Want to Avoid Malware on Your Android Phone? Try the F-Droid App Store

In the early days of Android, co-founder Andy Rubin set the stage for the fledgling mobile operating system. Android’s mission was to create smarter mobile devices, ones that were more aware of their owner’s behavior and location.“If people are smart,” Rubin told Business Week in 2003, “that information starts getting aggregated into consumer products.” A decade and a half later, that goal has become a reality: Android-powered gadgets are in the hands of billions and are loaded with software shipped by Google, the world’s largest ad broker.

WIRED OPINION

ABOUT

Sean O’Brien and Michael Kwet are visiting fellows at Privacy Lab (@YalePrivacyLab), an initiative of the Information Society Project at Yale Law School. Contact them securely.

Our work at Yale Privacy Lab, made possible by Exodus Privacy’s app scanning software, revealed a huge problem with the Android app ecosystem. Google Play is filled with hidden trackers that siphon a smörgåsbord of data from all sensors, in all directions, unknown to the Android user.

As the profiles we’ve published about trackers reveal, apps in the Google Play store share a wide variety of data with advertisers, in creative and nuanced ways. These methods can be as invasive as ultrasonic tracking via TV speakers and microphones. Piles of information are being harvested via labyrinthine channels, with a heavy focus on retail marketing. This was the plan all along, wasn’t it? The smart mobile devices that comprise the Android ecosystem are designed to spy on users.

One week after our work was published and the Exodus scanner was announced, Google said it would expand its Unwanted Software Policy and implement click-through warnings in Android.

But this move does nothing to fix fundamental flaws in Google Play. A polluted ocean of apps is plaguing Android, an operating system built upon Free and Open-Source Software (FOSS) but now barely resembling those venerable roots. Today, the average Android device is not only susceptible to malware and trackers, it’s also heavily locked down and loaded with proprietary components—characteristics that are hardly the calling cards of the FOSS movement.

Though Android bears the moniker of open-source, the chain of trust between developers, distributors, and end-users is broken.

Google’s defective privacy and security controls have been made painfully real by a recent investigation into location tracking, massive outbreaks of malware, unwanted cryptomining, and our work on hidden trackers.

The Promise of Open-Source, Unfulfilled

It didn’t have to be this way. When Android was declared Google’s answer to the iPhone, there was palpable excitement across the Internet. Android was ostensibly based on GNU/Linux, the culmination of decades of hacker ingenuity meant to replace proprietary, locked-down software. Hackers worldwide hoped that Android would be a FOSS champion in the mobile arena. FOSS is the gold-standard for security, building that reputation over the decades because of its fundamental transparency.

As Android builds rolled out, however, it became clear that Rubin’s baby contained very little GNU, a vital anchor that keeps GNU/Linux operating systems transparent via a licensing strategy called copyleft, which requires modifications to be made available to end-users and prohibits proprietary derivatives. Such proprietary components can contain all kinds of nasty “features” that tread upon user privacy.

As a 2016 Ars Technica story made clear, there were directives inside Google to avoid copyleft code—except for the Linux kernel, which the company could not do without. Google preferred to bootstrap so-called permissively licensed code on top of Linux instead. Such code may be locked down and doesn’t require developers to disclose their modifications—or any of the source code for that matter.

Google’s choice to limit copyleft’s presence in Android, its disdain for reciprocal licenses, and its begrudging use of copyleft only when it “made sense to do so” are just symptoms of a deeper problem. In an environment without sufficient transparency, malware and trackers can thrive.

Android’s privacy and security woes are amplified by cellphone companies and hardware vendors, which bolt on dodgy Android apps and hardware drivers. Sure, most of Android is still open-source, but the door is wide open to all manners of software trickery you won’t find in an operating system like Debian GNU/Linux, which goes to great length to audit its software packages and protect user security.

Surveillance is not only a recurring problem on Android devices; it is encouraged by Google through its own ad services and developer tools. The company is a gatekeeper that not only makes it easy for app developers to insert tracker code, but also develops its own trackers and cloud infrastructure. Such an ecosystem is toxic for user privacy and security, whatever the results are for app developers and ad brokers.

Apple is currently under fire for its own lack of software transparency, admitting it had slowed down older iPhones. And iOS users should not breathe a sigh of relief in regard to hidden trackers, either. As we at Yale Privacy Lab noted in November: “Many of the same companies distributing Google Play apps also distribute apps via Apple, and tracker companies openly advertise Software Development Kits compatible with multiple platforms. Thus, advertising trackers may be concurrently packaged for Android and iOS, as well as more obscure mobile platforms.”

