back to article Patching a fragmented, Stagefrightened Android isn't easy

Android users face a triple patching headache with the recent discovery of a collection of serious vulnerabilities affecting smartphones and tablets running Google's mobile operating system. Security experts warn that the fragmented nature of Android devices will make patching more difficult than it would be in updating PCs. …

Page:

  1. James 51 Silver badge

    In general, how vulnerable are platforms like BB10 and Sailfish that have app compatibility with Android to exploits aimed at Android?

    1. Charles 9 Silver badge

      Hard to say. BB10 is supposed to have QNX under the hood which is normally hardened against exploits, but it's still manmade. About the only reason it and Sailfish don't make headlines are their abysmally-low takeup rates. Much like how MacOS and Linux usually didn't get as much attention by the hackers until recently.

      1. Adam 1 Silver badge

        Jeep runs* QNX. Never underestimate the ability of the universe to create idiots that can break anything.

        *Autocarrot wanted to write ruins. Well played Google.

  2. WonkoTheSane
    Thumb Up

    Android 5.1.1 arrived today

    This version closes the "Stagefright" vulnerability, and arrived on both my Nexus 5 & 7 last night.

    1. wiggers

      Re: Android 5.1.1 arrived today

      5.1.1 came out in April this year, before Stagefright was discovered. Are you sure it fixes this vuln?

      1. WonkoTheSane

        Re: Android 5.1.1 arrived today

        Definitely got a patch, but it actually WASN'T a version bump (my error).

        It WAS a Stagefright fix though, being the first of the new monthly security updates:-

        http://officialandroid.blogspot.ca/2015/08/an-update-to-nexus-devices.html

  3. Anonymous Coward
    Anonymous Coward

    Pushing out updates is not always feasible

    Much of "third-world" telecomms infrastructure is creaky at best. Pushing out multi-MiB updates is guaranteed to bring it to its knees (not to mention drain mobile accounts). Changing only the rotten bits (pun intended) is very tricky. I have no quick fix in mind.

  4. Mikel

    So buy your Nexus from Google

    Build LMY48I. My Nexus 5 is already patched OTA. Problem solved.

  5. Wolfclaw Silver badge
    Facepalm

    Googles own fault for giving the manufacturers and mobile network free range to bastardise the o/s with any crap they feel like !

    1. Charles 9 Silver badge
      Meh

      And yet it was the only way to make inroads against the iPhone, since only a company like Apple (with its uniquely sirenesque appeal) could actually usurp the control from the carriers. Everyone else (Google included), the carriers could impose "take it or leave it" conditions. And if Google left it, they'd be conceding the phone market to Apple, which to them was unacceptable. So what do you do?

      Besides, the core of Android (where the fault lies) is open-source, meaning anyone can make forks of it (like Amazon has done). Once someone rolls their own, it's basically out of your hands.

  6. andriesfc

    This is 100% the carrier's fault. They insist on either bleeding of profit from OEM per each OTA, or refuse to do it. Apple was the smart one by basically refusing to bend the knee to the carriers. Google, for many historical reasons opted to deal with the carries via proxy with the likes of Samsung, and the various OEM's.

  7. dgurney

    What a shoddily designed OS.

    This is what happens when you release a hacked-together, poorly conceived platform and allow it to be subverted.

    Android was supposed to be the open-source OS that freed us from the tyranny of Apple and telcos. IT ISN'T. Why? Because it has become dozens of hacked, proprietary flavors that are controlled and doled out by those very telcos. And they do it one version at a time for every device from every telco, so users wait months or years or forever.

    Meanwhile, Windows runs on millions if not billions of disparate configurations, and users can pretty much upgrade the day the new OS is released.

    Google's failure to design a proper abstraction layer and hardware reference model make Android a sorry, amateurish excuse for a platform. They blew it. And now where is our great open-source savior?

    1. Charles 9 Silver badge

      Re: What a shoddily designed OS.

      "Meanwhile, Windows runs on millions if not billions of disparate configurations, and users can pretty much upgrade the day the new OS is released."

      Those millions of PCs happen to run on standardized hardware pushed due to need to have a common clone design back in the 80's which grew from there. The phone market matured differently, with multiple highly-competitive firms delivering proprietary, often Trade-Secret- and Patent-protected all-in-one designs that ticked the major box of power efficiency. Such an ecosystem prevents a one-size-fits-all design and because Trade Secrets and Patents are involved (many of them being linchpins), not even Google could force the manufacturers to toe the line.

    2. anonymous boring coward Silver badge

      Re: What a shoddily designed OS.

      It's nothing to do with Android being poorly designed, and everything to do with the carriers being control freaks of the highest order.

  8. anonymous boring coward Silver badge

    "Android users are still expected to seek out these patches and apply them themselves"

    What?

    That's not something your average phone user can do. The carriers actively stop you form doing it!

    Don't pretend as if's just users being a bit lazy that's the problem here.

    This is a mess of the Android Phone industry's own doing, and they should be obliged to sort it out, or else... (Fine them for failing to provide security updates.)

Page:

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019