Android has a serious problem that makes it's software inherently insecure: the Apache License. Unlike the GPL, the Apache License is permissive. This means that Android can be Tivoized, which is why carriers lock bootloaders on Android devices. It also means that Android can be forked without the need to open up the source code of the forks, which is why manufacturers like Samsung, HTC, and others can get away with keeping TouchWiz, Sense, and other custom UIs proprietary. This of course also provides a boon for malware distributors: now, they have an app that they can add malicious code — for example, a backdoor, a keylogger, or spy code — to, and they can get away with keeping that added code proprietary so that no one knows it's malware until it's installed.
In contrast, most mainstream Linux userlands — KDE, GNOME, XFCE, Unity, LXDE, and the like — have a security stronghold: the GPL. Unlike the Apache and BSD licenses, the GPL is a copyleft license. This means that the license uses the power that is copyright law to *require* developers who make changes to the code to open those changes up, and irreversibly agree that the changes stay in the public domain. Meaning, of course, that hackers and malware distributors end up in a sort of Catch-22: Either comply with the GPL and get busted by the government, or violate the GPL and get busted by the FSF.
Also, there's another provision of the GPL that is easily capable of preventing locked bootloaders. It states that if GPL software is installed on a certain machine, that machine cannot implement hardware restrictions that hamper the freedom of users to modify said software without violating the GPL. Locked bootloaders, such as those that carriers install on Android powered smartphones, no doubt fall into that category.
So, the next time Microsoft or Apple tries to spread FUD about the open source model, refer to this blog post. There's no denying that the propaganda these corporations spread is almost in line with the propaganda spread by the Chinese and North Korean governments, and if users have any reason to believe what these people are saying, they've got their facts skewed to the brink of dystopianism.
No comments:
Post a Comment
Make sure when you comment to be civil and not insult, use profanity, or start flame wars. Anyone who calls people names, uses profanity, uses personal (i.e. ad hominem) attacks towards me, other commenters, open source software leaders, or Jesus, merely skims my blogs instead of reading them thoroughly, spreads FUD from Apple or Microsoft, or in any other way disturbs the peace in discussion will have their comments deleted and ultimately be blocked from this blog.