SN-844 - The absence of Android zero-day flaws

  • SpinRite v6.1 Release #3
    Guest:
    The 3rd release of SpinRite v6.1 is published and may be obtained by all SpinRite v6.0 owners at the SpinRite v6.1 Pre-Release page. (SpinRite will shortly be officially updated to v6.1 so this page will be renamed.) The primary new feature, and the reason for this release, was the discovery of memory problems in some systems that were affecting SpinRite's operation. So SpinRite now incorporates a built-in test of the system's memory. For the full story, please see this page in the "Pre-Release Announcements & Feedback" forum.
    /Steve.
  • Be sure to checkout “Tips & Tricks”
    Dear Guest Visitor → Once you register and log-in please checkout the “Tips & Tricks” page for some very handy tips!

    /Steve.
  • BootAble – FreeDOS boot testing freeware

    To obtain direct, low-level access to a system's mass storage drives, SpinRite runs under a GRC-customized version of FreeDOS which has been modified to add compatibility with all file systems. In order to run SpinRite it must first be possible to boot FreeDOS.

    GRC's “BootAble” freeware allows anyone to easily create BIOS-bootable media in order to workout and confirm the details of getting a machine to boot FreeDOS through a BIOS. Once the means of doing that has been determined, the media created by SpinRite can be booted and run in the same way.

    The participants here, who have taken the time to share their knowledge and experience, their successes and some frustrations with booting their computers into FreeDOS, have created a valuable knowledgebase which will benefit everyone who follows.

    You may click on the image to the right to obtain your own copy of BootAble. Then use the knowledge and experience documented here to boot your computer(s) into FreeDOS. And please do not hesitate to ask questions – nowhere else can better answers be found.

    (You may permanently close this reminder with the 'X' in the upper right.)

Lob

What could possibly go wrong?
Nov 7, 2020
161
44
From SN-844, we have @Steve summarising the following about Android:

After counting last Tuesdays latest addition, Android has only needed to address a total of 6 0-days this year

I am going to go out on a limb to try to quantify some reasons why Android is seemingly fairing well in this area....
  • Fragmentation in the Android ecosystem means that not all flaws impact all devices and thus make the exploits less worthwhile attempting to exploit
  • There is less wealth per Android user, in perception at least (it seems certainly the on-device upsell is greater: https://www.androidauthority.com/ne...n-in-app-purchases-than-android-users-700983/)
  • Open source software has more eyes on it than closed source and has been widely assessed before zero-day flaws result
  • It's challenger, the iPhone, is seen as more prestigious and thus the targets for criminals (and states, think NSO Pegasus) lead to more trying to attack iOS than Android
It's almost like iOS is the "Windows of the mobile world" in this context with everyone pointing their canons at it.

Do you think this could be the case? Or am I speculating wildly?
 
That's a good list. I would also speculate that lines of code and extent of services provided are factors. I have no hard statistics but I would speculate that Windows has at least double the lines of code of iOS, and that IOS has more than Android. The larger number equates to bigger target and more possibility for vulnerabilities.
 
With point 1, I think fragmentation makes the scope of the impact small if the 0-day is for a driver, so if it requires a flaw in a radio driver, it might only be devices using the same chipset or chipset family. Aside from Pixel devices, most Android 0-days reported on SN are going to be for OS level stuff only. Kinda like fragmentation on Windows could be a Intel vs AMD on the processor level. If anything, the fragmentation allows for more successful attacks on Android.

Point 2 and 4 are the same thing, so attacks wanting to get money out of the victims will target iOS users more often and leave Android alone. For any reason outside of money, iOS and Android can be on the same level.

Point 3 is moot, and it doesn't help that the drivers for most Android devices are closed source anyway.

The main reason, iOS just has more users, like Windows has more users in the desktop space.
 
With point 1, I think fragmentation makes the scope of the impact small if the 0-day is for a driver, so if it requires a flaw in a radio driver, it might only be devices using the same chipset or chipset family. Aside from Pixel devices, most Android 0-days reported on SN are going to be for OS level stuff only. Kinda like fragmentation on Windows could be a Intel vs AMD on the processor level. If anything, the fragmentation allows for more successful attacks on Android.

Point 2 and 4 are the same thing, so attacks wanting to get money out of the victims will target iOS users more often and leave Android alone. For any reason outside of money, iOS and Android can be on the same level.

Point 3 is moot, and it doesn't help that the drivers for most Android devices are closed source anyway.

The main reason, iOS just has more users, like Windows has more users in the desktop space.

I disagree with your last point. This might be the case in the US (as discussed here) but worldwide, Android has a much higher market share compared to iOS (according to Statcounter ≈71% vs ≈28%).
 

more Android active than iOS

My 4th point was that the heads of state and other PEPs targeted by those using the NSO software likely do have iPhones over Android......it's not about the net spend per user per say but rather who Pegasus might be galloping after :)
 
I'd wager that Apple believes too strongly in its own marketing abilities around security. They seem to believe very strongly in security by obscurity and also actively try to hide any flaws and wall paper them over whenever possible. This means people make a lot more noise when an attack is found, because it seems more devastating.