Android OS and can't be updated due to their hardware limitations, users of such phones are limited to relatively light privacy protections compared to what modern OSes, like Android 10, offer today. The MYA2 is just one example of how cheap smartphones leak personal information, provide few if any privacy protections, and are incredibly easy to hack compared to their more expensive counterparts.

This discussion has been archived. No new comments can be posted.

The Privacy Trade-Offs of Cheap Android Smartphones

Comments Filter:
  • Granted that not all users are savvy enough to reflash a phone with an aftermarket ROM. I wonder if these cheap phones could be flashed with a more secure ROM, and in the process remove the preloaded apps
    • Secure rom? Is there such a thing?>Why the hell would you flash a ROM? You're basically giving root access to your phone to an anonymous developer and installing whatever little "gifts" he has bundled with his ROM. Welcome to the botnet. That's really bad security practice. Yes, big companies take your data, but at least those companies are held accountable by regulators, unlike your average ROM cook.
  • by drinkypoo ( 153816 ) <drink@hyperlogos.org> on Monday October 07, 2019 @05:49PM (#59281056) Homepage Journal

    Regardless of the price point, don't buy devices you can't unlock officially. They leave you at the mercy of the manufacturer. Yes, that means don't buy any iDevices.

  • by BAReFO0t ( 6240524 ) on Monday October 07, 2019 @05:50PM (#59281062)

    I don't see any relation between price and privacy.

    They all use Android, and hence whore you out to Google. That is already the end of the discussion.

    But of course, I can add that there is no relation between price and how long you're getting updates, how much bundled crap is in the 'ROM', or if you ever get firmware patches. Big brands like Samsung aren't any better. In fact, small and cheap manufacturers are more likely to use vanilla Android.
    And the cheap Mediatek SOCs are nicely rootable and even unbrickable. So you actually have access to fix flaws and remove bundled crap yourself. (Done that.)

    Sure, the firmware can contain spyware too. But again, why would big brands be any different?
    And no, Murican (US-American) spyware is in no way different/better than Zhongguo (Chinese) spyware. ;) Same type of people that made it.

    I think this is only fearmongering from big brands that are afraid because they have lost their oligopoly. Boo hoo. ... You lose! You get nothing! Good day!

    • Big brands like Samsung aren't any better.

      Lenovorola is better. If you buy a phone directly from them, you get vanilla android plus moto actions, and nothing else. There's zero bundled third party bullshit, everything is straight from google, or something unobtrusive from Moto. I paid $150 for a Moto X4 3GB/16GB and it is worth every penny. Headphone jack, SD card slot, IP67, unlockable bootloader, not known to deflagrate.

      Some big brands are better than others.

      Sure, the firmware can contain spyware too. But again, why would big brands be any different?

      They're subject to more scrutiny, and so more likely to get caught. Their competitors loo

      • You still can't remove any google apps marked "system ", even on Motorola phones not bought through a carrier deal.

        At least with Apple, you can remove all the Google crap, as well as Apple crap such as Apple News.

        Google is an advertising company. Privacy in any shape or form harms their business model.

        • Google is an advertising company. Privacy in any shape or form harms their business model.

          This is quite obviously false, even from the most cynical perspective. At a minimum, Google has every incentive to protect your privacy from other companies, to keep all of your data for itself. Google makes money by providing targeted advertising, and if any of that user information leaks, it enables others to do better ad targeting, enabling competition. Google doesn't even want its advertising customers to have access to that information, because then they'd have less need of Google.

          Beyond that, Goog

      • Um, Google apps are the ones doing all the data collection. I'll never understand people.

        • Um, Google apps are the ones doing all the data collection. I'll never understand people.

          No, Google apps are the ones doing the data collection that you know about. There are plenty of phones with malware collecting data for customers other than Google. Some of these customers are the Chinese and US governments. I wouldn't like anyone snooping on my private info, but of all of them, I especially don't want the Chinese government to have my info due to concerns about industrial espionage and personal rights (what if I'm going to be a tourist in China someday?).

    • by swillden ( 191260 ) <shawn-ds@willden.org> on Tuesday October 08, 2019 @08:17AM (#59283100) Journal

      I don't see any relation between price and privacy.

