ArsTechnica has a mammoth review of Android Marshmallow, the latest version just hitting devices.
Probably no summary will do it justice, so I'm not even going to try. The linked page above contains a table of contents that lets you choose those areas most interesting to you.
Key things that I've been waiting for are:
User Control of Permissions, so you can deny apps the ability to mine your contacts.
EXT4 for MicroSD cards which shuts off one of Microsoft's patent claims, and allows the SD (Secure Digital) card to be used as system storage.
But that's just me. There are many other things in this review, its massive. While it praises the new permissions control scheme, it also offers this word of warning:
While Google is fixing control problems, it seems to be creating new abuse avenues at the same time. The new Doze and App Standby features sound great, but both of them can be bypassed by developers just by flagging their GCM (Google Cloud Messaging) push notifications as "high-priority." Like with Peek notifications, we expect developers will see this as a way to be "sticky" and stay in a user's face, and the abusive ones will all enable high-priority notifications for everything. Google seems to be getting in a cycle where it creates an avenue for abuse in one version and then in the next version gives users control over that new feature. The company needs to gives users control over a new feature by default, not after it has proven to be troublesome. The realities of Android crapware on a carrier phone make the usual "just uninstall the app!" advice unrealistic.
(Score: 2) by SubiculumHammer on Tuesday October 06 2015, @10:10PM
User Control of Permissions is Important... But what is also really needed is a user controlled firewall. There is one out there if you root your phone, but it hasn't been updated in a few years I think.
(Score: 3, Informative) by TheGratefulNet on Tuesday October 06 2015, @10:18PM
along with user permissions, you need TOOLS to show you when an app failed for valid reasons or bullshit reasons, else you are just shooting blind.
oh, and I hope they don't break vpns like they did in ALL of 4.4 ;( kitkit has known vpn issues and google marks it 'wont fix', as if everyone should just upgrade to the 5.x train. sheesh! they ship 4.4 and vpn is known not to work - they take over a year and still don't fix it. thanks google.
if they bring new features, it will probably be because the short-attention-span googlers lost interest in previous versions and only want to work on the new hotness (sigh).
"It is now safe to switch off your computer."
(Score: 4, Informative) by everdred on Tuesday October 06 2015, @10:21PM
firewall. There is one out there if you root your phone, but it hasn't been updated in a few years I think.
Are you thinking of DroidWall? You may want to check out AFWall+ [f-droid.org].
(Score: 2) by frojack on Tuesday October 06 2015, @10:23PM
Don't we have sort of a de-facto firewall on our phones already, due to the fact that they are all running rapidly changing dynamic IPs?
Inbound connections are pretty much not an issue as far as I can tell. They would be hopelessly unreliable.
To me, the problem is that so many apps use outbound connections to call home, for some dodgy cloud functionality or "sharing" some useless information to Facebook or something. If the new permissions system changes allow the user to control egress, it would just about eliminate the need of a real firewall.
No, you are mistaken. I've always had this sig.
(Score: 3, Interesting) by mechanicjay on Tuesday October 06 2015, @10:31PM
My phone is on wifi an awful lot, that ip is far less dynamic than the one doled out by my carrier. In a fit of academic lunacy, the wifi connections at work get public ip addresses!
My VMS box beat up your Windows box.
(Score: 3, Interesting) by Hyperturtle on Tuesday October 06 2015, @11:09PM
The firewall I want on my phone filters traffic from the inside interface or zone -- that is, I want to prevent android from making outbound connections.
Firewalls are not just something that you hide behind; you also can prevent outbound connections. I use a firewall at home to block traffic to 8.8.8.8 and 8.8.4.4, for example, when I found via wireshark that my tablets were going to those DNS servers anyway despite my dhcp settings and then also my static assignments aiming at servers that were about 5x faster. Yes, android accepted the dns settings. No, android did not often choose to use them.
When I leave my house, the devices, if turned on and connected to something that gives me internet service--well, because there is not a software firewall on everything I own that connects online, I can't prevent communications like that from happening. I don't have an android device with cell service, so the only connections these get are wi-fi.
In other situations for typical "i am consuming" use case scenarios, yes NAT is enough and rejection of unsolicited traffic is also enough -- like what a typical consumer firewall may do with default settings.
Ideally, I would whitelist permissible outbound connectivity to a few places after I worked out the kinks on a desktop.
I probably demand too much from Android; I completely understand it's a tool to achieve an end for them. Linux on a tablet would be preferred, but it is not easy to get working well in a fashion that is actually useful compared to what google designed for their hardware. It's a shame its violating by design though. I like the surface tablets but not windows 10, for many of the same reasons I don't like what android wants to do to my details.
I expect that if google ever did include a software firewall, like what windows XP SP2 eventually got, blocking google addresses or domains would not be possible, just like how windows 10 doesn't honor similar shenanigans. and it probably would not be very flexible when it comes to cell provider network connectivity. The fact that some samsung models provided a drag and drop file interface over the cell network, yikes. You don't build that in and then give the consumer the power to block it if they want to. (look up replicant file access back door for details on what that was. there is no incentive to protect the user when it's built in.)
(Score: 0) by Anonymous Coward on Wednesday October 07 2015, @07:53PM
Thats where all the IPv4 addresses went.
Hell at least its being used.
(Score: 2) by RamiK on Tuesday October 06 2015, @10:48PM
Seems strange considering some of the Android One phones out there... Well, more CyanogenMod users I guess.
compiling...
