"Another change to the Android permission system is that every app automatically gets access to the Internet now, and users have no way of turning this off."
google still does not get the fact that some apps do not need, and should not be able to transmit or receive data from the network. We still need root and install AFWall+ to secure our phones.
So many apps would require internet that users would become desensitized to the permissions box and just say "yes" every time the box comes up without even reading it maybe?
That will happen anyway - see iOS where users nearly always accept permissions, or Windows where users just click OK.
It's not the frequency or importance of popups. Users simply don't read them. From watching users, the users who don't read them usually have an image in their minds of what they're trying to accomplish and an image of the screens they need to go through to get there. Any popup or notification screen is instantly dismissed so that they can see the screen behind and try work out if it's where they expect to be. It's maybe 25% of users who do this, but they do it constantly regardless of what the popup is.
Allowing Internet permissions by default is one thing, not providing a way for the so inclined to disallow them is another. I think most people would have no problem if this was just a changeable default.
The problem now is, if some app requests access to my contacts, it will not only gain access to them but also the ability to upload them to some shady service.
This alone is the reason I will not use Android 6 before they either change this or there is a good firewall available (and I am able to root my device)
I wrote a mental note that that when I have to start thinking in this manor and tread carefully in a minefield then the technology does not serve me any more and I don't want it.
>google still does not get the fact that some apps do not need
I think that Google is way aware of the situation.
The problem is that most apps need internet access in order to work. A permission that most of the apps will have to ask for is useless because the casual user will just be trained to accept it in all cases.
AFAIK, that's how iOS handles network access as well.
Permissions are here to safeguard the access to your personal data, that's it.
Yet another case where gateway firewalls can give you back some of the privacy that these companies attempt to wrench away from you.
PfSense is a free gateway firewall but the UI left much to be desired last I checked.
Another option is the Sophos UTM, which has a firewall, web filter, and VPN server built into one.
Gateway protections are your last resort when it comes to protecting yourself from shady behavior like this.
gateways don't help when you're a mobile user. which is why I have little snitch on my mac... I'm not _always_ going to be using my laptop at home- and that's increasingly true for my mobile phone which is almost never left home.
You've missed the entire original point. It doesn't matter that you're tunneling traffic through some non-local endpoint, the point is that the traffic shouldn't leave your device by default.
Using your gateway is what you do when you lose the ability to apply restrictions on your phone. And since this thread is in response to recent changes in android that remove users ability to control the apps on their phone I thought that was implied.
Of course its ideal to not send the packets and waste the battery at all but when that's not an option, I'd rather use a firewall to block the traffic rather then just let it through, regardless of the hit to the battery due to it constantly retrying the blocked connection.
i still have one question in a forum about why Android browser's ignore etc/hosts, and every now and then (question is 6 years old) people comment how shocked they are to discover that is the case (still!)
No you don't. How would you filter traffic based on apps on the vpn side?
Or feature? I'd love a firewall rule that could block any traffic that contains my contact list. Wouldn't be possible even if the traffic wasn't encrypted...
Sure you could - have a contact on your phone called something like 000-alarm and filter any requests containing that string. Its not foolproof, but it certainly isn't impossible.
Maybe scatter a few of these contacts through the alphabet to catch apps sending in batches.
That doesn't help if they are encrypting the data before sending it.
As responsible developers they wouldn't want to send your entire address book across the wire in the clear, would they? Why, someone could easily listen in and then you would have no privacy! /sarcasm.
The menu items were not grouped logically, eg in order to change something in one feature I had to browse through every single config page in order to find the related options. It was possible to do, and PFSense Support was phenomenal (by chance the co-founder answered the phone when we called Support), but the UI left much to be desired.
Compared to my experiences with the Sophos UTM, it's downright painful. With the UTM the UI elements of every part of a service are grouped together, and are duplicated in sections where it's intuitive to do so. Eg Certificate Management can be found in multiple places in the UTM but all things related to the web filter are in one place, all things related to routing are in one place, et al.
I wholeheartedly agree. I'm sure the GUI works great for anyone used to it but it really is not logical, I simply can not count the times or frustrations I've had, going through each menu reading each item just to find that darn feature I was after.
Luckily they are redesigning the GUI for the next version, I'm hopeful that they will rearrange it as well (even though that will obviously be awkward for everyone already familiar with it) but I don't know, haven't paid attention to the development.
