Ok, this is a backwards observation.

One of my hot buttons is to spot “cyber security principles,” that is, general but pointed observations on how to improve cyber security.

A long-held principle is “Keep it Simple, Stupid.” Thanks to Moore’s Law and the constantly falling price of ever bigger, faster, and more complex tech, no one puts much effort into keeping things simple. The extra features draw more customers even if they make the tech more fragile.

So, I like this post by Preston Galla that highlights security failures on Android phones. The failures mostly arise from crapware – software added by a vendor to offer distictive features to a phone, but features that bring the vendor more money. Such software is often cheap and unreliable. Not surprisingly, it’s also the source of most Android phone vulnerabilities.