Android 10 To Fix 193 Open Vulnerabilities

[Guest]

6 hours ago, Trixanity said:

How do you figure Google cuts off updates? Google posts security patches monthly and feature updates yearly with no exception. The problem lies with implementing them on devices. Likewise to even make the patches they also rely on hardware vendors patching vulnerabilities and compatibilities. If a security issue is found in Android, it's up to Google to solve. If it's found in a Snapdragon 855, it's Qualcomm's job to solve etc etc. In both cases, they need to be developed and later merged into a security update. Then it's on phone manufacturers to test and implement these fixes into their own proprietary hardware and software implementation.

 

Android updates are a bigger clusterfuck than you seem to be aware of. The only way to solve it is to strip away customization. By customization I mean non-Android One implementations. Even Android One probably isn't too easy to deal with but it's certainly much better.

I agree that Google should be more strict in the requirements for compliance and therefore access to the ecosystem but I'm sure Google is afraid of the pushback and threats of cutting ties if they try to take control back. You see the same shit in their dealings with carriers. 

 

The big problem is two-fold: your average consumer hates updates for whatever reason and there is no money to be made off of long term support. Fix those and you'll probably see all parties involved willing to play ball. Even the messy clusterfuck that is Android could be dealt with if it was worth it. Alas, it just isn't.

Surely that is more a problem of the Android design and ecosystem. Linux and Windows for instance have to work on a far greater quantity of variable hardware, you somehow both can update all versions of the code with security releases far quicker than Android users have to put up with. If it is taking so long then there is a fundamnental flaw in the underlying structure of the OS.Apps should operate on a different layer to the OS therefore offering more protection.

[Trixanity]

2 minutes ago, Phill104 said:

Surely that is more a problem of the Android design and ecosystem. Linux and Windows for instance have to work on a far greater quantity of variable hardware, you somehow both can update all versions of the code with security releases far quicker than Android users have to put up with. If it is taking so long then there is a fundamnental flaw in the underlying structure of the OS.Apps should operate on a different layer to the OS therefore offering more protection.

One of the problems is that each device has an essentially unique software build. In relation to that: phone manufacturers modify the system so if Google pushed an update it would break things. There are problems with Android, definitely, but the problems run deeper than Android itself.

[Guest]

1 minute ago, Trixanity said:

One of the problems is that each device has an essentially unique software build. In relation to that: phone manufacturers modify the system so if Google pushed an update it would break things. There are problems with Android, definitely, but the problems run deeper than Android itself.

The same could be applied to other OSs, but it just doesn't happen like that. If you design the ability to customise everything around a core code then many updates should be able to be applied and not affect the running of the overall system. It does seem Google are moving in that direction slowly. Whether a big compromise forces things along has yet to be seen.

[Chronified]

On 8/25/2019 at 2:02 PM, DrMacintosh said:

Very cool. Now if only anyone would actually get the Android 10 update. 

https://developer.android.com/preview

Need to register for the beta manually until full release. No one has it auto-pushed yet. Not even my Pixel 3a has Android Q yet lol

[Master Disaster]

On 8/25/2019 at 7:02 PM, DrMacintosh said:

Very cool. Now if only anyone would actually get the Android 10 update. 

I'm already running it....

[Trixanity]

8 hours ago, Phill104 said:

The same could be applied to other OSs, but it just doesn't happen like that. If you design the ability to customise everything around a core code then many updates should be able to be applied and not affect the running of the overall system. It does seem Google are moving in that direction slowly. Whether a big compromise forces things along has yet to be seen.

I'm not aware of any other OS distribution where third parties modify and run proprietary OS/system code that can be updated like from the source. Do you have any examples?

 

The solution I see is making a framework where the modifications exist on top of the OS with guidelines for compatibility so an OS update doesn't break it. However I'm not sure how Samsung could make code that supercedes Google's without a potential for problems if it hooks into and/or supplants core functionality. So we're possibly moving into the same issue of Google limiting partners and therefore pissing them off which seems to go against the MO of Google.

[Guest]

2 minutes ago, Trixanity said:

I'm not aware of any other OS distribution where third parties modify and run proprietary OS/system code that can be updated like from the source. Do you have any examples?

 

The solution I see is making a framework where the modifications exist on top of the OS with guidelines for compatibility so an OS update doesn't break it. However I'm not sure how Samsung could make code that supercedes Google's without a potential for problems if it hooks into and/or supplants core functionality. So we're possibly moving into the same issue of Google limiting partners and therefore pissing them off which seems to go against the MO of Google.

Not suggesting it is a trivial task, far from it. But how much do phone brands actually need to modify? For most the changes are skin or UI related, or drivers to support their individual hardware. Not much different to embedded Linux installs in some ways.

 

Hopefully they will gets there one day. We need multiple operating systems in the mobile arena both for competition and innovation. At the moment however, Android really does make it difficult for the average consumer to keep up to date and secure.

[Master Disaster]

4 hours ago, Phill104 said:

Not suggesting it is a trivial task, far from it. But how much do phone brands actually need to modify? For most the changes are skin or UI related, or drivers to support their individual hardware. Not much different to embedded Linux installs in some ways.

 

Hopefully they will gets there one day. We need multiple operating systems in the mobile arena both for competition and innovation. At the moment however, Android really does make it difficult for the average consumer to keep up to date and secure.

Not at all, Android is very upgradeable, what makes it difficult is OEMs modifying the OS to suit their needs, you cannot blame Android for that. It's an open source base, what others choose to do with it is nothing to do with Android or Google.

[Guest]

2 minutes ago, Master Disaster said:

Not at all, Android is very upgradeable, what makes it difficult is OEMs modifying the OS to suit their needs, you cannot blame Android for that. It's an open source base, what others choose to do with it is nothing to do with Android or Google.

I am not blaming anyone bar the phone makers. They are using it as an excuse to force users to buy a new product more often than they would otherwise need to, and in some ways stifling the market for older models whether new or used. If you go Apple or Google Pixel at least you have a good chance of getting security updates for four years after the launch of a phone. I am sure you can appreciate that many users will not always be buying the latest model, so when they do renew their contracts to save a few beer tokens they will buy last generation kit. With it being a year or more since release by the end of there two year contract and warranty many will be running very insecure devices.

[rcmaehl]

My Device:

 

Me: