Sometimes design mistakes are so dumb that, if you’re conspiracy-minded, you wonder if they were made on purpose. Here’s an example. HTC, makers of the One Max smartphone, decided to leave users’ fingerprints in a world-readable, unencrypted text file instead of storing them encrypted in a safe part of the phone’s file system.
Yes. Your fingerprints are being stored in a plain text file that can be read by any person or, more dangerously, by any application you happen to install on your phone. Instead of encrypting the fingerprint with a device-specific key, and instead of placing it inside the secured “Trustzone” part of the phone’s file system that Android already provided as part of the operating system, HTC’s engineers took your fingerprint and stored it unencrypted in an easily accessed file. So, if you install an app that performs some useful function but also just happens to seek out that fingerprint file and send it back to the maker of the app as part of its operation, you’ve just had your fingerprint stolen.
Tinfoil hat time: did Apple pay HTC to do this to make Android look even worse? I frankly don’t have a better explanation.
Like so much of the bad news Android has experienced lately, this is not a problem with the Android operating system. This problem is due entirely to how much freedom Google has given makers of Android devices. Google built the Trustzone into Android specifically to store sensitive things like biometrics, but it doesn’t force manufacturers who collect biometric information to store them there. Likewise, it doesn’t prevent apps from reading data in so-called safe parts of the phone. Even if it did, we usually ignore those arcane security notifications and privilege requests that pop up when we download and install an app, because we simply want to use the app and not give much thought to what the app will be able to do with our data. So, your unencrypted biometric could be lifted even from a secured area of the phone because you carelessly gave it permission to access it.
I’m surprised there isn’t a worldwide egg storage given how much Android is wearing on its face lately. The lack of centralized control over app and hardware design decisions, particularly those that impact security, and the excessive onus placed on users to play a defensive role they don’t understand, are starting to cause lots of problems. Either the Android community will, under Google’s leadership, devise a solution to unify the patch management process and tighten design requirements across all device manufacturers and cell carriers, or the operating system will die an embarrassing and, by that point, much-deserved death. As an Android fan, I’m hoping for the former, but it’s going to take quite a well-orchestrated effort to get there.