[Photo Credit: Terence Eden blog]
Last week, Apple and its iOS were hung out to dry again for a second passcode bug in iOS6.1 that allows a hacker to dial the emergency call button on the passcode lock screen and bypass the passcode security via the phone app (which displays your contacts, addresses of contacts, and so on). If someone connects your iPhone to iTunes, they can download your entire content library stored. In other words, the emergency call button leads to an emergency of hacked data if your iPhone finds its way into the wrong hands. I wrote an article on this point some time ago (“Second Passcode Bug in iOS6.1 Makes You Distrust Apple”) and made the statement that iOS, like Android, has its Internet security problems.
Android has had its share of malware issues, but Samsung has recently introduced its Knox software to ensure a safe, virtual business environment for business professionals. Just this past week or so ago, Motorola introduced its Assisted Mobile Environment (AME) 2000, a smartphone that provides two layers of encryption and government-style Internet protection. While these phones will run you anywhere from 2-2.5 times the price of an unlocked smartphone (said a Motorola executive), and range somewhere in the ballpark of $2000, it is my hope that stronger protection be provided for current Android consumers — not just businesses.
Today’s Android Internet security loophole singles out Galaxy Note 2 users. The problem concerns the use of the “Emergency call” button available on the lock screen (in Android 4.1.2) that can be used to open an app (only momentarily) from the lock screen. Once a person presses the emergency call on the lock screen, he or she can simply press an icon on the main screen and launch the app quickly before the lock screen kicks in again. The app does not work as well if you launch the Google Play Store or a game app, but it did the trick with a direct call. Direct call, for those who may not know, is an Android widget that allows you to press one icon and dial the person you want to get in touch with. Some people think that the direct call widget is pointless; after all, how hard is it to call someone? At the same time, the widget saves you the time of going into the phone app, searching for the contact (whose name may be at the bottom of the list), and then pressing the contact name, followed by the phone symbol under the contact name. In other words, the direct call widget saves time and frustration.
As for the security flaw, it is a minor one when compared to that of the iOS6.1 passcode bug. After all, the iOS passcode bug allows you to bypass the need to enter the passcode (while on the passcode screen) and make your way into the phone app, where you have access to not only apps on the main screen, but even your contacts. With the Galaxy Note 2 flaw, you only have momentary access to an app or contact (if you have direct call contacts on your main screen). If you do not, then the minor flaw does not pose much of a threat.
There is one thing to point out about the video (see Alex Dobie’s “Minor Galaxy Note 2 Security Loophole Could Lead to momentary lock screen bypass”): it did not show how a hacker could bypass the lock screen and access your contact lists and addresses. It simply showed how someone can place a call to an individual assigned to your direct call widget. The Samsung emergency call flaw, while the word “flaw” convinces readers that the problem is major, does not allow access to your phone’s contact list and does not show you how a hacker can get past your phone’s “face detection” to access it. This flaw is meant to be shown for those who leave their phones on a table with a simple “swipe” to unlock motion. After one second, the lock screen is activated again and the individual cannot access your phone for a large amount of time.
In this regard, the Android security for Samsung’s Galaxy line (including the Note) is far more secure than that of iOS. It has been said that the iOS system is closed and is more attractive to hacking into than Android’s open system, but this is not the case. The truth about the appeal of Apple’s iOS is found in the fact that an individual can download a jailbreak program and jailbreak an iPhone or iPod Touch in five minutes or less. In contrast, to hack into the Android system, one needs to have some skills with Linux computer programming — a skill that, I must say, is not easy to acquire. With all the “Android has malware” and “it’s easy to hack into Android stories” that circulate around the Internet on a daily basis, the idea that hacking into Android is easy is simply not true. If you think I have no clue what I’m talking about, sit and watch an Android video on how to root your Android smartphone or tablet. You will find it to be the most convoluted process; it is certainly not half as easy as downloading an iOS jailbreak.
Android is also harder to hack for another reason: those who root their Android smartphones or tablets must use a Linux-based computer system, and only Windows computers have Linux. Most Android users do not have Windows computers and choose to purchase others, so the chances of hacking into their own Android device is small. Last but never least, Android users have so many customizations on their smartphones without jailbreaking that they simply see no need to add to the overwhelming number of customizations that they already have (I love those Android widgets!); unlike iOS users, then, device hacking holds little to no appeal for most Android users. There are some who try it, but they are a lot fewer in number than iOS jailbreakers. Downloading a five-minute file and clicking “jailbreak” to complete the process is a lot easier than performing 15 steps involving files, while “enter this,” “restart this,” “go into this section, click on this, then type this into the blank” requires a lot more work (I’d say at least 30 minutes longer than jailbreaking an iOS device — and this is an optimum time for the person who learns quickly!).
With that said, Samsung is aware of its security loopholes and is trying to ease the minds of consumers. I like that; at the same time, however, Android can recognize its need to improve while also applauding the fact that rooting on Linux is far more difficult than jailbreaking on iOS. Before you criticize me, I dare you to jailbreak on the Linux system. It may be an “open” system, but rooting it will prove harder than it looks.