About About Contact Contact
I don’t think of my smartphone as particularly smart, neither do I use a phone very much at all these days.   In fact like most people I don’t make many telephone “voice” calls, preferring to send a text message or email instead.  While my smartphone just happens to be able to make and receive phone calls, it is in reality a pocket computer.  So the manufacturers, especially of Android devices, should understand their moral duty, treat smartphones as computers and, if necessary, be forced to raise their security standards from their current abysmal level. The Android Operating System has been incredibly successful, not least because it is free for manufacturers to install, and as a result there are an awful lot of devices that use it.  According to Google in 2015 there were 1.4 billion active Android devices worldwide.  There are probably far more today.  In order to reach this heady position Google effectively ceded control to the manufacturers of the devices.  Although Google regularly produces software updates and security fixes it is left to the hardware manufacturers to decide whether or not to implement them.  And now the hardware manufacturers are being appallingly irresponsible: instead of updating devices as a vital after-sales service, they are using updates as a marketing device to sell newer models.    The result of this greed is that the vast majority of mobile Android devices are running older, insecure versions of Android with none of the latest security fixes.  Look at Chart A above and you can see that over two thirds of people using Android devices haven’t been updated with security fixes in the last two years.  Worse, a third of Android users are using insecure devices that haven’t been updated for four years, and 11.6% haven’t been updated for more than five years.   This incriminating data comes from Google itself.  Just think for a moment about the number of people currently using insecure Android devices for doing their mobile banking – and shudder.  Incredibly, the Office of National Statistics (ONS) has only just started an experiment where they collect data on online fraud through the Crime Survey of England and Wales.  What this provisional data shows is that in the year to June 2016 there were 2,356,000 incidents of computer bank fraud and 1,340,000 incidents of malware being used to extort money from individuals.  This is a vast amount of computer related crime.  In fact, it amounts to 40% of all recorded crime and affects one in ten of the population.  Astonishingly, two thirds of this is specifically defined as cyber-crime because it all happens online.  It seems extraordinary that since the advent of the public Internet in 1994 it has taken the ONS more than 22 years to start to collect data about cyber-crime, although as it turns out this is the most prevalent sort of crime.  One can only wonder how much this tardy state of affairs came about due to pressure from the police and government to deliberately keep crime figures low, and how much was an ONS cock-up?  I always tend to reckon it’s a cock-up by default rather than conspiracy but in this case we will probably never know the real reason.  Unquestionably some senior figures at the ONS should be interrogated by Parliament and forced to account for their incompetence.  I would also question the narrow ONS definition of cyber-crime as it doesn’t include for, example, harassment, extortion or even rape via online dating.  What is shockingly clear from the crime survey is that a lot people are so embarrassed about being caught out that only 13.2% of crimes get reported.  These figures are not broken down to provide data specifically about mobile devices although I would expect around half of these incidents are related to using smartphones.  Today in Britain more than half all online shopping transactions are made using a mobile device, mostly smartphones. And that amounts to an awful lot of credit card details on insecure Android devices - because they account for the majority of mobile devices. If you have a technical turn of mind you can appreciate how alarmingly vulnerable Android is to exploitation.  So it’s hardly surprising that the great majority of smartphone malware is targeted at Android smartphones.  As the source code is open to anybody to download, it’s so much easier to break.   And the fact that such vulnerable Android devices are allowed to continue to exist is testament to Google’s powerful lobbying of the government and also the influence of the phone manufacturers which make the devices.  To be fair to Google, as they do release regular updates and security fixes for Android, as I have already said, the problem really lies with smartphone manufacturers who have to tweak Android to work on their devices.  Regulation should force Google to make device manufacturers provide security updates for all versions of Android.  (This is a key area of advantage for Apple’s iPhone because the company has a tight control over its own hardware and software.  Although if you are using an iPhone 4 circa 2010 or anything older then you too are using an insecure device.)  The Android device manufacturers have cynically seized any lack of regulation as an opportunity to push the sales of new smartphones.  They simply refuse to update devices more than 18 months old.  Perhaps I’m being unduly suspicious but it’s interesting to note that in a non-monopolistic situation all the companies involved seem to have reached the same decision about their update policies.  