The day when Android devices get updates direct from Google, whether the retailer objects or not, just got a little closer.
(Although as said, Stagefright is a bigger issue.)
Trend Micro peeps say they have discovered a security bug that miscreants can exploit to seemingly murder millions of Android smartphones. A device will appear lifeless and unable to make calls, with a dead screen and no sound output, if an attack is successful, we're told. All a victim has to do is visit a dodgy webpage, or …
"The day when Android devices get updates direct from Google, whether the retailer objects or not, just got a little closer."
Has it? Android Wear-style updates from Google are definitely preferable to the current strategy but I don't really see any signs of this. In response to the Stagefright vuln Google have patched AOSP and sent fixes to manufacturers, and they'll do what they can in Google Play Services, but I haven't seen anything to indicate they plan to address Android's update mess. That said Google are notoriously opaque so who can really say.
A patch to fix the hole is on its way, we're told
How many of the close to a billion Android devices out there will get this patch?
It might be easier to win the Lottery.
The whole patching/update thingy with Android is a disaster waiting to happen. Device makers just won't update anything that does not run the version of Android they are currently shipping.
Google needs to (IMHO) get tough with the people who use their software and make them supply at least updates like this for devices that are running all version of Android from 4.0 onwards.
Othereise the mantra, "don't update the software on your phone, just update (viz change) the phone" will become ever closer to reality. Even more tech kit for landfill.
I'm sure this is one of Google's biggest fears - what if Microsoft decides to go all-in with Android, and builds a version that replaces Google Search with Bing, GMail with Outlook 365, and so forth? If Windows 10 Mobile flops, and Microsoft gives up on Windows on phones, they might go this route.
Microsoft would probably not care if they made any money on this, as it would hurt one of their biggest competitors. Might also hurt Apple as far as getting iOS in the enterprise, since this Microsoft Android OS would likely work better with Windows services and have better enterprise manageability.
This isn't going to fix the problem with Android updates (which really isn't Google's fault, no one but Apple and maybe Samsung has enough clout with carriers to keep full software control) but a major security incident on Google Android could really hurt its image and help Microsoft's version.
"In present times I t's a brave handset maker than tells The Big G to shove it."
Suppose a consortium of these manufacturers chose to cobble together and buy out crumbling Blackberry and use their BB10 OS (which if you'll remember now has an Android compatibility layer) instead?
I have an icky question: if Android is so "open", why does everyone have to wait for Google to fix something? On Linux it takes but a bored hack to come up with a temp patch for problems, usually within hours, until a formal fix arrives. If Android is so open, why does that not happen *at all* with Android?
Or is this where myth and reality clash?
You can flash a custom ROM which will likely have this patch applied but that will almost certainly void your warranty.
The problem with Android isn't really anything to do with its source code's openness (except in that because it is open source at least there is an unofficial way to patch your handsets). The problem is really in the lack of any central update mechanism independent of the manufacturer and operator.
> You can flash a custom ROM which will likely have this patch applied but that will almost certainly
> void your warranty.
It depends on the phone (and the process you use) - my previous HTC m7 and my current OnePlus One both maintained the *hardware* warranty if rooted and reflashed.
Might as well get a Blackberry :-P.
At least it wouldn't have these bugs and BB OS can and will get security updates by BB without third party manufactures preventing you from getting them... :-).
So.. now the Blackberry Leap doesn't look so bad now for £195 on amazon....
(PS: I have currently have an Android myself...)
I can hardly believe I'm saying this, but maybe Google have something to learn from Windows in this case. HP, Dell and co sell hardware with Windows on, they take care of the customer support, they provide whatever drivers are needed and get to customise the UI with whatever addons pay them the most - but the updates all still come straight from MS Update, you don't get Dell insisting the only way you can get a current version of Windows is to buy a new PC.
Maybe they could get a bit closer to that by packaging more of Android as an "app" updated via the Play Store? In the mean time, thank goodness for the likes of CyanogenMod...
I don't know if this is vulnerable but I am using the TextSecure app (from Whisper systems), and I think it does not use the default android messaging at all.
The problem with this bug is the FUD and unknown patch cycle.
Google, you can make system level .apk's, how about you make one for this?
P.
Either that,or get the FTC, and or, the FCC involved. They can and have put out security fixes faster in the past, as they did with Heartbleed! So stopping the oems and carriers from adding crapware,adware,spyware every single time they send something out,is what's really needed. And a guarantee that is tied to the os,and longer than 2 fricken years. If an oem,and or the carrier is still selling phones with older os,then the date of the last sale should start the clock. Even a nexus needs the oem and carriers to update their phone's. They might get priority,but the updates do not come directly from Google,contrary to mythical accounts.