Posts tagged Android
How three companies are coping — even thriving — amid the Android explosion.
As the little green robot known as Android wends its way into the enterprise, it’s teaching useful lessons that are reshaping corporate attitudes toward the BYOD movement.
Analysts and CIOs say the multifaceted nature of the mobile operating system is forcing companies to make key decisions about what they will, and won’t, control in bring-your-own-device programs — and those decisions are in turn cascading across all operating systems and devices.
+ Also at NetworkWorld: 2014 Tech Industry Outlook +
While Google’s operating system has far surpassed Apple’s iOS in worldwide mobile market share — Android had more than 79% of the smartphone market in the second quarter of 2013, while iOS fell to 13%, according to IDC — Apple still dominates the enterprise. According to a June 2013 activation report from mobile software maker Good Technology, 75% of the mobile activations at Good’s Fortune 500 clients were for iOS devices.
We may be facing a stalemate. Or, we may be evolving a new cyber biosphere.
Ceaselessly, with no end in sight despite outlays that amount to a tax on doing business, the decades-long struggle against malware drags on.
Today, around 5% of the average IT budget is devoted to security, estimates John Pescatore, a director at the SANS Technology Institute. Cybercrime (including malicious insider attacks and theft of devices) costs U.S. corporations an average of $11.6 million yearly, according to an October 2013 study by the Ponemon Institute that was sponsored by HP Enterprise Security. This cost represents a 23% increase over last year’s average of $8.9 million per company.
Asked why malware is the war without end, experts commonly embrace either a military or an ecological metaphor. Those with the military viewpoint say flawed defenses have led to a stalemate. The ecology-minded don’t see it as a war to be won or lost — they see an eternal cycle between prey and predator, and the goal is not victory but equilibrium.
Around 5% of the average IT budget is devoted to security, says John Pescatore, a director at the SANS Technology Institute.
One who favors the military metaphor is David Hoelzer, director of research for Enclave Forensics in Henderson, Nev. “We are essentially going in circles,” he says. “We improve only after our adversaries defeat our defenses. Most software is still riddled with vulnerabilities, but the vendors typically make no move to fix one until it becomes publicly disclosed. Coders are not trained in security, and ‘well written’ means ‘under budget.'”
Security consultant Lenny Zeltser chooses the ecology metaphor. “Attackers take advantage of the defenders, and the defenders respond. It’s part of the cycle,” he says. “If attackers get in too easily, they are spending too much to attack us. If we are blocking 100% of the attacks, we are probably spending too much on defense. We have been in a state of equilibrium for some time and always will be. But being complacent is dangerous, as we must constantly apply energy to maintain the equilibrium.”
Developments in the financial sector offer an example of why it’s important to constantly apply energy to maintain the equilibrium. A new report from Trend Micro points out that attacks aimed at stealing online banking credentials recently surged to a level not seen since 2002.
Nevertheless, experts agree that progress has been made — even if only toward the maintenance of ecological equilibrium or a military stalemate.
The wins so far
At this point, “there are no types of malware for which there are no defenses that we are currently aware of,” says Roel Schouwenberg, a researcher at anti-malware software vendor Kaspersky Lab.
“We no longer see the kinds of big spreading malware that we saw three or four years ago, [such as] the ILOVEYOU virus of 2000,” adds William Hugh Murray, a security consultant and a professor at the Naval Postgraduate School.
Interviews with analysts and executives at security vendors McAfee, AVG and Kaspersky Lab suggest that the following are the four principal weapons that make this possible:
• Signature detection. This approach gives you the ability to spot malicious code, among other things.
• Behavior monitoring. By adopting this technique, you can do things like spot malicious activity in a computer or determine if a suspicious file will respond to virtual bait
• Blacklisting. This is a mechanism for blocking access to sites and files that are included on a list of undesirable entities.
• Whitelisting. With this approach, essentially the opposite blacklisting, users are only allowed access to sites and files on a list of entities known to be harmless; access is denied to sites and files that aren’t on the list.
Each of the four has its supporters and detractors, and all the anti-malware software vendors queried for this article said they use some form of all four weapons, in combination.
Other defenses include firewalls, which can prevent intrusions and — with Windows at least — are part of the operating system, and periodic vendor patches to address vulnerabilities.
Frequency of cyberattacks
The frequency of different types of attacks experienced during a four-week period in 60 companies benchmarked.
Viruses, worms, trojans 100%
Web-based attacks 63%
Denial of service 50%
Malicious code 48%
Malicious insiders 42%
Phishing/social engineering 42%
Stolen devices 33%
Source: Ponemon Institute/HP Enterprise Security “2013 Cost of Cyber Crime” study.
A question sometimes raised is whether there are more advanced weapons that we haven’t yet learned about. “I’ve heard that [the anti-malware vendors] have better defenses up their sleeve that they choose not to release since they are not necessary yet, and they don’t want to tip their hand,” says Zeltser.
The vendors deny this. “Our secret weapons are in force every day — it’s a daily battle,” says Tony Anscombe, an executive at anti-malware software vendor AVG Technologies. Indeed, if vendors had something that can stop all viruses “it would be foolish to wait to use it,” says Kevin Haley, spokesman for anti-malware software vendor Symantec. “It would be a competitive advantage” to help sell more software, he points out.
Either way, the end result is that anti-malware software vendors can now respond to a new (or “zero-day”) exploit within two hours, although complicated exploits may require subsequent follow-up, says Haley.
In parallel, there have been efforts to make software less vulnerable to infection. For instance, Tim Rains, director of Microsoft Trustworthy Computing, says that Microsoft has revamped the code libraries used by developers to remove errors and vulnerabilities.