(Score: 2, Insightful) by jmorris on Wednesday October 07 2015, @12:58AM
The realities of Android crapware on a carrier phone make the usual "just uninstall the app!" advice unrealistic.
So? Really, why would anyone care about whether someone so foolish gets screwed by a locked handset? At some point stupid just has to hurt. Hurt bad enough for people to say "Ouch!" and stop doing it.
When I look at Android devices that I am intending to use myself I -always- search and find the procedure to get root. If I can't find one or it looks unreliable and likely to vanish I "next" that product and move on to the next one. Better still is to find an active community on xda-developers for the product likely to maintain support longer than the product stays in production. Those things are far more important than eight cores vs four, a few hundred MHz of clock, etc. Once you have root, the bundled apps aren't an issue.
Yes, if everyone had my attitude nobody would be there to root them in the first place but again, not my problem. The handset makers can fix that easy enough. And apparently some people get off on the challenge and are willing to risk paying premium prices for crippled hardware in the hope they can break the locks and get the glory of the kill. More power to em.
And if it isn't important enough to be a buying decision feature to you, then good luck and may your chains rest lightly upon you. Just don't complain about it and expect sympathy.
(Score: 1) by Francis on Wednesday October 07 2015, @01:33AM
Anybody that's foolish enough to still be with AT&T is going to have a locked handset. You get no reduction in price for not getting the subsidized phone. And AT&T insists that they get to install whatever the hell they want on the phone even though you'd be the one responsible for paying for the cost of electricity and bandwidth as well as the storage that you can't use because it's full of crapware.
I tried out a Backflip years ago and the thing was so loaded with crapware that it would barely function as a phone. And none of that could be removed because the pieces of shit at AT&T decided that it should be locked.
(Score: 3, Informative) by jmorris on Wednesday October 07 2015, @01:50AM
So? You bought it. You knew AT&T has an evil reputation or should have asked Google first before making a large financial commitment like a contract phone. You got burned and hopefully learned a valuable lesson.
Btw, I use AT&T's towers, just not AT&T service and certainly not an AT&T bundled/leased phone. Just buy your own damned phone and then shop for service. One word/acronym: MVNO. Ask Google about it if you haven't heard of it.
(Score: 1) by Francis on Wednesday October 07 2015, @05:18AM
Sigh, this is why we can't have nice things. BTW, I have AT&T because they bought my provider. The other cell firms are hardly glowing paragons of virtue. I'll be switching when my contract is up because the current bullshit is too much. But, none of the other providers can be considered positive influences here. There's evil and slightly less evil.
No matter whom you buy from, you wind up with some sort of bullshit license in order to use a phone that you've paid for. Free software on cell phones is still largely a dream. Whether you mean free as in given away or free as in liberty, neither apply in most cases.
(Score: 3, Informative) by jmorris on Wednesday October 07 2015, @05:52AM
Not at all. Buy a phone free and clear, buy one that you know up front can quickly be rooted and better than just root, get one where you can have a total alt rom installed. Then pick a wireless vendor, buy a sim card from them and stick it in. Done. No malware, no license agreement, no nothing. Google is a problem, but avoid as many of their services as you can't stand their prying into. You can replace Chrome with Fennec F-Droid if you really want to cut back on the snooping. Use the regular email client with an imap account somewhere other than Gmail.
Granted, pure Free Software is still largely a dream on phones, but the f-droid repo is growing. But there is only a very few handsets Replicant runs on so blobs and such are a fact of life for now.
(Score: 2, Disagree) by melikamp on Wednesday October 07 2015, @02:36AM
(Score: 2) by jasassin on Wednesday October 07 2015, @03:31AM
I don't know anything about android development. Is there a way I can run android 6 on my PC? I'd just like to check it out. I see android x86 http://www.android-x86.org/ [android-x86.org] has 5.1. I'd like to try out marshmallow.
jasassin@gmail.com GPG Key ID: 0xE6462C68A9A3DB5A
(Score: 0) by Anonymous Coward on Wednesday October 07 2015, @06:41AM
Because then you cannot expect to control them. Sadly many devices can only be rented these days. But you can and should choose to go without.
(Score: 2) by Aiwendil on Wednesday October 07 2015, @09:43AM
Admittedly I havn't even tried the 5.x series yet but I wonder if the folloiwing issues has been resolved yet:
(All related to handsfree units)
*) Long press being forced to some unwated app instead of being freely usable by any app (this thing made me lose a lot of control over the phone while walking)
*) notification sound being played through speakers instead of through the headphones (seriously, who came up with this? Make it a setting)
*) ringtone being played through speakers instead of headphones
(Score: 1, Informative) by Anonymous Coward on Wednesday October 07 2015, @11:19AM
1. they could probably have folded this article down to 6 or fewer pages if they wanted to.
2. The "improved" permissions system is a load of crock. If you want something to read contacts but not write, you can't etc. They have set up a small set of wide permission groupings that you can flip on or off. Never mind that things like network access is seen as "safe" and therefore in a group you can't toggle off at all.
3. Adoptable storage is a crock. You can either continue to use it as removable storage (aka vfat) or you can format it to ext4, have it encrypted so only that device can read it (yeah, thats useful on removable storage), and have Android treat it as "internal" (never mind that internal and external in Android have very different meaning from any sane computer system) from then on. It is Apple level of heavy handed "we know best, you go and sit in the corner for your own safety".