Google Cuts Android Security Updates, Apple iCloud Wants Your Biometrics – Mobile Security Weekly
This week’s edition focuses on one main story that is rapidly turning into a bit of a nightmare for Google. Thanks to the elevated awareness of security researchers and bloggers, Google’s controversial policies regarding users of older versions of Android are being brought to light.
Google Cuts Security Fixes for Older Android Versions
Google this week revealed that it will be cutting back on security updates for older versions of Android, leaving millions of existing users vulnerable to a growing number of attacks. Around 60% of Android’s existing user base is on Jelly Bean (version 4.3) or older.
The issue surfaced after researchers reported vulnerabilities in the WebView component of Jelly Bean to Google. WebView is used by Android to display web pages. Google’s reply to these researchers was that it had no plans for a fix since the issue doesn’t affect Android 4.4 or later.
http://www.engadget.com/2015/01/14/google-security-bug-billion-android-phones/
Why this is Significant?
This issue again highlights just how problematic Android fragmentation is from a security perspective, and how many millions of devices are actually vulnerable. Solving this issue for later versions of Android was part of an overall change in OS architecture, leaving Google’s hands somewhat tied regarding its ability to release fixes for older versions. Google says it welcomes 3rd party security patches, but in this case many people are calling for an exception. Stay tuned…
Apple Wants to Store Biometric Data on iCloud
Apple has plans to sync iOS Touch ID data with other mobile devices as well as point-of-sale systems via iCloud. The company suggests that individual Touch ID setup may be “cumbersome for users in some instances, such as when multiple fingerprints, users and/or devices are used.”
Though just at patent stage at the moment, this may be closer than we think. There are many different ways this could be implemented, but the end result is similar. Instead of just being stored on a single device, users will verify their fingerprints opposite a “baseline” print stored online, regardless of the device being used.
http://www.cnet.com/news/apple-eyes-way-to-sync-your-touch-id-data-in-the-cloud/
Why is this Significant?
There are almost too many security issues here to mention! Even if iCloud had a better track record than it does (just ask Jennifer Lawrence), the encryption and storage security solutions would have to be much better than what is being used today. With biometrics being implemented in many enterprises, if Apple does choose to go down this path, securing mobile devices will become that much more critical.