There are no types of malware for which there are no defenses that we are currently aware of.
Roel Schouwenberg, researcher, Kaspersky Lab
As a result, he notes, stack corruption was the vulnerability exploited 43% of the time in 2006, but now it’s used only 7% of the time. He also cites a study conducted in 2011 by analyst Dan Kaminsky and others indicating there were 126 exploitable vulnerabilities in Microsoft Office 2003, but only seven in Office 2010.
Years of security-related software patches downloadable by users have also had a measurable effect. Rains cites statistics derived from executions of Microsoft’s online Malicious Software Removal Tool, which showed that systems with up-to-date protection were 5.5 times less likely to be infected.
As of December 2012, the rate was 12.2 infections per 1,000 machines for unprotected systems vs. 2 per 1,000 for protected systems. The global average was 6 infections per 1,000.
On the other hand, infections still happen. But even the nature of the infections seems to have reached a state of equilibrium.
Today’s attacks: Two broad categories
Roger Thompson, chief security researcher at security testing firm and Verizon subsidiary ICSA Labs, divides today’s most common infections into two categories: APT (“advanced persistent threat”) and AFT (“another freaking Trojan.”)
New examples of APT malware appear about once a month, are aimed at a particular target and are produced by organizations with impressive resources, abilities and patience, he says. The classic example is the Stuxnet virus of 2010, whose goal appears to have been to make centrifuges in Iranian nuclear research labs destroy themselves by spinning too fast.
“Each one is different and scary,” Thompson notes.
As for AFTs, self-replicating malware is no longer the infection vector of choice, with attackers preferring to launch drive-by attacks from infected websites against victims who were tricked into visiting. (However, worms and older malware are still lurking on the Internet, and an unprotected machine can still get infected in a matter of minutes, sources agree.)
Average annualized cybercrime cost
These costs are weighted by attack frequency in 60 companies benchmarked.
Denial of service – $243,913
Malicious insiders – $198,769
Web-based attacks – $125,101
Malicious code – $102,216
Phishing/social engineering – $21,094
Stolen devices – $20,070
Botnets – $2,088
Viruses, worms, trojans – $1,324
Source: Ponemon Institute/HP Enterprise Security “2013 Cost of Cyber Crime” study.
The acquisition of new Trojans appears to be limited only by a researcher’s ability to download examples, experts agree; hundreds of thousands can be collected each day. Many examples are simply members of long-standing malware families that have been newly recompiled, and some malicious websites will recompile their payload — creating a unique file — for each drive-by attack. There are probably no more than a thousand such families, since there is a finite number of ways to take over a machine without crashing it, notes Thompson.
The initial infection is usually a compact boot-strapping mechanism that downloads other components. It may report back to the attacker on what kind of host it has infected, and the attackers can then decide how to use the victim, explains Zeltser.
These days, an infected home system is typically hijacked by the attackers for their own use. With a small enterprise, the object is to steal banking credentials, while with large enterprises, the object is typically industrial espionage, Murray explains.
While the anti-malware vendors have adopted a multi-pronged strategy, so have the attackers — for instance, writing malware that does not stir until it sees that it is not in the kind of virtual machine used to trick malware into revealing itself.
Meanwhile, the attackers have formed their own economy, with a division of labor. “Some are good at crafting malware, others are good at infecting systems, and others are good at making money off the infections, such as by sending spam, or by launching distributed-denial-of-service attacks, or by pilfering data,” says Zeltser.
“You can buy the software required to do the account takeover, and then to convert the money into cash you hire mules,” Murray adds.
New battlefields include XP, Android
But while many pundits expect to see a continued cycle of attack and defense, they also foresee additional future dangers: Windows XP may become unusable because of the support situation, and the Android smartphone environment may be the next happy hunting ground for malware.
For its part, Windows Vista is no longer receiving mainstream support, but Microsoft has announced the company will continue issuing security updates for the OS through mid-April 2017.
Windows XP, released in 2001, is still widely used, but Microsoft will stop issuing security updates for it after April 2014. At that point, Microsoft will continue to issue security updates for Windows 7 and Windows 8, and after each one is issued the malware writers will reverse-engineer it to identify the vulnerability that it addresses, Rains predicts.
“They will then test XP to see if the vulnerability exists there, and if it does they will write exploit code to take advantage of it,” Rains says. “Since XP will never get another update, the malware writers will be in a zero-day-forever scenario. If they can run remote code of their choice on those systems it will be really hard for anti-virus protection to be effective. The situation will get worse and worse and eventually you will not be able trust the operating system for XP.”
“People should not be running XP,” agrees Schouwenberg. “When it was written the malware problem was very different than it is today. It had no mitigation strategies and is extremely vulnerable.”
Android, meanwhile, is going like gangbusters on smartphones — outselling Apple’s iOS phones in the third quarter of this year, according to Gartner — making it a huge target for crackers.
Experts see many parallels between Android’s development and the early history of the Windows market, with hardware vendors adapting a third-party operating system for their products, leaving no single party ensuring security. And with the Android market, the additional involvement of telecommunications carriers is a complicating factor.
Average days to resolve attack in 60 companies benchmarked
Malicious insiders include employees, temporary employees, contractors and, possibly, business partners.
Malicious insiders – 65.5
Malicious code – 49.8
Web-based attacks – 45.1
Denial of service – 19.9
Phishing/social engineering – 14.3
Stolen devices – $10.2
Malware – 6.7
Viruses, worms, trojans – 3
Botnets – 2
Source: Ponemon Institute/HP Enterprise Security “2013 Cost of Cyber Crime” study.