There must be some unwritten agreement involved, as one would normally expect to see some variation in update policies between companies.  So much for a free market!   On a personal note, my wife and I each have an 18 month old Motorola Moto G, splendid little phones.   Like many other people, we specifically chose to buy these because of the excellent features and for easy updating and, while Google owned the company, all was well.  But once Motorola was sold to the Chinese company, Lenovo, the policy changed.  Although our phones are obviously capable of being updated to the latest version of Android, the company refuses to update them.   We are not alone, we joined over 135,000 others to send a petition to Motorola/Lenovo but the company was intractable. If most consumers really understood the security issues, much more of a fuss would be made.  I think it’s a problem resulting from the general population’s low level of computer literacy on one side and the power of multi-national technology companies on the other. As people interested in the environment and renewable technology, we are well aware of the effects, through forced obsolescence, that millions of smartphones being turned into landfill has on the environment.  If you want some details on the toxic waste from dumped smartphones, read this link.  Without regulation, companies like Motorola/Lenovo, Samsung, Sony, Asus etc. etc., will never provide security updates for other than their most recently sold smartphones because they are only intent on selling more, and not providing any kind of after-sales service.  And they clearly don’t give a fig about the planet.  You can see which companies are particularly bad about security by checking out this website that tracks smartphone manufacturers’ Android security efforts. Updating security for smartphones costs money, but an insignificant fraction compared to the profits made by selling billions of phones using the free operating system.  The manufacturers obviously have to pay for their software developers to tweak Google security fixes to fit their older models but it’s tax deductible, and they have to continually do these tweaks anyway for the brand new models.   Tweaking security fixes may be a bit of a pain as under-the-hood Android is a mess because it was developed using established American software methods, thrown together fast in response to Apple’s iPhone, but it’s not that onerous.  I think it quite reasonable to expect security fixes and system updates (if the hardware is capable) for the expected life of the device (say 10 years).  This is what generally happens with laptop or desktop computers running Microsoft Windows.  Microsoft understands that computer operating systems need to last around a decade and that security fixes remain a necessary on-going operation/service for the period.  That’s because a lot of Microsoft’s software is used in corporate or government environments where security is considered important.  It’s amazing to think that nowadays the majority of all those insecure Android smartphones can access corporate data networks.  As cyber-security becomes a big issue for every company I expect them to come to the sudden realisation that Android devices are a source of major vulnerability for them.  Now that security is such an important issue, all mobile computer devices such as smartphones should be held to the same exacting computing standards as Microsoft Windows, as the majority of computing now takes place on smartphones and tablet computers using Android.  According to research company IDC, Android accounts for almost 87 per cent of all global smartphone shipments. So what can you do if, like the majority of people, you are using an insecure Android device?  Our 18-month old Android smartphones are insecure so the first rule is that we categorically refuse to use these pocket computers for mobile banking or buying things online, and obviously never while using public Wi-Fi, even though our bank has created a supposedly secure app.  The second prudent rule is to use the best possible anti-virus software for Android that there is.  I’ve been following the successful progress of the Russian cyber security company, Kaspersky Lab, which was responsible for detecting Stuxnet.  They’re a clever lot.  Kaspersky has developed an impressive software product which, while it doesn’t make the Android operating system itself more secure, is the next best thing.  It protects the device from known malware exploiting vulnerabilities in older versions of Android.  The database of malware is continuously updated and includes the detection of dangerous files like Autorooting which use the latest devious software techniques to take control of any Android device.  We pay a £20 (Amazon) annual fee to Kaspersky Lab to protect up to five devices, so both our computers are covered, as well as our phones so they remain smart.  It’s a pity such tactics are necessary to remain secure, but we have to be on our guard until existing Android devices are properly updated.  Google used to have a corporate slogan “do no evil.”  Creating and then allowing a market of over one billion insecure devices to flourish seems pretty devilish to me. January 2017 
Click here to download the PowerPoint chart: Click here to download the PowerPoint chart:
...with analysis & insight...
Home Home Archive: Free PowerPoint download Free PowerPoint download
Click image to enlarge
Click here to download the PowerPoint chart: Click here to download the PowerPoint chart: Click here to download the PowerPoint chart: Click here to download the PowerPoint chart:

Do no evil?

