Is Your Security Worth the Price of That Discount Tablet?

Is Your Security Worth the Price of That Discount Tablet?

Black Friday, love it or hate it, always manages to produce some tempting deals on the tech front, and tablets are no exception this holiday season. Numerous stores are selling cheap, poorly made Android tablets at prices that you can only believe once you open the box and realize what you just bought. These devices are usually sluggish, riddled with bugs, lack future updates, and more critically, come full of security flaws. Bluebox Labs recently put several of these discount tablets through security tests and the results are a bit frightening. If you’re in the market for a new Android tablet, a quick read through the results may save you a lot of time and frustration.

Bluebox's list of tested tablets

Security software firm Bluebox Labs recently purchased a number of these cheap, discount tablets from retailers who were peddling them on Black Friday and tested them for security flaws. Their series of tests produced disturbing results which included security features turned off by default (if they were even there to begin with), tablets coming rooted out of the box (which may or may not be an issue depending on your intentions for the device), and even adware and modified versions of Angry Birds that collect user data. One tablet even included so many security flaws that Bluebox’s testing app couldn’t give it an accurate score, but I’m certain it wouldn’t have been pretty.

Tablets can be fantastic tools for us as photographers: tethering for the ever-pacing art director, a vibrant portfolio right at your fingertips, or even games to keep the kids occupied while you're hard at work. However, a security breach has the potential to destroy both your personal life and your business. If you’re in the market for a new tablet you might want to do a bit of research before simply buying the one at the lowest price. If you don't, you just may be getting a little more than you paid for — and not in a good way.

Lead image courtesy of Andrew Griswold.

[via Gizmodo]

Sam Merkel's picture

Sam Merkel is a 19 year old photographer and student living in Madison, WI. He spends his winters traveling the midwest photographing various crews of snowboarders and his summers enjoying having feeling in his extremities.

Log in or register to post comments
8 Comments

Why does this article sound like scaremongering to indirectly shill Apple products?

The problems I see with the Bluebox article is that they claim these security holes, but don't inform the various dealers about them. Then they tell you you can download their free software to tell you if you have security holes, but don't explain how they got to those conclusions, or what you can do about them.

No doubt there can be security holes when you have an open system like Android, but a bit more in the specifics seems to be in order.

How did you draw that conclusion from an article that mentions nothing about iDevice? Don't get me wrong, I not a huge fan of Apple myself, but Android's open system definitely has a lot of security issues. I myself switched from an iPhone to a Nexus a few months ago, and I was terrified by the way apps were asking to access a ton of phone resources which they have no reason to. For example, the alarm clock app wanted access to my USB storage device, location service, creating profile on device, etc.

I'm a software engineer who turned into a system engineer, so I'm very conscious about security. I don't like Apple, but they have gained my trust when it comes to security a whole lot more than Google. This article simply warns people about buying Android device; the fact that Shazam wants access to my location service is absurd, and I don't care how much freedom you have with tinkering your phone.

Freedom means nothing when you're not secure.

"How did you draw that conclusion from an article that mentions nothing about iDevice?"
It's the implication. I may be reading too much into it, I'll grant you that. :-)

"I myself switched from an iPhone to a Nexus a few months ago, and I was terrified by the way apps were asking to access a ton of phone resources which they have no reason to."

What isn't obvious is the same happens in Apple system, except they have to pay Apple (who has the same access being asked for in Android) for the privilege, and you just never know about it. In Android it's open, so you see it.

"Android's open system definitely has a lot of security issues."
I made that point clear. My main issue wasn't so much my first sentence, but the fact that this Bluebox group is calling out these products, yet not contacting the distributors about their findings.

Furthermore, they have an app that supposedly will find security holes, but does not explain why they are identified as such and how you would eliminate them. For instance, "security backdoor", is that an injected application, poorly written non-malicious app, or is it a setting that needs to be turned on or off? As a software engineer, perhaps YOU might know what the potential problem may be, but what about the average Joe who buys a tablet, hears of this app, runs it and is informed of a potential problem? So you have an app that's telling you that you have a problem, and have a nice day.

I think "paying" is somewhat of a technicality issue here, as long as you mean the $100/year to be an Apple developer vs simply downloading the Android SDK. Either way, as an iPhone user, I have the ability to stop say, the alarm clock app, from having access to my location, microphone, and bluetooth settings, and still have it work. As an Android user, I'd have to agree to give it everything it wants before I can start using the app. Again, this is absurd.

I wouldn't pin this on Google/Android 100% though, as developers can actually pick and choose which access their app has. The problems arise when lazy developers just copy and paste code from another snippet (yes, this happens a lot, sadly.) and carry over all the unnecessary permissions. This on top of the fact that there are so many hackers out there with malicious apps, I don't know what app to trust, and so I blame the most visible entity: Android.

Security backdoor could be any or all of the things you mentioned; however, I don't see how an OS reinstall wouldn't help, as long as the maker - not Android - pushes out update. The problem arises when these makers don't push out update, or prevent you from updating, or push out updates that have security holes... I think these are the things Bluebox is trying to warn: don't buy device from a source you don't trust.

"The problem arises when these makers don't push out update, or prevent you from updating, or push out updates that have security holes... I think these are the things Bluebox is trying to warn: don't buy device from a source you don't trust."

By Bluebox not contacting the manufacturer of a device they've singled out as compromised, what they are doing in effect is blacklisting the product and not giving the seller/manufacturer the benefit of the doubt that they would indeed do something about it. The seller/manufacturer may not be aware of the situation. Some seller/manufacturers may not give a damn, in which case one is justified in not patronizing them. Imagine if they were to find similar compromises in Windows or Mac OS, and they're telling everybody except Apple or Microsoft, and additionally telling everyone to avoid those products because they been compromised. Would you find that acceptable?

Oh don't get me wrong; I'm in no shape or form defending Bluebox, or any companies out there that withhold information. I'm all about sharing knowledge and open sourcing things. That's why I can't stand Apple's closed-loop ecosystem.

I hate Apple as much as the next guy, but I just wanted to point out how quickly you attacked them simply by inferring from the article.

Well, that was initial gut feeling when I read an article about a company that's calling out x, y, or z Android products without communicating with their manufacturers and offering software that does nothing more than list whether your tablet is compromised. Like I said, maybe I read too much into that, but really the bigger issues are the ones I've discussed.

I judge people by their use of tablet, I'll admit it.

Not so much based on whether they're using Android or iOS, but more along the lines of an involuntary nose crinkling at the sight of clunky off-brand tablets.