“It is not like the case with Apple, which can push security updates to every iPhone in the world in one day,” says Schouwenberg. “With Android, the manufacturer has to implement the patches and then go through certification with the carrier before the patches are deployed. Assuming your phone still gets security updates it may be months before you get them. That would not be considered acceptable with a laptop.”
“Android is in a position that Windows was in a few years ago; there is not enough protection,” adds Johannes Ullrich, head of research at the SANS Technology Institute, which certifies computer security professionals.
Is there hope?
Returning to the ecology metaphor, sometimes the impact of an asteroid will drive species into extinction. And, indeed, sources can point to extinction types of events in the short history of the malware biosphere.
Thompson, for instance, points out that the adoption of Windows 95 drove MS-DOS malware into extinction by adding protected mode, so one program could not overwrite another at will. Microsoft Office 2000 drove into extinction (PDF) malware based on Office 1995 macros by adding a feature that basically required user permission before a macro could run. Windows XP Service Pack 2 in 2004 set the Windows firewall on by default, wiping out another generation of malware.
The success rate for social engineering is phenomenal.
John Strand, network penetration tester, Black Hills Information Security
“But there is no extinction-level-event in sight to wipe out the current Trojans,” Thompson says.
Even if there were such a miracle, attackers could fall back on persuasive email, officious phone calls, smiling faces or other non-technical manipulations usually referred to as “social engineering.”
“The success rate for social engineering is phenomenal,” says John Strand, network penetration tester with Black Hills Information Security in Sturgis, SD.
People will call in pretending to be from a help desk, suggesting that the user download (infected) software. Or plausible emails such as a delivery notification will entice users to click on infected links, he explains.
And then there’s software that tells the user to disable the system’s malware protection “to ensure compatibility.” “I don’t think there is any legitimate software that needs you to disable security protection for compatibility reasons,” says Schouwenberg. “But some software does ask you to disable it during installation, creating a precedent, so they think it’s all right when they get email from a website telling them to turn it off.”
Even if users are trained to resist such ploys, smiling people with clipboards and faux badges may show up at the front desk saying they need to inspect the server room on some pretext — and they’ll probably be allowed in, says Strand.
Beyond that, large numbers of log-in credentials to corporate networks are always for sale at various malicious sites, because people have registered at third-party sites using their office email addresses and passwords — and those sites were later compromised, Strand adds.
“The good news is that it is relatively easy to defend against most malware, if you use up-to-date anti-virus software, run a firewall, get security updates and use strong passwords,” Rains says. “These techniques can block the major attacks used today and probably for years to come.”
“The best practices I was telling people about 10 years ago I still have to tell people about today,” Haley adds. “Have good security software, update the system and use good common sense. Don’t link to email that doesn’t seem right.”
Finally, Pescatore suggests looking to the field of public health (rather than the military or ecology) for a metaphor about living with malware. “We have learned to wash our hands and keep the cesspool a certain distance from the drinking water,” he notes. “We still have the common cold, and we still have occasional epidemics — but if we react quickly we can limit the number who are killed.”
Samsung’s new big-screen phone has a lot of great qualities, but a handful of issues keep it from reaching its full potential. So is it the Android device for you?
Citizens of the smartphone-using world, hear this: When it comes to what you carry in your pocket, size definitely matters.
Just look at Samsung’s new Galaxy Note 3. The device is the latest in a line that brought big back into style — and now, plus-sized phones are a category all their own.
Lucky for Samsung, size isn’t the only thing that sets the Note 3 apart. The phone’s S Pen stylus opens the door to some interesting and innovative ways of interacting with a smartphone — and this latest model offers some meaningful improvements over its predecessors in both form and functionality.
While the phone has plenty of attractive qualities, though, it also has some noteworthy downsides. So all considered, is it a phone worth buying?
Galaxy Note 3
Galaxy Note 3
I’ve been living with the U.S. model of the Note 3 for several days to find out. Read on to see what the new Note is actually like to use in the real world — and whether or not it’s the right device for you.
(The Galaxy Note 3 is available now on AT&T for $300 with a new two-year contract, Sprint for $250 with a new two-year contract, and T-Mobile for $0 down and a two-year $29.50/mo. payment plan. It’ll be available on Verizon starting October 10 for $300 on contract. U.S. Cellular has said it will sell the phone sometime in October as well but has yet to announce any specific pricing or availability details.)
Body and screen
It may seem obvious, but it has to be mentioned: The Note 3 is a large device. Like, really large.
At 5.95 x 3.12 x 0.33 in. and 5.93 oz., the new Note is significantly bigger than any standard-sized smartphone. As such, it’s not going to be for everyone: The device can be rather uncomfortable to hold in one hand and even more awkward to hold up to your ear for a call. Depending on your gender and pant preferences, it’ll range from being uncomfortable to carry in your pocket to impossible to fit in it at all.
That’s not by any means to say it’s an outright bad form; these days, plenty of people prefer a plus-sized device that’s able to provide the benefits of a smartphone and the screen space of a tablet. I’d simply suggest stopping by a brick-and-mortar store and holding one for yourself to see how it feels to you.
For owners of past-generation Galaxy Note devices, the Note 3 certainly won’t seem outrageous; in fact, it’s pretty darn close to the same size as last year’s model. And thanks to slimmed down bezels, it packs a beefed-up 5.7-in. display, up from the 5.5-in. screen on the Galaxy Note 2.
At about 386 pixels per inch, the Note 3’s 1080p Super AMOLED display looks fantastic: Details are sharp and colors appear rich and brilliant. Display aficionados may note that the display looks somewhat oversaturated — as Samsung devices often do — but for the vast majority of smartphone users, this thing’s gonna be a treat for the eyes.