Click here to download the PowerPoint chart: Click here to download the PowerPoint chart:
Click to return to page Archive Archive 2010 2009 View All 2016 Articles View All 2016 Articles View All 2016 Articles View All 2016 Articles View All 2016 Articles View All 2016 Articles View All 2016 Articles View All 2016 Articles View All 2016 Articles View All 2016 Articles View All 2016 Articles View All 2016 Articles View All 2016 Articles View All 2016 Articles View All 2016 Articles View All 2016 Articles View All 2016 Articles View All 2016 Articles

Do no evil?

I don’t think of my smartphone as particularly smart, neither do I use a phone very much at all these days.   In fact like most people I don’t make many telephone “voice” calls, preferring to send a text message or email instead.  While my smartphone just happens to be able to make and receive phone calls, it is in reality a pocket computer.  So the manufacturers, especially of Android devices, should understand their moral duty, treat smartphones as computers and, if necessary, be forced to raise their security standards from their current abysmal level. The Android Operating System has been incredibly successful, not least because it is free for manufacturers to install, and as a result there are an awful lot of devices that use it.  According to Google in 2015 there were 1.4 billion active Android devices worldwide.  There are probably far more today.  In order to reach this heady position Google effectively ceded control to the manufacturers of the devices.  Although Google regularly produces software updates and security fixes it is left to the hardware manufacturers to decide whether or not to implement them.  And now the hardware manufacturers are being appallingly irresponsible: instead of updating devices as a vital after-sales service, they are using updates as a marketing device to sell newer models.    The result of this greed is that the vast majority of mobile Android devices are running older, insecure versions of Android with none of the latest security fixes.  Look at Chart A above and you can see that over two thirds of people using Android devices haven’t been updated with security fixes in the last two years.  Worse, a third of Android users are using insecure devices that haven’t been updated for four years, and 11.6% haven’t been updated for more than five years.   This incriminating data comes from Google itself.  Just think for a moment about the number of people currently using insecure Android devices for doing their mobile banking – and shudder.  Incredibly, the Office of National Statistics (ONS) has only just started an experiment where they collect data on online fraud through the Crime Survey of England and Wales.  What this provisional data shows is that in the year to June 2016 there were 2,356,000 incidents of computer bank fraud and 1,340,000 incidents of malware being used to extort money from individuals.  This is a vast amount of computer related crime.  In fact, it amounts to 40% of all recorded crime and affects one in ten of the population.  Astonishingly, two thirds of this is specifically defined as cyber-crime because it all happens online.  It seems extraordinary that since the advent of the public Internet in 1994 it has taken the ONS more than 22 years to start to collect data about cyber-crime, although as it turns out this is the most prevalent sort of crime.  One can only wonder how much this tardy state of affairs came about due to pressure from the police and government to deliberately keep crime figures low, and how much was an ONS cock-up?  I always tend to reckon it’s a cock-up by default rather than conspiracy but in this case we will probably never know the real reason.  Unquestionably some senior figures at the ONS should be interrogated by Parliament and forced to account for their incompetence.  I would also question the narrow ONS definition of cyber-crime as it doesn’t include for, example, harassment, extortion or even rape via online dating.  What is shockingly clear from the crime survey is that a lot people are so embarrassed about being caught out that only 13.2% of crimes get reported.  These figures are not broken down to provide data specifically about mobile devices although I would expect around half of these incidents are related to using smartphones.  Today in Britain more than half all online shopping transactions are made using a mobile device, mostly smartphones. And that amounts to an awful lot of credit card details on insecure Android devices - because they account for the majority of mobile devices. If you have a technical turn of mind you can appreciate how alarmingly vulnerable Android is to exploitation.  So it’s hardly surprising that the great majority of smartphone malware is targeted at Android smartphones.  As the source code is open to anybody to download, it’s so much easier to break.   And the fact that such vulnerable Android devices are allowed to continue to exist is testament to Google’s powerful lobbying of the government and also the influence of the phone manufacturers which make the devices.  To be fair to Google, as they do release regular updates and security fixes for Android, as I have already said, the problem really lies with smartphone manufacturers who have to tweak Android to work on their devices.  Regulation should force Google to make device manufacturers provide security updates for all versions of Android.  (This is a key area of advantage for Apple’s iPhone because the company has a tight control over its own hardware and software.  Although if you are using an iPhone 4 circa 2010 or anything older then you too are using an insecure device.)  