Transparency in software development and delivery leads to better security and privacy protection. Not only is auditable source code a requirement (thought not a guarantee) for security, but a clear and open process allows users to evaluate the trustworthiness of their software. Moreover, this clarity enables the security community to take a good, hard look at software and find any noxious or insecure components that may be hidden within.

The trackers we’ve found in Google Play are just one aspect of the problem, though they are shockingly pervasive. Google does screen apps during Google Play’s app submission process, but researchers are regularly finding scary new malware and there are no barriers to publishing an app filled with trackers.

Finding a Replacement

Yale Privacy Lab is now collaborating with Exodus Privacy to detect and expose trackers with the help of the F-Droid app store. For pure security reasons, F-Droid is the best replacement for Google Play, because it only offers FOSS apps without tracking, has a strict auditing process, and may be installed on most Android devices without any hassles or restrictions. The F-Droid store doesn’t have anywhere near the app selection of Google Play; it has less than 3,000 app, compared to the primary app store’s selection of around 1.5 million. Of course, it can be used alongside Google Play, as well.

It’s true that Google does screen apps submitted to the Play store to filter out malware, but the process is still mostly automated and very quick— too quick to detect Android malware before it’s published, as we’ve seen.

Installing F-Droid isn’t a silver bullet, but it’s the first step in protecting yourself from malware. With this small change, you’ll even have bragging rights with your friends with iPhones, who are limited to Apple’s App Store unless they jailbreak their phones.

But why debate iPhone vs. Android, Apple vs. Google, anyway? Your privacy and security are massively more important than brand allegiance. Let’s debate digital freedom and servitude, free and unfree, private and spied-upon.

WIRED Opinion publishes pieces written by outside contributors and represents a wide range of viewpoints. Read more opinions here.

More on Android, Malware, and Copyright

Employees Displaced by Automation Could Become Caregivers for Humans

Sooner or later on, the usa will face mounting work losings considering improvements in automation, artificial intelligence, and robotics. Automation has emerged being a larger danger to United states jobs than globalization or immigration combined. A 2015 report from Ball State University attributed 87 per cent of present production work losses to automation. In no time, the number of vehicle and taxi drivers, postal workers, and warehouse clerks will shrink. What’s going to the 60 per cent associated with the population that lacks a degree do? Just how will this vulnerable an element of the workforce find both earnings while the sense of function that work provides?

WIRED ADVICE

ABOUT

Oren Etzioni (@etzioni) is CEO of this Allen Institute for synthetic Intelligence and teacher at Allen School of Computer Science at University of Washington.

Recognizing the enormous challenge of technological jobless, Bing recently announced it is donating $1 billion to nonprofits that try to assist workers adapt to the brand new economy. But the solutions proposed by computer researchers particularly MIT’s Daniela Rus (technical training) and endeavor capitalists including Marc Andreessen (new task creation) are unlikely ahead fast enough or even to be broad enough. Honestly, it is not practical to teach many coal miners to become data miners.

Some of Silicon Valley’s leading business owners are drifting the thought of a universal basic income (UBI) as being a solution for work loss, utilizing the loves of eBay creator Pierre Omidyar and Tesla’s Elon Musk supporting this method. But as MIT economists Erik Brynjolfsson and Andrew McAfee have actually pointed out, UBI does not do nearly as good a job as other policies to keep people engaged in the workforce and supplying the feeling of function that work offers. UBI is also not likely to garner the mandatory political help.

So what might help? There is a category of jobs today which critical to our society. Many of us will use the solutions of the workers, however these jobs are all-too-often held in low esteem with poor pay and minimal a better job prospects. Some are creating alleged social robots to simply take these jobs. Yet, they’re jobs we categorically cannot wish machines doing for all of us, though devices could potentially help humans.

I will be speaking of caregiving. This broad category includes companions to your senior, house wellness aides, child sitters, special requirements aides, and more. We should uplift this category become better compensated and better regarded, though available to those without higher education. Laurie Penny highlights that numerous traditionally male vocations have been in jeopardy from automation, yet caregiving jobs are traditionally feminine; nevertheless, that gender gap can alter when caregivers are uplifted and other choices are more limited.

There is no doubting that uplifting is likely to be costly, but so are UBI and several other proposed programs. The riches caused by increased automation should be provided more broadly and might be used to assist fund caregiving programs.

Instead of anticipating vehicle motorists and warehouse workers to rapidly re-train for them to take on tireless, increasingly capable devices, let’s perform for their individual strengths and produce possibilities for workers as companions and caregivers for our elders, our kids, and our special-needs populace. With this specific one action, culture can both produce jobs for the most vulnerable portions of our work force and increase the care and connection for many.