AMOLED screens in general tend to suffer in sunlight more than their LCD counterparts, but Samsung has made some significant strides with the Note 3’s display: Thanks in part to ramped-up brightness capacity, the Note 3’s screen remains perfectly viewable even in the glariest of conditions. To my eyes, it doesn’t quite match the outstanding outdoor visibility of a top-of-the-line LCD-packing phone like the HTC One, but it’s not at all bad and marks a massive leap forward from past Samsung products.
The Galaxy Note 3 has a silver plastic trim that’s made to look like metal around its perimeter. A volume rocker lives on the left side, while a power button sits on the right. On the phone’s top is a 3.5mm headphone jack and on the bottom is a special USB 3.0 charging port that doubles as an HDMI out-port with the use of an MHL adapter.
The inclusion of USB 3.0 is a nice touch: The phone charges ridiculously fast when you use the included USB 3.0 cable and wall adapter, and the port can provide extra-speedy data transfers if your computer supports USB 3.0. The Note works with regular micro-USB cables, too — you just plug them into the right side of the port — though you obviously won’t get the faster charging and data-transfer speeds when you go that route.
The Note 3 has one small speaker on its bottom edge, to the right of the charging port. The sound quality is decently loud and clear by smartphone standards, though nothing to write home about.
Next to the speaker is the slot for the phone’s S Pen stylus — a highlight of the device that I’ll get to in a minute.
Design and build quality
First, let’s talk design, shall we? Samsung has long suffered the wrath of many a reviewer (myself included) for its cheap-feeling plasticky constructions. With the Note 3, the company is clearly trying to step things up and provide a phone with a more premium body.
In some regards, it’s succeeded: The Note 3 ditches Samsung’s long-favored glossy plastic back for one with a textured faux-leather finish. The material feels softer and more pleasant to the touch and has a less toy-like (and fingerprint smudge-attracting) appearance than what I’m used to from Samsung. It’s still a bit on the chintzy side — thanks mainly to the somewhat tacky fake stitching around the panel’s perimeter — but it’s definitely an improvement over past Samsung products.
That said, it’s all relative, and the Note 3 still feels less thoughtfully designed than devices like the HTC One or the Moto X. When I peeled off the phone’s thin back panel, for instance, the covering for the camera lens popped right out. I had to futz around with it to get it back in place, bending its flimsy-feeling metal support legs to force it to stay attached before putting the cover back on.
Galaxy Note 3
When the reviewer peeled off the phone’s thin back panel, the covering for the camera lens popped right out.
The phone’s physical Home button, meanwhile, is slightly loose and subtly shifts around with each pressing, often looking crooked as a result (something other early users have also noticed). These kinds of things just don’t scream “premium build” to me.
Speaking of buttons, the Note 3 uses the same odd and dated hybrid button setup Samsung has long clung onto, with a physical Home button flanked by capacitive Menu and Back buttons (the former of which was phased out of the Android platform years ago). This design choice results in some meaningful downsides when it comes to user experience, ranging from hidden and hard-to-find options to an awkward contrast in button sensitivity, especially when using the S Pen.
The setup also forces an almost comical number of inelegant workarounds. You long-press the Home button to get to the Android app-switching tool, for example, and double-press it to get to Samsung’s S Voice voice-control utility. You long-press the Menu button to load Samsung’s S Finder search app and long-press the Back button to load Samsung’s own Multi Window multitasking tool. A single press of the Home button, meanwhile, will usually take you to your home screen — except if you’re already on your main home screen, in which case the same action will pull up the Note’s integrated news-viewing application.
Got all that? Yeah — me neither. It’s not exactly what you’d describe as user-friendly design.
Under the hood
The Galaxy Note 3 runs on a 2.3GHz Snapdragon 800 quad-core processor along with 3GB of RAM. That kind of horsepower should result in flawless performance, but — as we’ve seen with other recent Samsung devices — the Note 3 suffers from some baffling performance imperfections.
For most tasks, the phone is plenty fast: App loading and multitasking are generally fine, and Web browsing is satisfyingly smooth and swift. But the phone has occasional lags and jitteriness, and just doesn’t feel as snappy as other devices in real-world use.
The worst offender is the Note’s Gallery app: I regularly counted five to 12 seconds from the time I tapped the app until it was fully opened and ready to use. The same sort of delay was present when tapping folders within the Gallery. Given the phone’s hardware capabilities, this is a pretty clear indication to me that Samsung’s software is doing something wrong.
The Note 3 does perform admirably in the realm of battery life: The phone’s 3200mAh battery — which, in a move that’ll delight hardcore power-drainers, is removable and replaceable — always managed get me safely from morning to night. Even on days when I had moderate to heavy use — as much as four hours of screen-on time with half an hour of phone calls, half an hour of video streaming, and a few hours of scattered Web browsing, camera use and social media activity — the Note 3 consistently had around 30% of its charge left by bedtime.
All U.S. models of the Galaxy Note 3 ship with 32GB of internal storage, which leaves you with about 23GB of usable space once you factor in the operating system and various preinstalled software. The phone also has a microSD card slot that lets you add up to 64GB of external storage.
The Note 3 supports near-field communication (NFC) for contact-free payments and data transfers. It also has an IR blaster for controlling your TV and other remote-based electronics. The Note doesn’t support wireless charging, though it appears Samsung will sell a separate Qi-enabled case that’ll provide that functionality.
While the Galaxy Note has full LTE support, the model I tested was connected to Sprint’s network — which has pretty spotty coverage in my area — so data speeds weren’t great for me. Voice calls sounded fine, though; I was able to hear people with zero distortion and the lucky souls with whom I spoke reported being able to hear me A-OK.
