Jump to content
Search In
  • More options...
Find results that contain...
Find results in...
GoodBytes

Google Won't Patch Security Hole affecting 1 billion users on Android, despite bashing on Microsoft

Recommended Posts

Posted · Original PosterOP

Google has pushed under the bus Microsoft for requesting a 2 day delay on revealing to the public a security hole, while the patch is released on Tuesday, the usual time for Microsoft releases patches, saying that the time frame that Google gave to Microsoft is sufficient since the unveil.

However, Google is not better. Unlike Microsoft security hole, Android users have a important security hole, where unlike Microsoft doesn't require the system to be compromised already in some fashion, Google are saying that they wont' fix it.

The security issue has to do with the Preview, part of the core engine of the Chrome web browser on Android, which affects about 1 billion users (by Google own numbers), basically, everyone running Android 4.3 (Jelly Bean).

 

Neowin reports:

The flaw, which exists in WebView (a core component used to render web pages on an Android device) impacts nearly 1 billion users, when using Google's own numbers as a base along with Gartner figures

 

 

Google response to the security issue is:

If the affected version [of WebView] is before 4.4, we generally do not develop the patches ourselves, but welcome patches with the report for consideration. Other than notifying OEMs, we will not be able to take action on any report that is affecting versions before 4.4 that are not accompanied with a patch.

 

 

Source: http://www.neowin.net/news/after-throwing-microsoft-under-the-bus-google-wont-patch-flaw-affecting-nearly-1bn-users

Link to post
Share on other sites

The only issue is that every =manufacturer wants to mod android until it is extremmely crappy cough Touch Wiz Cough


Please follow your topics guys, it's very important! CoC F.A.Q  Please use the corresponding PC part picker link for your country USA, UK, Canada, AustraliaSpain, Italy, New Zealand and Germany

also if you find anyone with this handle in games its most likely me so say hi

 

Link to post
Share on other sites

This sounds like a problem with the phone manufacturer's, not Google. Google patched it in 4.4, did they not? So this is the manufacturer's faults, not Google's. They can't (or shouldn't) force them to update to 4.4 or higher.

 

misleading title


hating popular things as a personality trait is infinitely more cringe than liking things unapologetically

Link to post
Share on other sites

I think they're right though, every manufacturer is in charge of patching their own fork of android on their own devices. Google should only care about nexus devices, but those already have android 5.0.


...is there a question here? 🤔

sudo chmod -R 000 /*

What is scaling and how does it work? Asus PB287Q unboxing! Console alternatives :D Watch Netflix with Kodi on Arch Linux Sharing folders over the internet using SSH Beginner's Guide To LTT (by iamdarkyoshi)

Sauron'stm Product Scores:

Spoiler

Just a list of my personal scores for some products, in no particular order, with brief comments. I just got the idea to do them so they aren't many for now :)

Don't take these as complete reviews or final truths - they are just my personal impressions on products I may or may not have used, summed up in a couple of sentences and a rough score. All scores take into account the unit's price and time of release, heavily so, therefore don't expect absolute performance to be reflected here.

 

-Lenovo Thinkpad X220 - [8/10]

Spoiler

A durable and reliable machine that is relatively lightweight, has all the hardware it needs to never feel sluggish and has a great IPS matte screen. Downsides are mostly due to its age, most notably the screen resolution of 1366x768 and usb 2.0 ports.

 

-Apple Macbook (2015) - [Garbage -/10]

Spoiler

From my perspective, this product has no redeeming factors given its price and the competition. It is underpowered, overpriced, impractical due to its single port and is made redundant even by Apple's own iPad pro line.

 

-OnePlus X - [7/10]

Spoiler

A good phone for the price. It does everything I (and most people) need without being sluggish and has no particularly bad flaws. The lack of recent software updates and relatively barebones feature kit (most notably the lack of 5GHz wifi, biometric sensors and backlight for the capacitive buttons) prevent it from being exceptional.

