Your phone probably contains banking, payment and personal information that can be remotely stolen via numerous known and unknown bugs in the Android software. This is attractive to criminals.
Vendors (LG, Samsung, Xiaomi, etc.), after selling you their phone, have no incentive to keep your phone's software up to date with Google's fixes. Your Android phone is probably out of date and therefore a gaping security hole through which attackers can steal your stuff from the safety of their own laptops.
In short, your phone could be hacked wide open from afar through a single innocent-looking email, MMS or web-page.
In the end the recommendations are: buy an Iphone, stick to Google phones or install a custom ROM.
Original URL: Android security in 2016 is a mess
-- submitted from IRC
(Score: 2) by q.kontinuum on Wednesday December 07 2016, @12:38PM
The candy-bars usually don't have GPS (for a certain value of "usually"...). And even if it does, it is much less likely to be hacked by someone, especially since thy usually don't have an app-store.
Your dialling-history and cell-tower-history will be captured by your network-provider, but at least in Germany for them some stricter laws applied on how the data could be used. If your main-concern is those three-letter-agencies, this data is probably not hidden to them.
But for me it is a difference if a shady data broker gets the information, which areas of town I frequent, or if it is a government-organization that at least needs to act as if it doesn't use that kind of data too casually. For a commercial company it could be highly profitable (and therefore costly for you) to know where you spend your time, and whom you spend your time with.
E.g. a health-insurance-company might want to know if you spend your lunch-time in Burger-King or rather in the Gym. Or if you frequent areas known to be frequented by hookers. Or gay-clubs. Your insurance-rates might factor in some imagined health-risk for that. Or lawyers might analyse your address-book, reconstruct your social graph and contact your wife with some interesting deals for a lucrative divorce.
I'm not doing online-banking with my phone, either, and avoid WhatsApp, Facebook app and similar crap. However, I do use HERE navigation software, Signal (as a replacement for SMS) and the browser (although I wouldn't browse any delicate content from that browser).
Registered IRC nick on chat.soylentnews.org: qkontinuum
(Score: 2) by HiThere on Wednesday December 07 2016, @07:17PM
IIUC, the phones are legally required to have a GPS, but not to make it available to the end-user. So making it available can be an extra cost option. (OTOH, my phone is old enough to pre-date that law...but it's JUST a phone.)
Javascript is what you use to allow unknown third parties to run software you have no idea about on your computer.