The Galaxy Note 3 comes with a 13-megapixel main camera that’s capable of capturing great-looking images. I did notice a fair amount of noise in some shots that were zoomed in at full resolution, but for most common uses of smartphone photos — like online sharing and standard-size printing — the Note 3’s camera should more than meet your needs.
The exception is in low-light conditions, where the Note 3 — like most smartphones — struggles, especially compared to a low-light-optimized device like the HTC One.
The Note 3’s camera interface is easy enough to use, if a little bloated with silly and gimmicky features. All in all, it’s quite similar to what we saw on the Galaxy S4.
There are, however, a few Note 3-specific camera qualities worth noting:
The Note often seems to stick on a “Processing” message for a few seconds after capturing a photo. This can be annoying when you’re trying to capture photos fast.
The phone’s “burst” mode, in which you can capture multiple shots rapid-fire by holding down the shutter button, was also a bit finicky in my experience and sometimes wouldn’t activate.
The Note 3 has a new camera mode called Surround Shot, which is Samsung’s version of Google’s 360-degree Photo Sphere feature. This was a curious omission in the Galaxy S4; it’s nice to see it showing up here.
The Note 3 is capable of capturing 4K resolution videos, but since most people don’t have TVs or displays that support that resolution, the capability probably won’t mean much for you in practical terms at this point — aside from getting files that take up a massive amount of space on your smartphone’s storage.
The Galaxy Note 3 also has a 2-megapixel HD front-facing camera for all your selfie-snapping and video-chatting needs.
The S Pen
Even if you’re convinced you’d never want a stylus, a few days with the Galaxy Note 3 might just change your mind. The phone’s S Pen is a fun and potentially productivity-boosting element of the device that goes a long way in setting it apart from the competition.
The pen’s actual construction, not surprisingly, isn’t its greatest strength: The stylus is plastic and feels light and insubstantial, almost to the point where you fear that squeezing it too hard might cause it to snap. Its single button is also hard to find by touch alone, since the pen feels the same on its top and bottom edge.
But once you get used to its form, the S Pen is packed with power. Pull the pen out of the Note 3 and you’ll immediately see a new pie-chart-style menu called Air Command on your screen; this new element helps make the stylus feel more like a core part of the Note experience than it ever has before.
Galaxy Note 3
The Air Command menu gives you easy access to a handful of primary S Pen functions.
The Air Command menu — which you can also summon anytime by clicking the pen’s button while holding it over the screen — gives you easy access to a handful of primary S Pen functions. The most useful is Action Memo, which lets you jot down quick notes with the pen. You can either save them for later reference or convert them into action-oriented tasks, like shooting a handwritten phone number into the Phone app for dialing or converting a handwritten note into a ready-to-send email.
What’s vexing, though, is that Action Memo is treated as a separate entity from S Note — the more fully featured note-taking app for S Pen use. Notes written in Action Memo are not accessible in S Note; instead, they’re saved in a separate area that’s accessible only by tapping an unlabeled icon in the Action Memo app.
Confusing overlap aside, the separation between the two apps is frustrating because S Note offers the option for automated syncing with Evernote, which makes all of your handwritten notes available and searchable from any mobile device or PC. The syncing has been seamless and instant in my experience, but any notes taken in Action Memo — which, remember, pops up as part of the Air Command menu while S Note does not — aren’t included.
The Note 3 itself does a good job of letting you search through handwritten notes on the device with its S Keeper function. I also really like its system-wide handwriting-to-text functionality: Anytime you’re in a text field, you can hover the pen over the screen and tap a special icon to input text by writing. The Note converts your handwriting into regular text and puts it right into your document, email or whatever you’re composing.
Even with my embarrassingly sloppy penmanship, the system did an impressively good job at deciphering (most of) my words. Particularly with longer messages, I often found it quicker to input text like that than by using a traditional on-screen keyboard.
Galaxy Note 3
Action Memo lets you jot down quick notes with the pen.
Unfortunately, the handwriting-to-text functionality doesn’t work everywhere, as it’s supposed to; I encountered a handful of apps, including Chrome, Twitter and Google Drive, where I couldn’t get the handwriting-input icon to show up. That inconsistency was irksome.
While some of the other S Pen functions struck me as more gimmicky than practical, the stylus also holds serious value for artists or anyone who wants to sketch or scribble on the go. The Note 3 ships with a version of Autodesk’s Sketchbook software that shows off the pen’s excellent accuracy and pressure sensitivity. And while the bundled Polaris Office app does a poor job at stylus-based PDF markup, programs such as RepliGo PDF Reader ($3) or the fully featured OfficeSuite Pro ($15) work well with the pen for that purpose.
Last but not least, Samsung has included a smart feature called S Pen Keeper that sounds an alert on the device anytime it’s separated from the stylus by a certain distance. It kept me from leaving the pen behind on a couple of occasions; you just have to be sure to head into the phone’s settings and enable it right away, as it’s deactivated by default.
The Galaxy Note 3 runs custom Samsung TouchWiz software based on the Android 4.3 (Jelly Bean) operating system. Aside from the aforementioned S Pen elements, it’s essentially the same user interface and feature set present in the Galaxy S4.
There are, however, a handful of new features in the Note 3’s software:
Samsung’s Multi Window multitasking feature has a few new tricks up its sleeves. The feature — which lets you split your phone’s screen in half and have two apps open and visible at the same time — now allows you to drag and drop content between windows. With certain programs, like chat services, it also lets you have two instances of the same app open side-by-side.
With the Note 3’s large screen in particular, I found Multi Window to be both cool and useful for times when I wanted to write an email while referencing a Web page, for instance, or look something up in Chrome while watching a YouTube video. Even if you only use it once in a while, it’s a valuable option to have.
