This one weird script continually crashes Android email The email application of Samsung Galaxy 4 Minis can be made to repeatedly crash with a simple email that need not even be opened, according to researcher Hector Marco. A crafted email gobbled up by the native email client running on Android 4.2.2.0400, a superseded operating system that was the latest stock offering for the S4 …
The thing is Google can was their hands of it since they have apparently fixed it in 4.4.x and 5.0, and they can just point at the device manufacturers who have no incentive to update their old devices.
I have at work two nice Android gadgets that didn't receive updates beyond 4.0.x IIRC: The Thinkpad Tablet and the pretty expensive Panasonic Toughpad. And because they have a locked bootloader I can't install a vanilla Android - they're as insecure as Windows XP these days. Should have bought the Windows 8 version of the Toughpad - free updates until 2023 (or whatever Windows 10 will bring if available)
Google can wash their hands of it all they want, but if this became a widespread thing affecting millions of Android users they aren't going to care whether it is on their OEM or on Google. All it takes is one person who has control of a spam botnet wanting to create a little mayhem adding the trigger to their spam to affect hundreds of millions of Android users.
This is an issue with the Android ecosystem that OEMs are responsible for pushing updates - and have to go through the carriers as well, unlike Apple and Microsoft, who push updates without the carriers having any say. Those running a newer version of Android aren't home free, as there may be similar bugs that affect newer versions discovered in the future.
"Google can wash their hands of it all they want, but if this became a widespread thing affecting millions of Android users they aren't going to care whether it is on their OEM or on Google."
I'm not disagreeing with you. IANAL, but since Google provides free updates they are most likely legally "off the hook".
The IT declined masses don't know what Android is. Even if their current Android device was made useless by this malformed email bug, maybe they would boycott the manufacturer and change to Samsung/Sony/HTC/LG/whatever and the new phone would have a newer OS and woulnd't crash like "that piece of crap Samsung that crashed constantly" or whatever.
This is an issue with the Android ecosystem that OEMs are responsible for pushing updates - and have to go through the carriers as well, unlike Apple and Microsoft, who push updates without the carriers having any say.
Are you certain about WP?
Microsoft has a web page that lists the latest updates for all WP8 models in Europe. Take a look at the UK - starting with the 520 model all 5 carriers listed have the Denim update, except 3 UK only having the Cyan. The 620 has the Denim with 3 carriers, two carriers only have Denim. And this isn't limited to UK.
Handsome is as handsome does: the vast majority of android "boxes" are sold via Samsung, AT&T, ... , and these intermediaries let updates happen (or not) at their own sweet time.
Apple can wash its hand of obsolete versions; Google cannot, until they change their rules &force intermediaries to let updates happen on time.
The best way would be for their mobile providers to allow them to update their operating systems to a newer version which closed the vulnerability.
FTFY. Even if Google can be bothered to patch older versions of their OS, which is doubtful based on history, how likely is it that the majority of customers will be able to receive the update? Not very, again based on history, as mobile providers have proven to be less than reliable in this area.
It's nothing to do with the mobile providers. Do you expect the Highways Agency to service your car too?
What about people who have wifi-only tablets, no mobile provider involved? It's up to the manufacturer to provide support (or not). That's the risk you take when buying hardware made by a company with a poor reputation for support.
Invalid car analogy, as always. Did no one learn from the terrible gaffs of Scott McNealy?
The Highways Agency don't sell you the car. Nor do they install bloatware on it that would need to be tested and possibly updated to run on the new OS version. Mobile networks have little interest in providing OTA updates that would cost them money to build/test and may prevent you buying a new phone from them.
to chip maskers as well, I cannot update my Umi Zero to Lollypop because the people behind the new octacore cpu wont release the details required, so the phone makers are stuck.
BTW, this talks about the default Android email app.... can I therefore assume that if I only use the Gmail app I will be OK??
"Not an Apple fan, but Android should take a leaf out of their book - they do well with keeping OSs upgraded, on the phone and on the Macs"
You realize that "Android" (whoever they are) do upgrade all the time.
But the whole point of the free OS is that any manufacturer can use it and they can't force the manufacturers to upgrade as well?
And Apple... well after a chunk of time trying to work out why a RAM generous, Disk Space 90% empty, 64 bit Intel chipped, Mac mini can't be upgraded beyond an ancient Snow Leopard OS X it turns Apple only put a 32-bit EFI in it and for all their billions they cannot be bothered to tell a developer to spend a day putting the necessary goods into the new kernel to get it to boot.
So please don't tell me they do well.
Doing well is a statistical thing. One counter-example is insufficient.
Google generally writes excellent software and Android is a first-rate piece of engineering. But... "recent phone, all available updates installed and a maliciously crafted email can still crash the client repeatedly without even being opened. So please don't tell me they do well." — see how silly that sounds?
Apple does a million things very poorly. I just don't think yours is a good example of one of them because you've ignored the age of the machine in question.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