      I do, quite a bit. Cheap devices are cheap in large part because of the money that app makers (like Facebook Lite) pay to subsidize them. Many of these apps are quite abusive; some have been found to contain remote-access back doors (not Facebook's app; that would be a huge scandal that would make the front page).

      They all use Android, and hence whore you out to Google.

      Android doesn't send any information to Google. I work on the Android platform security team, and this is a core principle; Google has no privileged access into the Android OS. You can verify this yourself [googlesource.com].

      That said, most Android devices do run Google's apps, including the Play Store services app. Those absolutely do send information to Google. However, Google gives you control over what is sent to Google, and there are lots of people watching to verify that Google doesn't overstep the permissions you give. Every release of every Google app gets decompiled and analyzed and anything weird gets published on XDA forums and picked up by Android Police, etc. Anything really weird gets picked up by the mainstream news. The same is not true for the pre-installed apps developed by companies you've never heard of.

      But of course, I can add that there is no relation between price and how long you're getting updates, how much bundled crap is in the 'ROM', or if you ever get firmware patches.

      There is a relation between price and how long you get updates. If you buy a phone today that ships with Android 6.0, you can be certain you are never getting any updates, of any sort, ever. If you buy a new phone from a major brand that ships with the current-generation OS, you can be sure you'll get updates for some period of time. Most of them promise two years of updates and security patches. Google Pixel devices get three years.

      Big brands like Samsung aren't any better. In fact, small and cheap manufacturers are more likely to use vanilla Android.

      As I pointed out above, those that ship with a years-old version of Android are guaranteed never to receive any updates, vanilla or not.

      And the cheap Mediatek SOCs are nicely rootable and even unbrickable. So you actually have access to fix flaws and remove bundled crap yourself. (Done that.)

      Unlockable devices are great, and I would never buy one that isn't. However, be careful to distinguish between devices that can be rooted because they contain ancient, vulnerability-ridden system software and those that have bootloaders which are designed to be unlocked and re-locked. The best devices allow you to unlock, install your own signing keys, flash your own software signed by those keys, then re-lock. This allows the Verified Boot system to validate that no malware is attempting to backdoor your system, among other protections.

      Sure, the firmware can contain spyware too. But again, why would big brands be any different?

      Big brands get more scrutiny. There are more people looking at them to see what they do. Google most of all.

      • Looking at device specs for that cheap phone, I noticed one of the major reasons why it could not be upgraded, and that was the very small amount of RAM memory.

        One of the upgrade problems is, that for a very long time, Google / Open Handset Alliance (OHA) had the minimum hardware requirements for Android set to 512 Mb of RAM, which greatly limited the upgrade viability of any device produced with only that amount of RAM, because the manufacturers trusted Google / OHA that this was enough and workable, wh
  • Google needs to update the license to make it clear that they will provide support for a long term. And then they need to do it.

  • Just a small section of the data that Google hold on you

    https://myactivity.google.com/myactivity
  • by Zombie Ryushu ( 803103 ) on Tuesday October 08, 2019 @04:20AM (#59282592)

    I think its time for a law saying...

    If you own a device outright, the manufacturer has to allow you to unlock the bootloader so you can install a Custom Recovery, and Flash your own OS. That does not mean the manufacturer has to support the aftermarket OS, or that Google has to allow SafetyNet, but I have several devices I want to buy that I can't until I can be assured that I can flash LineageOS to them.

    • But but but *rattles tits* you don't own ur device *rattles tits* ur onwy wicencing it *rattles tits*.
    • Good luck getting the bought and paid for politicians to switch over from the Dark Side :\ Believe me, I would love this too, but the reality is at this point, getting a magic unicorn from Santa this Christmas is a more realistic expectation.

        Oh well, hackers love a challenge, and the arms race between them and the companies who think they know what's best for us (translation: What makes them the most money) will continue for the foreseeable future.

  • Microsoft no longer allows (except under special limited circumstances that probably don't apply to someone buying a brand new PC for general purpose use) OEMs to acquire Windows XP licenses or to ship computers with copies of Windows XP.

    Google should do the same and ban OEMs from shipping any versions of the Google bits (Google Play Store, Google Play Services blob, Google apps etc) going forward unless those OEMs are shipping a recent enough version of Android (Oreo would make sense or maybe Pie). OEMs li

No spitting on the Bus! Thank you, The Mgt.

Working...