The Note 3’s new news-viewing tool, My Magazine, is unnecessary and annoying. It’s basically just a custom-branded and dumbed-down version of Flipboard, and it’s integrated into the Note at such a core system level that it’s hard to avoid and easy to launch by mistake.
Excellent Google services take a back seat to subpar Samsung alternatives on the Note 3, even more so than on past Samsung devices. The Note 3 has system-wide access to the shoddy S Voice app, for instance, but not the far superior native Android Voice Search tool. And there’s no longer a system-wide shortcut to get to the frequently praised Google Now intelligent assistant.
From a corporate-goal perspective, it’s not difficult to understand Samsung’s motivation in promoting its own services over Google’s — but from a user-experience perspective, given the sharp drop in quality, it’s disappointing.
At a Glance
Galaxy Note 3
Price: $300 at AT&T, $250 at Sprint, $300 at Verizon Wireless (starting October 10) with a new two-year contract; T-Mobile for $0 down and a two-year $29.50/mo. payment plan; U.S. Cellular sometime in October (no price yet available)
Pros: Excellent display; USB 3.0 for fast charging and data transfers; microSD slot for storage expansion; good battery life; superb pressure-sensitive stylus with accurate handwriting-to-text functionality
Cons: Hardware design feels cheaper and less premium than other smartphones; dated button configuration; inconsistent performance with occasional stutters and delays; bloated user interface; sporadic software errors
I’ve encountered semi-regular software glitches while using Samsung’s S Pen apps and functions — usually several seconds of black followed by a force-close error. This kind of thing absolutely shouldn’t happen with native software on a new phone. I can only hope Samsung addresses these issues with an over-the-air update soon.
I’m not going to spend much time talking about the Note 3’s user interface, since it’s largely unchanged from the Galaxy S4, but I will say this: You’re getting Samsung’s standard mishmash of clashing colors and inconsistent elements. You can, at least, cover up some of those sins with a custom Android launcher such as Nova Launcher, Apex Launcher or Action Launcher Pro. I tested the Note with each of those apps, and all the S Pen-specific enhancements — and even general Samsung-added software features like Multi Window — were accessible and worked fine in the third-party environments.
The Galaxy Note 3 is a standout device with plenty of perks. It has a large, gorgeous screen, fast USB 3.0 charging and data transfers, and a microSD slot for storage expansion. It also has a superb stylus that’s full of interesting potential for productivity and creativity alike.
The Note is held back, though, by some troubling issues. Despite improvements over past models, the phone still feels cheaper and less premium than competing products; its dated button configuration creates awkward usage scenarios that detract from the user experience; its performance is imperfect and its software is bloated and visually inconsistent.
Still, the Note 3 has a lot of good things going for it. If you want a plus-sized phone, the new Note is hands-down the best product you can buy today. And if the functionality of a stylus appeals to you, you’ll be absolutely thrilled with what the S Pen can do.
Just be sure you’re okay with the compromises those benefits require.
Military Inspector General report states bluntly: The Army’s chief information officer “did not implement an effective cybersecurity program for commercial mobile devices.”
A report from the Inspector General of the U.S Department of Defense that’s critical of the way the Army has handled mobile-device security has been inexplicably yanked from the IG DoD public website but can still be found in the Google caching system.
The IG DoD report No. DODIG-2013-060, entitled “Improvements Needed With Tracking and Configuring Army Commercial Mobile Devices,” dated March 26, flatly states the Army’s chief information officer “did not implement an effective cybersecurity program for commercial mobile devices.” The Inspector General of the DoD is the independent oversight division in the DoD that investigates whether the DoD is operating effectively and efficiently.
The report was apparently removed from the IG DoD website after a handful of news organizations wrote about it, but so far the IG DoD hasn’t responded to questions about the report’s sudden disappearance.
The report is highly critical of the way the Army in terms of weakness in its cybersecurity program as pertains to commercial mobile devices, aiming the brunt of its criticism at the Army CIO.
Lt. General Susan Lawrence was named Army CIO in 2011.
The report, prepared by Alice Carey, Assistant Inspector General of Readiness, Operations and Support in the DoD’s Inspector General office in Alexandria, Va., summarizes what IG DoD found as it sought to discover how the Army was managing and securing smartphones and tablets, specifically those based on the Apple iOS, Android or Windows mobile operating systems.
The IG DoD report says it received a list of more than 14,000 of these types of commercial mobile devices (CMD) used throughout the Army between October 2010 through May 2012, and went directly to two sites to “verify when the CMDs in use were appropriately tracked, configured, and sanitized, and followed policy for using CMDs as removable media.”
The two sites were the U.S. Military Academy at West Point, N.Y. and the U.S. Army Corps of Engineers Engineer Research and Development Center in Vicksburg, Miss.
The mobile devices in question were used in both a pilot mode and in non-pilot mode, the report says. The IG DoD concluded the Army CIO has failed to implement an effective cybersecurity program for these, however. “Specifically, the Army CIO did not appropriately track more than 14,000 CMDs purchased as part of pilot and non-pilot programs,” the report states.
In addition, the devices weren’t configured to secure data stored on them, nor were the devices required to be “sanitized” before transfer or in the event of loss. There was also said to be inadequate training and user agreements specific to the devices.
“In addition, the Army CIO inappropriately concluded that CMDs were not connecting to Army networks and storing sensitive information; and therefore, did not extend current IA [information assurance] requirements to use of the CMDs. Without an effective cybersecurity program specific to CMDs, critical IA controls necessary to safeguard the devices were not applied, and the Army increased its risk of cybersecurity attacks and leakage of data,” the report says.
