We have moved to a new Sailfish OS Forum. Please start new discussions there.
13

Sailfish + aliendalvik security

asked 2017-10-06 08:35:26 +0200

Quimere gravatar image

Greetings!

I have always been thinking about the sailfish + aliendalvik security, and I thought that posting my thoughts here would help me if someone knowledgable can answer me. Let's see...

  1. Aliendalvik uses an android version 4.4.4, right? does that mean it keeps the same vulnerabilities as the android Kit Kat? I think it would be less secure than if it was based on a newer android version.
  2. Also, if it's using version 4.4.4, does it mean Google Play Store will stop having compatible apps (it already happens to me with a local bus app) before long. Even now, the latest google play store can't download apps to my Jolla C, I had to keep an outdated version to keep it working.
  3. Since Aliendalvik can access all sailfish storage and components, does it mean it's another posible attack vector, affecting the Sailfish security overall?

Thanks to everyone, specially to those who answer my question. Regards!

edit retag flag offensive close delete

Comments

4
  1. Android 4.4.4 continues to receive security updates (lasts were few days ago: https://source.android.com/security/bulletin/2017-10-01). It seems from the release notes that Android Support is updated with them by Jolla.
  2. Unfortunately yes, if the developer marks his app compatible only with Android >= 5.0, it won't be listed. But that's developer's fault. For example, you should contact your local bus company to ask why they put such a limitation (is there really a mandatory killer feature not present in Android 4 that they absolutely need to display bus schedules?). For the issue with the Play Store I don't know, my J1 seems to have a recent Play Store (v8.2.38) and it's still working.
  3. Don't know much on that point, but we for sure need to be able to manage the permissions by application.
Sthocs ( 2017-10-06 11:07:24 +0200 )edit

2 Answers

Sort by » oldest newest most voted
7

answered 2017-10-06 11:12:51 +0200

r0kk3rz gravatar image

1 . Aliendalvik uses an android version 4.4.4, right? does that mean it keeps the same vulnerabilities as the android Kit Kat?

Jolla has been patching it for known vulnerabilities, so it should be ok.

2 . Also, if it's using version 4.4.4, does it mean Google Play Store will stop having compatible apps

Yes it seems like Alien-Dalvik is coming to the end of its life, a few apps I use have released Android 5+ only updates, and before long the outdated versions I use will be incompatible with the services. Unless myriad group suddenly has a change of heart, or Jolla pays them a lot of money, I'm not sure this will change at all.

3 . Since Aliendalvik can access all sailfish storage and components, does it mean it's another posible attack vector, affecting the Sailfish security overall.

Of course it creates another attack surface for Sailfish, but its running in a chroot with few integration points so it could be worse I guess.

edit flag offensive delete publish link more

Comments

4

The way I understood it when this topic was discussed during one of the recent community meeting, Android 5 has changed quite a lot in its core. This does not allow to adopt Alien Dalvik without bigger efforts and Myriad (the company from which Jolla has licenced Alien Dalvik) also does not seem to have a large interest in it any more. So it seems the options for now are: stay on 4.4 (with the issue that the incompatibility rises over time), pay to upgrade Alien Dalvik (which is unclear if Jolla can afford this and / or Myriad is actually interested in doing this) or search for another solution. There are other projects aiming to provide similar features and I got the impression Jolla is very interested into evaluating them as replacement for Alien Dalvik.

ghling ( 2017-10-06 17:44:01 +0200 )edit
2

answered 2017-10-06 13:08:53 +0200

florifreeman gravatar image

Jolla Phone is using Android 4.1 !

edit flag offensive delete publish link more

Comments

1

Yes, but Intex Aqua Fish, Jolla C, Jolla Tablet, Sony Xperia X using newer Alien Dalvik, based on Android 4.4.4

ExPLIT ( 2017-10-06 15:34:24 +0200 )edit

so what will be the next? with this store, Jolla can not stand for it! So Android app support is the key without sharing private info.

oguzhanssan ( 2017-10-12 09:03:14 +0200 )edit
Login/Signup to Answer

Question tools

Follow
6 followers

subscribe to rss feed

Stats

Asked: 2017-10-06 08:35:26 +0200

Seen: 736 times

Last updated: Oct 06 '17

Related questions

VPN client [released]

Word prediction should be always turned off when entering passwords in Android apps [released]

Password manager for Sailfish [answered]

Android VKB saves and suggests passwords in plaintext

[Feature-request] Track & protect my Jolla

Keychain linked to TOH

Cloud backup should be encrypted

Guest account for demonstration [answered]

WhatsApp notification [answered]

alien dalvik crashes if trying to install payed app from play store [answered]

Copyright © Jolla Ltd. 2013-2019. All rights reserved.
about | faq | help | privacy policy | terms of service | give feedback
Powered by Askbot version 0.7.49