Case in point: Reboot, shutdown and Backup/Restore ought to be under the "System" menu, right? Nope. It's under Diagnostics, which is a large alphabetically sorted list (not by functionality or anything else, so if you are unsure of which term was used, well, you're better off consulting google).
Thank you for highlighting that they are redesigning the UI.
I much prefer to support PFSense because they seem more supportive of their community, I will be looking forward to trying out their new UI when its out!
How is it evil? You do know you can not like a change without that change being evil, right?
The internet permission was never accurate. Malicious apps had plenty of ways to get data off of the phone. The INTERNET permission was promising something that was not enforced. Something about it had to change, and seeing as connectivity is heavily assumed and ingrained into everything it makes sense to just nuke the false permission.
Practically speaking the main users that want INTERNET to be a permission and to revoke it are people that want to block ads. That's a moral grey area at best, so making that harder is far from "evil".
>Practically speaking the main users that want INTERNET to be a permission and to revoke it are people that want to block ads. That's a moral grey area at best, so making that harder is far from "evil".
I'm not sure where the grey area is here. I am not under any moral compulsion to make requests on a network just because an app developer wants me to. Building structures to force me to make those requests is definitely leaning into evil.
In fact, it's the last straw for me, personally. I'm back to iOS and the "evil" walled garden that respects my rights as a network user.
> Android is far, far behind the competition when it comes to device security.
No, it's not. Carriers and OEMs that have picked up AOSP and bloated it needlessly are the ones who are behind. You wouldn't blame Linus Torvalds for all the computers out there running outdated kernels, or for anybody still using git 1.x.
The difference is that downstream companies have decided that since the have the source, they might as well add a year of dev work on top of Android to "improve" it. If they had these options for Windows or iOS, I'm pretty sure they would do so (ever bought a new windows laptop with no crapware?) and bring security updates for those devices to a grinding halt.
These phones boot up with 'Android by Google' and come with the Google Play Store. Google blesses these phones and is aware of them. Ultimately, they're the ones allowing manufacturers and carriers to add on and slow down/stop the update release cycle.
I know it's not a straight comparison, but Apple managed to wrangle the carriers into not making this a problem. Why can't Google?
Here, I think it's the multiple layers of people with their hands in the source code.
Just because Google and OEM X have some agreement doesn't mean that Carrier Y trusts OEM X not to muck up their network (or their bloatware). So carriers end up adding their own drawn-out testing process for their own reasons, probably including time to update their carrier bloatware.
I should point out as evidence that I use a major carrier and run a Nexus phone, and I have no issues whatsoever getting Google updates, security or otherwise. I expect to have Android Marshmallow on my handset by the end of the week.
If you recall the history of Android, Google had to make concessions with regards to control of the operating system to the carriers and other partners. So now years down the line we're dealing with the repercussions of their compromise.
On a laptop, I can trivially install a new OS on it, right from the OS vendor.
On Android, the vendor needs to build the OS for me. Even with AOSP that's true, the Android driver model basically means modifying Android. Vendors are generally doing a good job of upstreaming kernel drivers, but Android has this whole awful userspace driver stack as well. You'd think at least one benefit you'd get from the Android HAL is pluggable drivers, but sadly no.
> On a laptop, I can trivially install a new OS on it, right from the OS vendor.
What rot. Driver problems are not exclusive to phones, nor are custom terrible drivers. This is a problem that exists throughout the spectrum of products.
My android device cost me $100 three years ago and it's on a relatively recent version of Android.
I'm not expecting Marshmallow to roll out to my device at all, and nobody that I know who use cheap android device does.
Honestly, the features of the OS are not worth upgrading. The only thing that suffer is my gaming abilities. I can't play the most recent games on it... I guess. I don't game on my device.
Average Android user don't care if they are not cutting edge. They would be using Apple product if they cared about that at all. The only exception are those users that purchase the high-end products. Those will gladly trade their phones to stay up to date, they are the ones in the statistics that keep up with the latest versions. The average user are using Android because it's "the cheap smartphone".
I will move up the chain if main features start to break. So far, browsers, social media networks and all those things have been backward compatible. When they won't, I'll trade in my phone, pay $50 and get another low budget Android phone.
I interpreted the statement as being more about the ability to get bug fixes and security patches on these devices than it is about getting access to new features. Right?
