Hasta La Gadget!

Spent some quality time watching the Home Shopping Network this morning to hear just how the Nook Color will be improved? That’s what we thought… but we bit the bullet and tuned in ourselves to get the details for you. Simply put, HSN says Barnes and Noble will start rolling out an over-the-air software package in “mid-April” that will update the Nook Color to Android 2.2, bringing Adobe Flash Player, Angry Birds, and push email of some sort. It’ll also apparently include “lots of Nook apps,” though the channel’s pitchmen only had one to show on TV — a kid-friendly sketchpad, with a variety of drawing utensils and colored paper. HSN hosts also claim that customers who purchase the Nook Color on the show are “guaranteed to be the very first people updated,” though we’re not sure we’ll take them at their word, considering some of the other fabulous exaggerations we just heard on the air.

HSN details Nook Color update for ‘mid-April’: Android 2.2, Flash, apps and push email originally appeared on Engadget on Sat, 26 Mar 2011 13:55:00 EDT. Please see our terms for use of feeds.

Permalink   |   | Email this | Comments

Bill Gurley thinks that Android is an unstoppable freight train that will prevail against all its rivals. For Google, Android is not even a product with a business plan. It’s just a weapon at the service of their master domination strategy, a way to destroy any potential threats that may eventually kill their search monster. This is how they are doing it and the potential consequences. More »

Android phones, like this Motorola Defy, can install apps from sources other than Google's official Android Market. But doing so poses security risks. Photo: Jon Snyder/Wired.com

Amazon’s new app store offers some killer deals and can make it easier for customers to purchase Android software. However, installing it reduces overall security for Android devices, some security experts say.

The root of the issue is the requirement to allow installations from “unknown sources,” in order to put Amazon’s Appstore app on an Android phone. Amazon instructs customers that this option must be enabled to install apps sold through the Amazon Appstore.

Selecting that option immediately puts Android customers at risk to malware that could come from sources that go unchecked by Google and the general Android community, said Charlie Miller, a security researcher well known for finding exploits on mobile devices.

“As soon as you flip that switch and go away from the Android Market, which is the one place where most people go, then you are putting yourself at some risk,” Miller said.

Amazon and Google did not respond to requests for comment.

That’s not to say Google’s official Android Market has been impervious to viruses. The Android Market was infiltrated recently when a malicious hacker injected a virus into the code of 21 popular, free apps and then republished them in the Market. The hacked versions of the apps contained code that stole user data and had the ability to download more code after it was installed, potentially hijacking devices.

Google responded immediately to the exploit and used a “kill switch” to remotely remove the infected applications from customers’ Android phones. The company also issued a security tool for people to remove the exploits caused by the malicious applications.

Although Google’s Android Market fell victim to a security exploit, it is still more secure to allow your Android device to install apps only from the official Android Market, explained Andrew Brandt, lead threat research analyst at security company Webroot. If malware were to make its way into the Amazon Appstore, Amazon does not have a kill switch to remotely remove apps from Android devices like Google does, he explained.

Miller added that the benefit of Android’s official market is that it’s one central location to get apps, tenaciously moderated by the Android community, which is safer than going out into the wild to find software, like you would with Windows. By exposing yourself to third-party stores, you’re subjecting yourself to less legitimate sources.

Brandt noted that weakened security is not unique to Amazon’s Appstore, because any third-party app store living on Android must require customers to allow installations from unknown sources. There is no other method to add third-party app stores on an Android device.

However, this security issue magnifies if you consider that Amazon, a retail giant who has millions of customers with registered credit cards, is telling Android owners to disable that security provision. Also, many Amazon customers aren’t as tech-savvy as the typical Android nerd seeking to unlock special functionalities on their phones.

“Without giving people the full context of the security involved in that decision [to install from unknown sources], I think it’s a little irresponsible,” said Brandt, regarding Amazon’s method.

To be fair, Amazon claims it carefully curates apps that appear on the Appstore, so the chances of malware appearing in the store are slim. However, installing the Amazon Appstore on an Android device also requires tapping on a shortened URL sent from Amazon, which could easily be spoofed.

Additionally, when you download an app from the Amazon.com website, you receive a URL in the form of a text message; these URLs could also be spoofed to redirect to malware.

Bottom line, becoming an active Amazon Android Appstore shopper reduces the security of your Android device, especially if you don’t know what you’re doing.

At the end of the day, however, when using Android the level of security depends on the user’s skill level.

“The real question is do dumber users need Big Brother to keep them from installing dumb things?” said Jonathan Zdziarski, a security researcher who specializes in mobile hacking.  ”I’m sure a lot of people are buying these [Android] devices without knowing anything about them. They are more likely to fall victim.”

See Also:

• Amazon Launches Its Own Android App Store
• Amazon Android App Store Set to Launch Tuesday
• Independent App Stores Take On Google’s Android Market

Oh, woe is us. Or, to be more precise, woe is us if we wanted the Xperia Play on the UK’s O2 network on the day of its release, April 1st. The British carrier has been candid in admitting it found software bugs on the Play and is holding back release of the gamer-friendly device until those have been ironed out. We appreciate its effort in “testing the phone non-stop for weeks” and its reluctance to grab a quick buck by releasing imperfectly baked goods, but a major question remains — if this isn’t an O2-specific software problem, and we’ve heard no peep of O2 customizing the Android 2.3 build on the Play, why are no other carriers signaling a similar delay? Vodafone is still aiming to deliver UK pre-orders by April 5th and there seems to be no indication of flawed software from others. Only thing we can think of, given that O2 has the white Xperia Play exclusive, is that the white phone curse has struck again.

[Thanks, Ed]

Update: Here’s what Sony Ericsson has to say on the matter:

“Sony Ericsson Xperia[TM] PLAY will be launching on 1st April across all UK mobile operator partners except for O2, who have decided to prolong the testing period in order to ensure that the software meets the requirements of its procedures. Sony Ericsson will be workingwith O2 over the next couple of weeks to expedite the process and ensure that O2 customers can soon join consumers across the UK in being able to enjoy the world’s first PlayStation certified smartphone.”

Xperia Play delayed by O2 UK due to software bugs, what are the other carriers doing? originally appeared on Engadget on Fri, 25 Mar 2011 11:11:00 EDT. Please see our terms for use of feeds.

Permalink   |  O2 Blog  | Email this | Comments

Google promised us the ability to buy stuff while inside Android apps, and sure enough, it’s now just about ready to deliver it. Eric Chu, responsible for the company’s Android Developer Ecosystem, has announced app submissions are now being accepted from those wanting to offer up purchasable items within their software. He also points out there’ll be about a week’s worth of internal testing before the whole system opens up to the public, likely before the end of the month so that Google may stick to its word of rolling out the service in the first quarter of this year. Once that’s done, you’ll finally be able to buy your way to in-game glory instead of having to grind away at it like some unenlightened schmo.

Android in-app billing coming next week, starts developer testing today originally appeared on Engadget on Fri, 25 Mar 2011 06:53:00 EDT. Please see our terms for use of feeds.

Permalink   |  Android Developers  | Email this | Comments