Jump to content
Search In
  • More options...
Find results that contain...
Find results in...
Lurick

Android 10 To Fix 193 Open Vulnerabilities

Recommended Posts

6 minutes ago, Commodus said:

Google can't push updates directly, but that doesn't mean the current arrangement is acceptable.  It already has agreements for a minimum number of updates; it's a matter of expanding those requirements to offer more updates for longer.  And Google can't just cave every time a vendor says "no thanks."  You can't commit a sliver of resources to ensuring that you release every security update, even if customization and carrier headaches mean it takes a couple of weeks longer to reach users?  Fine, then you don't get an official Android license.

 

And I really don't think you grasped the point about people's perception of updates.  They're leery of updates and interested in consistency in part because they've had bad experiences (yes, including iPhone updates until relatively recently).  You'd have to go out of your way to show that they're averse to the very concept of updates as opposed to the execution of those updates, and I don't think you can.  It's far easier to point to people who complain that update X slowed their phone down, made it buggy or added a confusing new UI.  Folks want new features and security updates -- they just don't want to be bewildered or frustrated.

They simply don't want updates. I didn't misunderstand anything. People just want it to be like it always is. Even if it's a perfect update. People don't like change. So no, most people don't want all those things. It's an inconvenience to them. Best case scenario it's a silent update mechanism like Chrome but still: any change that affects their daily use - good or bad - they'll hate it. Granted, if every update is perfect they'd be more receptive in general. The less impact it has on them and the less friction there is in the process - the better the reception. However people just don't like change. Too bad for them that it's often forced upon them anyway. If updates mattered to your average consumer, the very same people wouldn't buy another Samsung phone - yet they do. Of course they're arguably locked in but still: thinking people like updates is a very techy way of thinking. I've yet to hear of an update model that makes the average consumer happy so if you know one I'd gladly hear it. Not even Apple is free from complaints.

 

Google's biggest partners already have options ready to deal with any Google attempt to pressure them. So it's not as easy as just saying "do as we say". Android is unfortunately open enough that they can thwart Google.

 

Google is slowly changing Android to be more modular. For example with Q (or 10 as they call it) some system components can be updated through the Play Store. Their intent it so keep expanding the list of components. However that still leaves out feature updates.

Google would piss off some of their biggest partners if they went on stage next year and said "now it's 5 years of updates or GTFO" or if they said "Android can't be customized. It will be standardized in hardware and we'll push the updates". 

 

The fact of the matter is that Android has a lot of technical debt and ancient business agreements that you can't change or at least can't change very quickly. It'll take a while to pivot Android towards a better model. It has taken Google the last five years or so to even get this far. It's possible they'll try to kill Android in favor of their work with Fuschia/Zircon and whatever else codenames are attached to the project. However I'm not so sure the likes of Samsung or Huawei are onboard with a more closed ecosystem. Like everyone else, they don't want change.

Link to post
Share on other sites
6 hours ago, Trixanity said:

How do you figure Google cuts off updates? Google posts security patches monthly and feature updates yearly with no exception. The problem lies with implementing them on devices. Likewise to even make the patches they also rely on hardware vendors patching vulnerabilities and compatibilities. If a security issue is found in Android, it's up to Google to solve. If it's found in a Snapdragon 855, it's Qualcomm's job to solve etc etc. In both cases, they need to be developed and later merged into a security update. Then it's on phone manufacturers to test and implement these fixes into their own proprietary hardware and software implementation.

 

Android updates are a bigger clusterfuck than you seem to be aware of. The only way to solve it is to strip away customization. By customization I mean non-Android One implementations. Even Android One probably isn't too easy to deal with but it's certainly much better.

I agree that Google should be more strict in the requirements for compliance and therefore access to the ecosystem but I'm sure Google is afraid of the pushback and threats of cutting ties if they try to take control back. You see the same shit in their dealings with carriers. 

 

The big problem is two-fold: your average consumer hates updates for whatever reason and there is no money to be made off of long term support. Fix those and you'll probably see all parties involved willing to play ball. Even the messy clusterfuck that is Android could be dealt with if it was worth it. Alas, it just isn't.