I assume your rationale in blocking Android / Windows 10 devices is to only allow secure devices on your network.
But if all the other devices are secure, then what is the harm in allowing an insecure device onto the network?
I suppose they could become host an exit node or seed an illegal torrent or something, but you (personally) have indemnity as an impartial carrier in that case, right?
I'd also suggest looking into a segregated guest network.
I think you've lost sight of the context of the comment you're responding to.
A billion non-geek, non-HN, non-ArsTechnica device owners are not going to re-flash their phones with a custom ROM. Those consumers will have to get Android updates as a seamless upgrade from their phone carrier, or not at all.
In other words, the "I can't wait for this one to be solved" was not a personal plea for help but instead, a commentary on the old software the 1 billion consumers are stuck with.
Too late. This would fracture Android's identity. As the networks currently pay a subsidy they're effectively Android's customers, at least in part. They like the bloatware.
The device manufacturers are able to embed their brand's identity into the device. They're members of OHA and they like "needless recreated basic features."
> As the networks currently pay a subsidy they're effectively Android's customers, at least in part
The networks have nothing to say in this in 90% of the world. They're not phone-vendor's customers. They merely want the latest data-gulping phones on their network so they can charge their real customers (people like you and me, which are also the phone-vendor's customers) money for consuming bandwidth.
I get that things are messed up in the US, but don't generalize this to the rest of the world.
Most networks and cellphone operators around the world sell generic phones, with unmodified software, unlockable bootloaders and carrier-provided SIM cards.
And for those phones, which you will find in big parts of the world, having Google responsible for software-updates would work just fine.
Well, the solution to that would be for Google to require device manufacturers to make it possible for Google itself or other parties to release software for devices.
That means forcing the manufacturers to release the source of any component not behind a stable ABI, and release at least the binaries of any component behind them such as apps (with a suitable license).
They have two ways of doing this:
1. Make it a condition for bundling Google Apps
2. Relicense Android with GPLv3
The phone manufacturers aren't really in a position to negotiate (can't lose apps), so they should go along.
Once this is done, they can just have the Play Store offer or even require updates to the OS.
Not sure what Google gains from not doing this, it seems they are just gifting users to Apple.
I really don't think most of those billion people care. If it works, it works. I still have a backup Droid with 2.3.4 that just keeps working. It doesn't need Marshmallow, nor JB, nor even ICS...
In my experience, many of those don't care if they get the absolute latest version. And I can't blame them as many of the "improved" versions tend to come with battery and performance impacts for older devices.
I do wish the vendors would keep up with security fixes, though. That's the real problem with Android updating, IMO.
Interesting tidbit, you'll probably lose the ability to use Android Pay. A lot of people are having problems due to the enhanced security model. On XDA, in the Nexus 5 General section, a thread was deleted that even had an Android engineer posting unofficially that the enhanced checks are at the behest of the card companies. The new system actually stores an encrypted version of all of your card details, and among other things they check are for root, custom builds, etc.
Interesting how deeply integrated Google services are becoming in Android. With Android at something like an 80% marketshare, I wonder if and when they'll get hit with an anti trust action a la Microsoft in the early aughts. MS got in hot water for bundling IE with Windows, but here we have Google basically making the entire OS default to Google services for device-wide basics: voice recognition goes through Google by default, Google-branded search is the default on your home screen, etc. etc. (At least on Nexus devices and in OS images; I haven't used anything else.)
Curious as to how they're getting away with it. Maybe because it's open-source, so someone could replace the default if they worked hard enough? On the other hand, in the MS anti trust days it wasn't hard to choose a different default browser--and it was certainly easier than changing source code.
I don't think it is baked into the OS.
For exemple, Now on Tap in AOSP is just an 'Assist API' .
Any app can implement this system callback in order to enrich an Assist call and any developer can create an alternative to Now on Tap that will get the exact same data from the device.
AFAIK, All the Google branded apps & Services are part of Play Services. Nothing prevents you doing what Amazon is doing and create a device from AOSP, don't include AOSP and replace it with your own services.
IANAL, but it seems that the focus is on the fact that Play Services comes with a full suite of apps.
There was an article recently suggesting that they're being investigated for exactly what you describe (by EU officials, I believe).
I don't mind Google's bundling as much because you can still use Android without it. Old versions of Windows and current versions of iOS are irritating because can't remove those default apps. They're just always there, and sometimes you can't even replace them with alternatives.