The report notes that a specific DoD memorandum from two years ago laid out security objectives for commercial mobile devices, including using an enterprise management system, encrypting and sanitizing sensitive DoD information stored on them, e-mail encryption and installing “designated authority-approved software and applications,” plus training.
At the two sites the IG DoD visited, no mobile-device management application had been put into use by the CIOs there, and password configuration of devices often left to individual users. It noted sometimes cadets at the U.S. Military Academy used the mobile devices they’d been given as personal devices and as “removable media to transfer and store sensitive case files and evidence related to Cadet Honor Committee hearings.”
In one instance at the U.S. Army Corps of Engineers, the IG DoD found one user with a non-pilot CMD using it to transfer research documents and personally identifiable information from a networked computer.
The report concluded the Army CIO hadn’t adequately tracked the devices in question, noting in several hundred cases it looked at, the Army CIO was unaware of the devices in use and maintained faulty accounting about it all.
Army and Command CIOs have taken some actions to improve, the report states, either by ordering the activities such as using CMDs as removable media to cease or placing a moratorium on acquisition of new CMDs The report mentions use of the AirWatch MDM software to address some of the IG DoD concerns.
The report concludes the CIO of the Army needs to develop a clear and comprehensive policy for reporting and tracking all commercial mobile devices. The head of the Army CIO Cybersecurity Directorate responded to the IG DoD that it maintained a SharePoint Portal and directed all Army organizations entering into a pilot to register and provide pilot documentation, among other steps. It also said it was working to manage mobile devices through an MDM system. Though expressing some dissatisfaction, the IG DoD indicated it approved of the Army CIO’s response that the Defense Information Systems Agency and the Army would have every mobile device and the applications on them under management—as well as have a Mobile Application Store–at full operating capability before the end of fiscal year 2014.
Samsung’s Galaxy S 4 will boast several new features, developed through partnerships, that could change the course of Android.
Samsung introduced the first chapter of the Galaxy S4 last night at a highly publicized gala held at Radio City Music Hall in New York City. The Galaxy S4 exceeded expectations. It is a full-featured phone with a 1080×1920 HD AMOLED display and 32 or 64GB of storage and up to 64GB of additional storage using a microSD. To appreciate this hardware and software platform, take a look at the IDG News Service or the Verge’s recaps.
A few impressive features that will need more time to take shape are Knox security, automotive navigation and safety app “S Voice Drive,” and language translation app “S Translate.” These apps and features are very complex and are beyond the resources of Samsung to deliver alone in a narrow time-to-market window. Poor execution could cause a consumer uproar on par with the Apple Maps fiasco.
Samsung introduced Knox, a secure version of Android that should be very attractive to the enterprise audience, in Barcelona at the Mobile World Congress two weeks ago. The important point about Knox in the context of the Galaxy S4 announcement is Samsung’s ability to strike partnerships with important companies. In this case, General Dynamics, a large U.S. government and military contractor, has allied with Samsung to certify the Knox version of Android for government data that is classified secret and below. In addition to security, the General Dynamics alliance brings credibility to Samsung’s offer to government and enterprise customers.
S Voice Drive is an enhancement to S Voice released on the Galaxy SIII that is targeted at voice-activated automotive navigation and safety applications. The challenge of smart mobile device apps for automotive use should not be underestimated because of the complexity of the applications and the driver distraction risks. Samsung has a unique perspective on mobile automotive apps because with Intel it is a contributor to the Linux Foundation’s Tizen project, a Linux-derivative OS targeted to provide a consistent interface across consumer devices. Tizen has been adopted by the automotive industries’ infotainment association GENIVI to serve as the automotive OS for all functions except real-time control. Android could easily be exchanged with Tizen and Tizen apps could easily be ported to Android.
The automotive industry is moving slowly towards in-car apps, but the developer ecosystem has been slow to emerge. S Voice Drive could be an important accelerator for the use of mobile apps that enhance the driving experience with information and entertainment without distracting the driver. It will be interesting to understand who Samsung’s partners are in delivering voice-based navigation. If Google is Samsung’s automotive partner, it will move Android and Google maps much closer to taking over the automotive cabin.
Samsung also introduced real-time translation of written and spoken words for 10 languages: English, French, Latin American Spanish, German, Italian, Chinese, Japanese and Brazilian Portuguese. Samsung claimed that translation would work without an internet connection, which likely means Google Translate is not the engine because Google’s language engine requires an internet connection. One of the best translation engines is the one created by the partnership of IBM and Lionbridge, which is fast and accurate enough for real-time customer service applications. It would be interesting to know who Samsung’s partner(s) is for language translation technology.
All three of these apps could change the course of Android. Samsung’s scale increases the number of companies willing to strike licensing arrangements. Its disposition towards open innovation and to designing in-technology solutions without having to own the technology provides more alternatives from which it can find the best approach and more flexibility in making mid-course corrections as markets evolve. Hopefully, Samsung announces its S Voice Drive and S Translate partners soon.
All quiet on the Galaxy S IV front, but plenty going on elsewhere.After a CES week during which the Android world was all a-twitter over a device that wasn’t even revealed at the show, the previously hyperactive Galaxy S IV rumor mill has quieted down, mostly. It’s likely to only be a momentary respite, however, as the device is heavily tipped to be released at the Mobile World Congress in Barcelona next month.
MORE OFFBEAT: The dumbest products of CES 2013
Perhaps the biggest news on the most hotly anticipated Android device so far in 2013 is that an ostensible screenshot of mobile benchmarking results has been published by a Japanese-language blog), which points out that the 1.8GHz CPU speed matches up with Samsung’s Exynos 5 Octa eight-core SoC. (More on the Octa later.)