Surely that is more a problem of the Android design and ecosystem. Linux and Windows for instance have to work on a far greater quantity of variable hardware, you somehow both can update all versions of the code with security releases far quicker than Android users have to put up with. If it is taking so long then there is a fundamnental flaw in the underlying structure of the OS.Apps should operate on a different layer to the OS therefore offering more protection.

Link to post
Share on other sites
2 minutes ago, Phill104 said:

Surely that is more a problem of the Android design and ecosystem. Linux and Windows for instance have to work on a far greater quantity of variable hardware, you somehow both can update all versions of the code with security releases far quicker than Android users have to put up with. If it is taking so long then there is a fundamnental flaw in the underlying structure of the OS.Apps should operate on a different layer to the OS therefore offering more protection.

One of the problems is that each device has an essentially unique software build. In relation to that: phone manufacturers modify the system so if Google pushed an update it would break things. There are problems with Android, definitely, but the problems run deeper than Android itself.

Link to post
Share on other sites
1 minute ago, Trixanity said:

One of the problems is that each device has an essentially unique software build. In relation to that: phone manufacturers modify the system so if Google pushed an update it would break things. There are problems with Android, definitely, but the problems run deeper than Android itself.

The same could be applied to other OSs, but it just doesn't happen like that. If you design the ability to customise everything around a core code then many updates should be able to be applied and not affect the running of the overall system. It does seem Google are moving in that direction slowly. Whether a big compromise forces things along has yet to be seen.

Link to post
Share on other sites
On 8/25/2019 at 2:02 PM, DrMacintosh said:

Very cool. Now if only anyone would actually get the Android 10 update. 

https://developer.android.com/preview

Need to register for the beta manually until full release. No one has it auto-pushed yet. Not even my Pixel 3a has Android Q yet lol


Remember to quote me so I see your reply
My rig:

CPU: Ryzen 5 2600 3.4Ghz, OC'ed to 4.0Ghz all core @ 1.350ghz 

+Cooler Master MasterLiquid Lite 120 AIO

MB: Gigabyte B450 I Aorus Pro WiFi

RAM: G.Skill TridentZ 16GB (2 x 8GB) 3200Mhz 16-18-18-38 XMP enabled

GPU: MSI GeForce GTX 1660 ti GAMING X 6G 6GB

CASE: Fractal DesignFocus G ATX Case w/ Window, White

PWR: Thermaltake SMART 600W

DISPLAY: 3x 20" AOC 1080p 60hz 4ms

 

Storage:

C : 240GB Kingston A400 (Windows+Programs)

D : 240GB Kingston V300 (Games)

: Seagate Barracuda ES 750GB 7200RPM (Game overflow storage)

F : Seagate Barracuda ES 750GB 7200RPM (Library Folders [Photos, Videos, Documents, Downloads etc])

 

Cooling-

NZXT Sentry Mix 2

4x Rosewill RFA-120-K 74.5 CFM 120mm (front/top)

2x Cooler Master MasterLiquid Stock 120mm fans (front+back of AIO)

 

Input- 

KB: Logitech G15 1st Gen

MO:Logitech G602 Wireless

CO: Steam Controller

HE: Sennheiser HD 4.40

SP. Logitech Z213

Link to post
Share on other sites
On 8/25/2019 at 7:02 PM, DrMacintosh said:

Very cool. Now if only anyone would actually get the Android 10 update. 

I'm already running it....


Main Rig:-

Ryzen 7 3800X | Asus ROG Strix X570-F Gaming | 16GB Team Group Dark Pro 3600Mhz | Samsung 970 Evo 500GB NVMe | Sapphire 5700 XT Pulse | Corsair H115i Platinum | WD Black 1TB | WD Green 4TB | EVGA SuperNOVA G3 650W | Asus TUF GT501 | Samsung C27HG70 1440p 144hz HDR FreeSync 2 | Windows 10 Pro X64 |

 

Server:-

Raspberry Pi 4 Model B running OMV Arrakis and an 8TB Seagate USB 3.0 external HDD

Link to post
Share on other sites
8 hours ago, Phill104 said:

The same could be applied to other OSs, but it just doesn't happen like that. If you design the ability to customise everything around a core code then many updates should be able to be applied and not affect the running of the overall system. It does seem Google are moving in that direction slowly. Whether a big compromise forces things along has yet to be seen.