Maybe; but on a Nexus at least, you can't delete a lot of the basic Google services. For example you can "disable" Google Wallet (or whatever it's called now), but you can't "delete it permanently". It'll always be in your settings page, waiting to be reactivated. It's the same deal with things like Google Music.
In the MS anti trust days, you couldn't delete IE either. But you could use Firefox instead, and just pretend like IE wasn't there. Android seems like that kind of situation to me--you can't delete the Google defaults, but in a deep, dark advanced menu you can disable them at best, after a scary warning. In other words, you can use alternatives to Google apps, but you have to pretend like the defaults aren't there--but they always are.
There's also something weird going on with disabling - it's probably just an obnoxious bug but I've had hangouts disabled for at least a year on my Nexus 5 and I get "unfortunately hangouts has crashed" at least daily.
I just flashed Marshmallow on my Nexus 5, and the setup process was embarrassingly buggy: On each text input screen, the text field was offscreen, covered by the keyboard. Meanwhile, there was a big blue box taking up all the visible screen that served no purpose aside from providing some negative space for the title when the keyboard was closed. There was also a grey margin on the left and right of the whole layout that looked like another display bug.
I would have taken a screenshot, but since the phone wasn't setup yet, I didn't think it would work.
I thought I should try landscape orientation to make it recalculate the layout, but I couldn't scroll at all in landscape. The screen reflowed correctly, but the page was unusable in that orientation.
I know that setting up a new device is not a common experience, but I'd hope Google would have better QA in place for a major release like this. Then again, having spent over a decade using Google products, I should know better than to presume anything about their QA process.
I just unlocked the screen after leaving it on my desk for a while, and it unlocked to the setup screen (even though that's been finished for hours). I hit Back (hoping to snag a screenshot of the broken page) and the setup app closed, dropping me into the Google Now Launcher.
With both iOS and Android both going to white backgrounds I've got (seemingly) no where else to turn. These devices are really hard to use at night, and I despise them every time I use them after 7pm or so and have to squint.
Who decided that the world shall enforce white backgrounds for everything, while eliminating user control? Even Windows 3.1 had themes.
There's another ios accessibility setting that inverts video on the whole screen, which is surprisingly good for dark settings. I don't want the blinding white background to be dimmer, I want it not to use a white background in the first place.
Actually the Cyanogenmod port of Android has a feature called LiveDisplay which works like RedShift/f.lux. It makes the display warmer at night. Very cool feature and can't believe every phone doesn't have it...
I always have a small amusement when I have to take a picture with the camera covered to get an image I can use as my background. Easy enough to do. Embarrassing that I have to.
On iOS you can enable the revert-colors option (three taps of the home button). This is what my wife does on her iPad at night and it works pretty well for reading.
Yeah, and actually Windows 10 Mobile feels even blacker than before.
I think that's because the fonts have become smaller and all the vector graphics now use a very thin stroke style, so there's less lighted pixels against the black background.
There are tools that can adjust screen colors and brightness automatically on rooted devices (e.g. I believe Twilight is one for Android; F.lux is available for most other platforms).
Uniformly white background is convenient on iOS as it has an invert color mode. Not the best but it works. Until you switch to an application with a normally dark background and then you lose all vision, that's inconvenient.
Lollipop and later have auto brightness. Make sure that's enabled, and just adjust the brightness when it's too bright or dim. It seems to remember your setting for a given approximate light level.
Having grown up with screens that never seemed bright enough, it's funny to me that in 2015 I'd be far more interested in one whose backlight is able to go particularly low.
All the ones I've seen are different to f.lux. They seem to be additive - black becomes lighter, rather than just decreasing the blue percentage. I'd assumed it's a limitation of the filter API.
> As a side note, it's important to know the difference in Android between "targeting" an SDK and what that has to do with the minimum supported Android version an app will run on. The short answer is nothing. If an app targets the Marshmallow SDK, it doesn't mean it will only run on Marshmallow, it means that the app is aware of the new features and can use them. Apps have a "target SDK version" and a "min SDK version"—basically the newest and oldest Android versions that an app supports. Any competent app will gracefully degrade on older Android versions.
The amount of technical insight and accuracy in a this review does actually impress me.