Given the source, it’s important to remember that this should be taken with many grains of salt – even the inclusion of the point about the Exynos 5 Octa could easily be read as a little too circumstantially convenient. (Like Manti Te’o confessing to Lance Armstrong on Oprah or something.)
Still, I can’t deny that the pairing of Samsung’s two biggest headline grabbing topics makes sense. We’ll see what happens (probably) at MWC at the end of February.
Speaking of the Exynos 5 Octa, Qualcomm CEO Paul Jacobs is unsurprisingly not a fan, according to a report from Unwired View. Essentially, he told reporters in China yesterday, Samsung is just covering for the fact that the four high-performance Cortex-A15 cores drain a ton of power by jamming four slower but less demanding Cortex-A7s into the SoC alongside them, and attempting to reap a publicity windfall by boasting about their eight-core processor.
While Jacobs is correct in noting that all eight of the Octa’s cores won’t operate at the same time, I’m not sure why he’s saying this means the SoC is going to suck. OK, so it’s not a “true” eight-core SoC, but the idea of using the low-power cores for light work and switching to the A15s for more serious tasks still makes sense, and could well back up Samsung’s claims of improved battery life and better performance. Seems like fairly ineffectual spin to me.
The Nexus 4 official wireless charger has appeared on the site of Norwegian store Dustin Home, providing a slick pad on which to charge the Nexus 4 that you still probably don’t have. Presumably, this means that it’ll become available soon in the U.S., but this is a product release story involving the phrase “Nexus 4,” so who really knows?
(Hat tip: Android Central)
But wait! The Nexus 4’s availability problems will soon be a thing of the past, according to an LG executive who spoke to Challenges.fr Wednesday. LG France director of mobile communication Cathy Robin says production of the Nexus 4 is due to increase by mid-February, which could ease the supply crunch. As of this writing, both the 8GB and 16GB models are still sold out on the Play Store.
(Hat tip: r/Android)
Android Police has what it says is an internal Sprint document, which asserts that the company plans to offer a $400 device credit to new family plan customers who port at least one line in from a competitor. The deal’s supposedly set to roll out tomorrow, so you don’t have long to wait, if you’re interested.
All quiet on the Galaxy S IV front, but plenty going on elsewhere.
As Lumia 900 launch looms, analyst says Nokia, Microsoft need BlackBerry users to switch to Windows Phone
Computerworld – Nokia’s Lumia 900 smartphones will reach AT&T stores on Sunday for $99.99, and one analyst said it could be the start of something big: Windows Phone as a market disrupter between the successful iPhone and Android phones.
Windows Phone, Microsoft’s mobile operating system that’s used by Nokia in its Lumia line of smartphones, is so far a small portion of the smartphone market, less than 3%. Still, Forrester analyst Sarah Rotman Epps said in a blog Thursday that the smartphone market is “ripe for disruption … and every player in the ecosystem (other than Google and Apple) wants a third player to wedge between Google and Apple.”
Epps went on to argue that Nokia and Microsoft should try to convert every BlackBerry user to Windows Phone within two years. BlackBerry usage is declining and today makes up 8% of the global smartphone market. Grabbing those customers “would be a modest but achievable gain for Windows Phone,” she said.
Attracting former BlackBerry users and a portion of Nokia’s Symbian users in China and India to Windows Phone “positions Nokia and Microsoft as a viable third platform and foil for Google-Apple hegemony,” Epps said. “In the dog-eat-dog smartphone market, viability in itself can be disruptive.”
Epps admitted that she is a strong supporter of Windows Phone and has used the OS on the HTC Trophy and Samsung Focus Flash as her personal phones. “I will say it loud and say it proud: I love my Windows Phone,” she wrote.
The coming Lumia 900, which she now uses as a review unit, is priced right at $99.99 to attract new smartphone users and to lure BlackBerry customers who are already paying their carriers for data plans. Since BlackBerry maker Research In Motion said it won’t have new smartphones soon, BlackBerry customers should be a prime target, she added.
Nokia and Microsoft have “built a great product,” Epps contended. In an interview, she said she likes the Lumia 900’s industrial design, including the slim form factor and a body that has a “satisfying tactile feel.” She said the screen resolution is better than the Trophy and has a front-facing camera that the Trophy lacks.
Epps said the Windows Phone interface uses live tiles that can keep her husband’s contact information and status right on the home screen, an example of how the OS lives up to its brand promise of “putting people first.” “I personally do feel a strong emotional connection with Windows Phone, and before that I had BlackBerry, so it’s the first phone I’ve ever really loved,” she said.
Some reviewers, including Walt Mossberg of The Wall Street Journal, pointed out a weak Web browser on the Lumia 900 among other concerns. “Overall, I consider the Lumia 900 a mixed bag,” Mossberg wrote. “Unless you are a big Windows Phone fan, or don’t want to spend more than $100 upfront, I can’t recommend the Lumia 900 over the iPhone 4S or a first-rate Android phone like Samsung’s Galaxy S II series.”
Epps agreed that Nokia, Microsoft and AT&T are not going to persuade an iPhone user to use Windows Phone, but maintained the Lumia 900 could attract BlackBerry and first-time smartphone buyers.
Nokia and AT&T have said they will promote the Lumia 900 in AT&T stores with more floor space and promotional signs than other phones and by training sales reps to show it off. To Epps, AT&T’s support is the biggest key to Lumia 900’s success, and Nokia has offered AT&T an attractive-enough profit margin on sales of the phones to promote it well.
“Carriers sell the phones they can make the most money on,” she said. “He who pays the operator sells the phone.”