 

-Microsoft Surface Book 2 - [Garbage - -/10]

Spoiler

Overpriced and rushed, offers nothing notable compared to the competition, doesn't come with an adequate charger despite the premium price. Worse than the Macbook for not even offering the small plus sides of having macOS. Buy a Razer Blade if you want high performance in a (relatively) light package.

 

-Intel Core i7 2600/k - [9/10]

Spoiler

Quite possibly Intel's best product launch ever. It had all the bleeding edge features of the time, it came with a very significant performance improvement over its predecessor and it had a soldered heatspreader, allowing for efficient cooling and great overclocking. Even the "locked" version could be overclocked through the multiplier within (quite reasonable) limits.

 

-Apple iPad Pro - [5/10]

Spoiler

A pretty good product, sunk by its price (plus the extra cost of the physical keyboard and the pencil). Buy it if you don't mind the Apple tax and are looking for a very light office machine with an excellent digitizer. Particularly good for rich students. Bad for cheap tinkerers like myself.

 

 

Link to post
Share on other sites

well if the fix is in 4.4 its up to the phone carriers to send out updates.

 

 

Damnit every single tech corporation is a hypocrit

Read the above quote.


.

Link to post
Share on other sites

well if the fix is in 4.4 its up to the phone carriers to send out updates.

^This. So much this. Google can't force OEMs and carriers to update their devices.

Link to post
Share on other sites

Yet Jelly Bean is only 2 years old. Really, Google? You provide security support only for 2 years? Meanwhile Microsoft provides XP security support for 13 years and some people were saying its not long enough.


CPU: i7 4790K  RAM: 32 GB 2400 MHz  Motherboard: Asus Z-97 Pro  GPU: GTX 770  SSD: 256 GB Samsung 850 Pro  OS: Windows 8.1 64-bit

Link to post
Share on other sites

As much as I like Google in general, this is really strage, especially considering what they did regarding Microsoft recently

reread OP

 

Google would easily fix it if it were an issue with Andoird Lollipop 5.0.1 or 5.0.2 considering these are the latest versions of Android that they're still rolling out, hell the issue was patched in 4.4 already. However, Android Jellybean is aged to them and they don't want to support or patch this. It's up to manufacturer's to release the patches or update to Android 4.4 or higher. Google can't force the manufacturer's to release the updates.


hating popular things as a personality trait is infinitely more cringe than liking things unapologetically

Link to post
Share on other sites

As much as I like Google in general, this is really strage, especially considering what they did regarding Microsoft recently

"This sounds like a problem with the phone manufacturer's, not Google. Google patched it in 4.4, did they not? So this is the manufacturer's faults, not Google's. They can't (or shouldn't) force them to update to 4.4 or higher." - Suika

This security hole is for a 2 generation old OS. Google fixed the patch and most of the devices google maintain have the patch. However Manufacters like to take their time making their custom skin for the new OS so it isn't Google, they fixed the patch in 4.4


Steve

Link to post
Share on other sites

well if the fix is in 4.4 its up to the phone carriers to send out updates.

MANUFACTURERS the carriers have nothing to do with it


Please follow your topics guys, it's very important! CoC F.A.Q  Please use the corresponding PC part picker link for your country USA, UK, Canada, AustraliaSpain, Italy, New Zealand and Germany

also if you find anyone with this handle in games its most likely me so say hi

 

Link to post
Share on other sites

Very misleading title. You have to pay for windows os, nobody pays for using android and the newer versions have already dealt with this flaw. 

Link to post
Share on other sites

Very misleading title. You have to pay for windows os, nobody pays for using android and the newer versions have already dealt with this flaw. 

 

The cost of OS is built into the cost of the device. The same way you don't "pay for Windows" when you buy pre-built PC from Dell or HP. Same thing goes for Macs as well. Although, with Android you pay for it primarily with your personal information.


CPU: i7 4790K  RAM: 32 GB 2400 MHz  Motherboard: Asus Z-97 Pro  GPU: GTX 770  SSD: 256 GB Samsung 850 Pro  OS: Windows 8.1 64-bit

Link to post
Share on other sites

Doesn't sound like Google's fault. They've patched the issue, OEM's are the reason it hasn't been pushed.

Very biased and misleading title.

Link to post
Share on other sites

Google has pushed under the bus Microsoft for requesting a 2 day delay on revealing to the public a security hole, while the patch is released on Tuesday, the usual time for Microsoft releases patches, saying that the time frame that Google gave to Microsoft is sufficient since the unveil.

 

Microsoft asked for 2 days, but only is only releasing the patch tomorrow, more than 2 weeks after the Google publication. So even if Google waited 2 days like Microsoft asked, Microsoft still wouldn't have released a patch.

 

Also, as said countless times before, Google has patched it, it's now to the phone manufacturers to roll out this patch.

Link to post
Share on other sites

Microsoft asked for 2 days, but only is only releasing the patch tomorrow, more than 2 weeks after the Google publication. So even if Google waited 2 days like Microsoft asked, Microsoft still wouldn't have released a patch.

 

Also, as said countless times before, Google has patched it, it's now to the phone manufacturers to roll out this patch.

 

Google has not made a patch for Jelly Bean, only KitKat. Google has not given anything to the OEMs to roll out. That's the entire point of Google's statement:

If the affected version [of WebView] is before 4.4, we generally do not develop the patches ourselves, but welcome patches with the report for consideration. Other than notifying OEMs, we will not be able to take action on any report that is affecting versions before 4.4 that are not accompanied with a patch.


CPU: i7 4790K  RAM: 32 GB 2400 MHz  Motherboard: Asus Z-97 Pro  GPU: GTX 770  SSD: 256 GB Samsung 850 Pro  OS: Windows 8.1 64-bit

Link to post
Share on other sites

As much as I like Google in general, this is really strage, especially considering what they did regarding Microsoft recently

Lrn2readnewb.

 

 

 

Also this is another reason I like apple more as far as my phone goes. Apple pushes updates when needed. Google cant because of the way android is hacked together by other companies because they want to be special. 

Link to post
Share on other sites

Google has not made a patch for Jelly Bean, only KitKat. Google has not given anything to the OEMs to roll out. That's the entire point of Google's statement:

 

They patched it with a new version, then gave that version to the OEMs to roll out.

Link to post
Share on other sites

They patched it with a new version, then gave that version to the OEMs to roll out.

I understand that. But why can't they make a patch for the old version, Jelly Bean, without having to bundle it into a whole new OS version? Like just make a small ~2 Megabyte patch for Jelly Bean to fix it.


CPU: i7 4790K  RAM: 32 GB 2400 MHz  Motherboard: Asus Z-97 Pro  GPU: GTX 770  SSD: 256 GB Samsung 850 Pro  OS: Windows 8.1 64-bit

Link to post
Share on other sites
Posted · Original PosterOP

It's funny. If it were Vista let alone Windows 7, people would freak out, and start banning Windows.

But Google? "Ah it's 2 year old.. so what... it's manufacture faults." Google gets free pass, basically.

Hypocrite much?

 

Google should have a structure for deploying updates that is not dependence on carriers like Apple. They are FREAKING Google, you are telling me they can't do this?

You think a skin is THE reason why manufactures blocks it? Or rather they want to push you to buy a new phone rather?

Same for carrier blocking updates

 

Google can make it's own infrastructure. They can go: "If you want the latest Android, because it's not from your manufacture your skin might not be there anymore. Are you sure you want to download?"

Link to post
Share on other sites

well, the fact is many phone would not get an OS ugrade at all, even the big Names didn't release any update at all except for their highend devices.

tha's why i always encourages my friend to get either Moto G or Windows Phone for budget devices.

 

#WindowsPhoneMasterRace

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now


×