I believe stuff like this not to be common knowledge even among a more technical crowd like HN, yet there it is in a geek/consumer-oriented OS review.
Does anyone know how to make all pages appear on a single list? It kind of hurts to have to click through 12 separate pages to get through the whole review.
That's one of the features Ars offers to premium subscribers: http://arstechnica.com/subscriptions/ , so I don't think there is a supported way. There are Chrome/Safari extensions out there for "single-pagifying" articles though.
The new midi support is a pretty big deal I would think that given that midi has lower audio latency than screen input having system level support for midi most likely means pretty low latency for midi synths.
Anecdotal, but at least M preview 3 on my Nexus 6 is much worse. Hangs for a second some places, etc.. I'm a developer so I had to install it to test the new permission system in my apps, but I wouldn't recommend it to anyone. They also broke most of the mock location provider apps out there by changing that developer setting for no reason.
The number of settings in general seems much less (I'd kill for a setting to disable that immersion mode that hides my back/home button, personally, but no luck) so I think they are going full steam toward Apple style, they know what is best for you.
I'm a little concerned by "app standby". What is it going to do to apps like wheresmydroid, which the user wants to always be running in the background, but only interacts with them very occasionally?
They specifically address this in the text of the review several times. It's more like a snapshot of the current state of Android for people who haven't been using it.
Let's go even more leaner - 4.1.2 Jelly Bean, smoother then ICS and without cloud collection services like Now and Google Play Services. That was the last pure AOSP Android as we grew to like it.
If you were asking something else about SD cards, then you probably want to check this part of the review: http://arstechnica.com/gadgets/2015/10/android-6-0-marshmall... (which would have been found if you'd searched for "sd card", it's in the table of contents)
Since 4.4 apps could only write to "their own folder" on sd card. A "SECURITY" measure (only android and some retailer like samsung file manager had full access). Making sd card close to useless without root for some people (want to change tags on your mp3? Move to tag changing app folder, change tags, move back).
And no, I have not read article yet, will do later. Was expecting tl;dr ansver to my question.
I'm pretty sure I've had file managers for a long time, but I certainly have one installed now that can move files around on the SD card on android 5.1
> Was expecting tl;dr ansver to my question.
Seemed rather odd to spend the time writing out the question and reply compared to just doing a quick search.
Could you be kind enough to give me name of rhat file manager? Pm it or something if there are rules against advertisement. (Also I do hope you are not rooted...) So far these that moves files on sd card since 4.4 used their own folder as "sd card".
So, should I interpret your lack of answer to my last question as "oh dang, my file manager is actually part of rom used by company name, and from kitkat you really can't edit sd card contents from apps" ?
You now can. One of the features is the ability to transparently use an SD card as an extension of your internal storage.
Personally that single feature makes this a worthwhile upgrade, it seems I'm endlessly managing storage on my 8GB of internal storage despite having a 64GB SD card which has barely been touched.
Can you even disable Now on Tap while having Google Now enabled? (as a user)
The who should not be enabled together. One is about giving your Google services' data to Google and the other is about giving all of your other data to Google as well.
I can't wait until real privacy laws arrive in the EU.
" The assistant app only gets data about the current view if the user long-presses on the home button—it's not a passive scanner.
If all of this sounds like a privacy nightmare, the assistant feature can be turned off in the settings. Head to Settings -> Apps -> Configure Apps (the gear button) -> Default Apps -> Assist and Voice Input and turn off everything. Here, users can also set which app has access to the Assist API (there can only be one) and pick between sending the app text-only or text and a screenshot."
Now on Tap performs a Google Search or brings up a Google Now card by using the context of the current screen. Just hold down on the home button and a card will pop up related to the current screen. If the main screen displays a YouTube video of a famous actor, you'll get more information about that person.
To make this work, holding down the home button allows Google to "read" the screen by combing through the Android text fields and view hierarchy, sending Google that text plus a screenshot. This will work not only in Google apps and in the browser but in third-party apps too, as long as they use the standard Android framework bits. Apps can be data providers for the feature, too; for instance, in the famous actor example above, the IMDB app could provide a link into the app to display the actor's filmography.
I know, I'm old, but every time some "feature" like this pops up somewhere, I still can't believe that people don't mind using it.
google still does not get the fact that some apps do not need, and should not be able to transmit or receive data from the network. We still need root and install AFWall+ to secure our phones.