The main element skills because of this category of jobs are empathy additionally the ability to make a human being connection. Ab muscles concept of empathy is feeling somebody else’s feelings; a machine cannot do that as well as a person. Individuals thrive on genuine connections, perhaps not with machines, however with one another. You don’t want a robot looking after your infant; an ailing elder must be liked, become heard, fed, and sung to. This is one job category that people are—and continues to be—best at.

As culture many years, interest in caregivers will increase. Based on the UN, how many individuals aged 60 years and older has tripled since 1950, while the combined senior and geriatric populace is projected to achieve 2.1 billion by 2050.

Rising work for caregivers is element of a broader multi-decade shift inside our economy from agriculture and manufacturing to delivering solutions. A significant change to more caregiving may require us to re-consider some of our values—rather than buying fancier and more costly gadgets every year, can consumers spot more value on community, companionship, and connection?

Exactly what are the making this vision a real possibility? Society should discover a way to significantly increase the payment for caregivers that assistance elders and special-needs populations. Realistically, uplifting caregiving will demand federal government programs and capital. The expense of these programs can be defrayed by increased economic growth and productivity as a result of automation. The numerous employees who’re not enthusiastic about, or with the capacity of, technical work could as an alternative get training and certification in many different caregiving occupations. Although some will simply be companions, other people can obtain certification as teachers, nurses, and much more.

Caregiving is just a practical selection for numerous displaced workers, plus one which both humane and uniquely peoples.

WIRED advice publishes pieces compiled by outside contributors and represents a wide range of viewpoints. Read more opinions right here.

How the US Can Counter Threats from DIY Weapons and Automation

in the past a long period, within my capability as deputy manager after which acting manager of national intelligence, i’ve participated in nationwide Security Council meetings about immediate challenges, from North Korea’s aggressive missile and nuclear development programs to Russian armed forces operations along its boundaries, and from ISIS threats toward homeland to Chinese activity in South China water.

WIRED ADVICE

ABOUT

Michael Dempsey could be the national cleverness fellow on Council on Foreign Relations therefore the former performing manager of nationwide intelligence. The author is an worker of this United States government on a sponsored fellowship, but all viewpoints are those for the writer and don’t reflect the state views associated with the United States government.

Even yet in instances in which the threat the US confronted was specially complex, there was clearly about a familiar policy playbook of choices, in addition to a shared comprehension of how to overcome these crises. But in today’s dynamic security landscape, it is reasonable to ask whether US policymakers might soon need to grapple by having a brand new group of threats which is why we’ve no common understanding or very carefully considered counter-measures.

Three rising styles will considerably change our safety environment within the coming years and are worth careful review.

First, look at the growth in automation, therefore the automatic automobile market specifically. Industry projections are a large share for the automobile market—several million cars—will be self-driving by 2030. It isn’t hard to imagine how terrorist teams or ill-intentioned state actors could adjust this technology in frightening methods.

In the end, how difficult can it be to make a driverless vehicle as a driverless automobile bomb? The nearly inevitable growth inside automation of planes, trains, buses, ships, and unmanned aerial cars will offer nefarious actors array opportunities to tamper with control and satnav systems, possibly affording them the opportunity to create a mass casualty event with out anybody present during the scene for the attack. Imagine a worst instance situation in which we experience a 9/11–type attack—but with no actual hijackers.

A corollary challenge may be the advent and development of autonomous weapons. While the United States military has tight (and legal) restrictions in position in order to guarantee a individual is often mixed up in concluding decision to fire such a gun, it’s perhaps not sure other countries that develop these systems within the future—and over a dozen already have them inside works—will be as prepared or able to enforce this amount of control. This opens the door to an array of possible threats, like the danger that somebody with sick will could hack a gun and make use of it to attack critical infrastructure, including hospitals, bridges, or dams.

This risk is sufficiently credible that Elon Musk plus band of significantly more than 100 leaders into the robotics and artificial intelligence community recently called on the us to ban the development of autonomous tools. While this may be a noble sentiment and another I would endorse, the real history of tools development shows that a ban has little possibility of succeeding.

A second underappreciated threat could be the proliferation of advanced main-stream weapons and abilities. For many regarding the previous three years, the US happens to be able to project army force virtually uncontested around the world, with just minimal danger. Today, with all the proliferation of precision-guided missiles of extensive range, along with higher level tracking systems which can be common to both state and non-state actors, that age is fast arriving at an end.

Consider the situation we at this time face off the coast of Yemen in Bab-el-Mandeb Strait. A vital shipping lane between European countries and Asia, the Strait is just 18 miles wide at its narrowest point. US vessels running in these waters are now actually within the selection of sophisticated missiles fired perhaps not by a central federal government, but from Houthi rebels (built with Iranian-provided technology) and enabled by commercially available radar systems that can be used to trace our vessels.

  • RELATED STORIES

  • Lily Hay Newman

    North Korea Simply Took the Nuclear Step Experts Have Actually Dreaded

  • Greg Allen

    Thank Goodness Nukes Are Incredibly Expensive and Complicated

  • Andy Greenberg

    Hackers Gain Direct Access to United States Power Grid Controls

At the same time, there are now multiple nations and non-state actors, including ISIS and Hezbollah, which are running drones throughout the battle room in Iraq and Syria, a development that would have now been inconceivable just a decade ago. In reality, ISIS’s use of armed drones against Iraqi security forces previously this present year delayed their advance on Mosul, highlighting the regrettable reality your utilization of unmanned aerial platforms is a function in almost all future disputes.

A 3rd emerging risk is the constant erosion of US’s benefit in your community of data awareness. The US has enjoyed a remarkable lead over our adversaries in the past quarter century in understanding what exactly is in fact occurring on the floor in perhaps the many remote parts of the planet. I’ve really witnessed multiple crises where United States president knew more in regards to the situation in the nation versus frontrunner of this nation. But the explosion of use of information through various types of commercially available technology is just starting to chip away at that benefit.

Because the current national cleverness officer for armed forces affairs, Anthony Schinella, as soon as remarked to me, through the 1991 Gulf War the US surely could go the entire eighteenth Airborne Corps across the thing that was thought to be an impassable roadless wilderness and attain a decisive battlefield success in big part as the US had two technologies your Iraqi Army didn’t: overhead imagery and GPS. Today, many primary school-age young ones have actually both on the phones.

it is no exaggeration to say an average person in several areas of the world is now able to access it the world wide web and within a hour purchase a small drone, GPS guidance system, and high-resolution digital camera, and thus are able to acquire information that will have been unthinkable a good generation ago, including on United States military bases and critical tools storage internet sites.

Meanwhile, the dramatic development in end-to-end encryption technology in the personal sector is making it simpler for both terrorists and states to mask their communication, considerably reducing our ability to comprehend their planning and operational cycles.

The erosion of American benefit inside information domain will influence both our decision-making process and schedule for armed forces action. Can the united states actually manage to spend months marshaling armed forces forces near North Korea if Pyongyang has considerable understanding of United states troop motions and staging areas, along with the capacity to hit them? And certainly will policymakers have the blissful luxury of time to prepare and react if an adversary interferes with domestic satellites and GPS companies, or will such actions cripple our reaction options?

Therefore, what can be done? The federal government has to start work in earnest now across agencies and departments to plan for the downstream aftereffects of these three developments. Officials should integrate right into a wider planning work, preferably coordinated by the National Security Council, all organizations with appropriate expertise, such as the Department of Energy’s nationwide Laboratories, the Defense Science Board, and cutting-edge research agencies like Darpa. This really is critical to formulating a wider understanding of these challenges, also to accelerate the task of developing effective countermeasures. And, as hard as they can be, government and the personal sector should deepen their cooperation, particularly on the subjects of automation and information access. Some of this work ought to be done in close assessment with key allies, lots of who already have direct ties to leaders in america plus the global commercial sector, and potentially with competitors such as for example China and Russia

In lots of ways and for understandable reasons (especially the dramatic rate of modification), the US as well as its allies had been sluggish to react to developments inside cyber world. Offered the significance of these threats, the united states must be sure it is better ready for the following revolution of challenges.

WIRED advice posts pieces compiled by outside contributors and represents many viewpoints. Study more opinions here.

Do You Really Need a VPS? Best WordPress VPS Hosting Compared – 2017

Are you looking to compare the best VPS hosting services for WordPress?

Finding the best VPS hosting for WordPress can be overwhelming with so many different options in the market. Sometimes VPS isn’t even the best option for your needs. Just because your website has outgrown shared hosting doesn’t mean that you need a VPS.

Maybe you need managed WordPress hosting or even a dedicated server.

It’s extremely important to understand the Pros and Cons of VPS hosting, so you can make the right decision for your needs.

WPBeginner is the largest independent WordPress resource site that receives millions of pageviews per month. Having helped 100,000+ users and years of experience with WordPress hosting companies, we have created the most comprehensive guide that will help you understand everything you need to know about VPS hosting as well as compare the top VPS hosting companies, so you can choose the best VPS hosting service for WordPress.

Read the full comparison here.