The Android device manufacturers have cynically seized any lack of regulation as an opportunity to push the sales of new smartphones.  They simply refuse to update devices more than 18 months old.  Perhaps I’m being unduly suspicious but it’s interesting to note that in a non-monopolistic situation all the companies involved seem to have reached the same decision about their update policies.  There must be some unwritten agreement involved, as one would normally expect to see some variation in update policies between companies.  So much for a free market!   On a personal note, my wife and I each have an 18 month old Motorola Moto G, splendid little phones.   Like many other people, we specifically chose to buy these because of the excellent features and for easy updating and, while Google owned the company, all was well.  But once Motorola was sold to the Chinese company, Lenovo, the policy changed.  Although our phones are obviously capable of being updated to the latest version of Android, the company refuses to update them.   We are not alone, we joined over 135,000 others to send a petition to Motorola/Lenovo but the company was intractable. If most consumers really understood the security issues, much more of a fuss would be made.  I think it’s a problem resulting from the general population’s low level of computer literacy on one side and the power of multi-national technology companies on the other. As people interested in the environment and renewable technology, we are well aware of the effects, through forced obsolescence, that millions of smartphones being turned into landfill has on the environment.  If you want some details on the toxic waste from dumped smartphones, read this link.  Without regulation, companies like Motorola/Lenovo, Samsung, Sony, Asus etc. etc., will never provide security updates for other than their most recently sold smartphones because they are only intent on selling more, and not providing any kind of after-sales service.  And they clearly don’t give a fig about the planet.  You can see which companies are particularly bad about security by checking out this website that tracks smartphone manufacturers’ Android security efforts. Updating security for smartphones costs money, but an insignificant fraction compared to the profits made by selling billions of phones using the free operating system.  The manufacturers obviously have to pay for their software developers to tweak Google security fixes to fit their older models but it’s tax deductible, and they have to continually do these tweaks anyway for the brand new models.   Tweaking security fixes may be a bit of a pain as under-the-hood Android is a mess because it was developed using established American software methods, thrown together fast in response to Apple’s iPhone, but it’s not that onerous.  I think it quite reasonable to expect security fixes and system updates (if the hardware is capable) for the expected life of the device (say 10 years).  This is what generally happens with laptop or desktop computers running Microsoft Windows.  Microsoft understands that computer operating systems need to last around a decade and that security fixes remain a necessary on-going operation/service for the period.  That’s because a lot of Microsoft’s software is used in corporate or government environments where security is considered important.  It’s amazing to think that nowadays the majority of all those insecure Android smartphones can access corporate data networks.  As cyber-security becomes a big issue for every company I expect them to come to the sudden realisation that Android devices are a source of major vulnerability for them.  Now that security is such an important issue, all mobile computer devices such as smartphones should be held to the same exacting computing standards as Microsoft Windows, as the majority of computing now takes place on smartphones and tablet computers using Android.  According to research company IDC, Android accounts for almost 87 per cent of all global smartphone shipments. So what can you do if, like the majority of people, you are using an insecure Android device?  Our 18-month old Android smartphones are insecure so the first rule is that we categorically refuse to use these pocket computers for mobile banking or buying things online, and obviously never while using public Wi-Fi, even though our bank has created a supposedly secure app.  The second prudent rule is to use the best possible anti-virus software for Android that there is.  I’ve been following the successful progress of the Russian cyber security company, Kaspersky Lab, which was responsible for detecting Stuxnet.  They’re a clever lot.  Kaspersky has developed an impressive software product which, while it doesn’t make the Android operating system itself more secure, is the next best thing.  It protects the device from known malware exploiting vulnerabilities in older versions of Android.  The database of malware is continuously updated and includes the detection of dangerous files like Autorooting which use the latest devious software techniques to take control of any Android device.  We pay a £20 (Amazon) annual fee to Kaspersky Lab to protect up to five devices, so both our computers are covered, as well as our phones so they remain smart.  It’s a pity such tactics are necessary to remain secure, but we have to be on our guard until existing Android devices are properly updated.  Google used to have a corporate slogan “do no evil.”  Creating and then allowing a market of over one billion insecure devices to flourish seems pretty devilish to me. January 2017 
Click to return to page Click here to download the PowerPoint chart: Click here to download the PowerPoint chart: