Google to shell out up to $58k for new Nexus epic pwnage Researchers can score up to US$58,000 for bypassing core Nexus security mechanisms with a remote exploit under an expansion of Google's bug bounty program launched today. The top payments under the Security Rewards program are for bypasses of controls that Google uses to minimise exploitation risks. Hackers can land the most …
Technically outdated as it has been replaced by Lollipop.
A lack of any mechanism to update Android phones' software without the meddling of the carrier or manufacturer is a problem I'm surprised Google haven't spent more time trying to address. The manufacturers don't care about updates with a few exceptions; they want to sell new hardware. The operators don't care about updates as they see it as the manufacturer's/Google's responsibility, and quite like people signing up to new contracts for new hardware.
Google has made some changes by farming features off to (the updateable) Google Play Services and using that as a mechanism for applying some of the security patches to older phones, but I think more should be done.
I understand Google has constantly been fighting the operators on various subjects, from having a messaging app that makes SMS redundant, to including NFC payment not tied to the operator chip.
Operators probably consider that withholding updates is a good way to force users to buy new phone and tie themselves in long term contracts. It's going to be a long, hard slog to get over that.
Indeed, the fact that Apple managed to wrestle full control of the phones from the operators is a testament to the negotiation skills of Steve Jobs. And also, how revolutionary the iPhone was when it got out.
If you are not confident of your ability to keep customers by just offering a network for them to use their phone on, you are doing piss-poor as a business.
Honestly at this point I'd be cheering if lawsuits related to these unpatched security issues started cropping up. It's their own fault, they wanted to mess with that's in the OS load to "differentiate", they became liable for delays. Can't process patches fast enough? Boo-hoo, try just adding your network info to what the manufacturer sends you and hitting "deploy ".
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
