undefined | Better HN

0 pointsizacus8y ago0 comments

Can you explain how 2.) follows from 1.) ? Or at least how exactly has Google incentive to keep Android insecure (especially in terms of all the security research/hardening being done by internal teams, both for Android and iOS)?

0 comments

2 comments · 1 top-level

nickpsecurity8y ago· 1 in thread

They're seperate. Bad security follows from both. For one, too little privacy is profitable for a company selling or matching against profiles obtained from surveilling their users' activities. On 2, redoing Android security or just handling it better would cost more for Google even though the problems are externalities: they cost the users, not Google. For-profit, public comoanies ignore externalities as much as possible to maximize profit.

So, Google securing Android would cost them a lot of money for fixing the customers' problems that dont affect Google. Then, it might cost them piles of money later in lost ad revenue when now-private services make customers black boxes of sorts.

I think there's a lot of middle ground to explore but surveillance or public companies don't usually go for it. Offering a paid, surveillance-off version of each ad service is one of those. You will rarely see that as simple as it is to do.

izacusOP8y ago

You're deliberately ignoring the constant security updates and patches Google is pushing, both monthly (https://source.android.com/security/bulletin/) and as part of OS updates: (https://android-developers.googleblog.com/2017/12/double-stu...).

j / k navigate · click thread line to collapse