I'm not aware of any other OS distribution where third parties modify and run proprietary OS/system code that can be updated like from the source. Do you have any examples?

 

The solution I see is making a framework where the modifications exist on top of the OS with guidelines for compatibility so an OS update doesn't break it. However I'm not sure how Samsung could make code that supercedes Google's without a potential for problems if it hooks into and/or supplants core functionality. So we're possibly moving into the same issue of Google limiting partners and therefore pissing them off which seems to go against the MO of Google.

Link to post
Share on other sites
2 minutes ago, Trixanity said:

I'm not aware of any other OS distribution where third parties modify and run proprietary OS/system code that can be updated like from the source. Do you have any examples?

 

The solution I see is making a framework where the modifications exist on top of the OS with guidelines for compatibility so an OS update doesn't break it. However I'm not sure how Samsung could make code that supercedes Google's without a potential for problems if it hooks into and/or supplants core functionality. So we're possibly moving into the same issue of Google limiting partners and therefore pissing them off which seems to go against the MO of Google.

Not suggesting it is a trivial task, far from it. But how much do phone brands actually need to modify? For most the changes are skin or UI related, or drivers to support their individual hardware. Not much different to embedded Linux installs in some ways.

 

Hopefully they will gets there one day. We need multiple operating systems in the mobile arena both for competition and innovation. At the moment however, Android really does make it difficult for the average consumer to keep up to date and secure.

Link to post
Share on other sites
4 hours ago, Phill104 said:

Not suggesting it is a trivial task, far from it. But how much do phone brands actually need to modify? For most the changes are skin or UI related, or drivers to support their individual hardware. Not much different to embedded Linux installs in some ways.

 

Hopefully they will gets there one day. We need multiple operating systems in the mobile arena both for competition and innovation. At the moment however, Android really does make it difficult for the average consumer to keep up to date and secure.

Not at all, Android is very upgradeable, what makes it difficult is OEMs modifying the OS to suit their needs, you cannot blame Android for that. It's an open source base, what others choose to do with it is nothing to do with Android or Google.


Main Rig:-

Ryzen 7 3800X | Asus ROG Strix X570-F Gaming | 16GB Team Group Dark Pro 3600Mhz | Samsung 970 Evo 500GB NVMe | Sapphire 5700 XT Pulse | Corsair H115i Platinum | WD Black 1TB | WD Green 4TB | EVGA SuperNOVA G3 650W | Asus TUF GT501 | Samsung C27HG70 1440p 144hz HDR FreeSync 2 | Windows 10 Pro X64 |

 

Server:-

Raspberry Pi 4 Model B running OMV Arrakis and an 8TB Seagate USB 3.0 external HDD

Link to post
Share on other sites
2 minutes ago, Master Disaster said:

Not at all, Android is very upgradeable, what makes it difficult is OEMs modifying the OS to suit their needs, you cannot blame Android for that. It's an open source base, what others choose to do with it is nothing to do with Android or Google.

I am not blaming anyone bar the phone makers. They are using it as an excuse to force users to buy a new product more often than they would otherwise need to, and in some ways stifling the market for older models whether new or used. If you go Apple or Google Pixel at least you have a good chance of getting security updates for four years after the launch of a phone. I am sure you can appreciate that many users will not always be buying the latest model, so when they do renew their contracts to save a few beer tokens they will buy last generation kit. With it being a year or more since release by the end of there two year contract and warranty many will be running very insecure devices.

Link to post
Share on other sites

My Device:

image.png.7a951367ac0d296606ddf03ecb1b57b2.png

 

Me:

Image result for maniacal laughter


PLEASE QUOTE ME IF YOU ARE REPLYING TO ME
LinusWare Dev | NotCPUCores Dev

Desktop Build: Ryzen 7 1800X @ 4.0GHz, AsRock Fatal1ty X370 Professional Gaming, 32GB Corsair DDR4 @ 3000MHz, RX480 8GB OC, Benq XL2730 1440p 144Hz FS

Retro Build: Intel Pentium III @ 500 MHz, Dell Optiplex G1 Full AT Tower, 768MB SDRAM @ 133MHz, Integrated Graphics, Generic 1024x768 60Hz Monitor


 

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now


×