google not to fix bug hitting 60 of android phones
Last Updated : GMT 09:40:38
Themuslimchronicle, themuslimchronicle
Themuslimchronicle, themuslimchronicle
Last Updated : GMT 09:40:38
Themuslimchronicle, themuslimchronicle

Google not to fix bug hitting 60% of Android phones

Themuslimchronicle, themuslimchronicle

Themuslimchronicle, themuslimchronicleGoogle not to fix bug hitting 60% of Android phones

Windows bug
Tehran - FNA

Just as Google is coming under fire for publicizing a Windows bug two days before Microsoft released a fix, the company is now in the crosshairs because of its approach towards updating its own software.
Not for the first time, a bug has been found in the WebView component of Android 4.3 and below. This is the embeddable browser control powered by a version of the WebKit rendering engine used in Android apps.
Android 4.4 and 5.0, which use Blink rather than WebKit for their WebView, are unaffected. But by Google's own numbers, some 60 percent of Android users are using 4.3 or below. As such, this is a widespread, high-impact bug. The normal procedure would be to report the bug to Google, and for Google to develop a fix and publish it as part of Android Open Source Project release, arstechnica reported.
But, writes Tod Beardsley, developer of the Metasploit security testing framework, that's not what happened this time. The Android security team was notified of the problem, and the response was.
If the affected version [of WebView] is before 4.4, we generally do not develop the patches ourselves, but welcome patches with the report for consideration. Other than notifying OEMs, we will not be able to take action on any report that is affecting versions before 4.4 that are not accompanied with a patch.
Google will tell OEMs about the problem, but has no interest in fixing it. Asked for clarification, the Android developers responded:
If the affected version [of WebView] is before 4.4, we generally do not develop the patches ourselves but do notify partners of the issue[...] If patches are provided with the report or put into AOSP we are happy to provide them to partners as well.
After further correspondence, the Android developers replied that components of Android 4.3 such as the media player would receive back-ported patches. But WebView was on its own. Though there appears to be no clear end-of-life policy from Google, Android 4.3's WebView has reached the limit. The WebView controls used on a majority of Android phones, and still used in newly sold Android phones today, are unsupported and insecure.
Making this worse, Google isn't even providing much information about those Android vulnerabilities that are reported or fixed. Beardsley writes that Google's only indication of a fixed security flaw is the commit message written when the fix is integrated into AOSP. When a flaw isn't even fixed, there's obviously no commit message, and so there's no good public record of the problem.
Of course, Google producing a patch for Android 4.3 and below would only be the first step. OEMs would have to bake that patch into their own firmware updates, mobile operators would have to validate and customize those firmware updates further still, and it's unlikely that, in practice, many Android users would ever receive the patch. But without Google taking the first step, even that slim possibility is eliminated.
This difficulty has not prevented Google from developing updates in the past; in April of last year, it developed a fix for Android 4.1.1 to fix the Heartbleed flaw. OEM availability of that update may have been limited, but at least the option existed. For the WebView problems, it does not.
In principle, most phones running Android 4.3 or below could receive major updates to 4.4 or even 5.0, and eliminate the bug in that manner. This, however, ignores the practice that OEMs are frequently unwilling to make this kind of major update; given what we know of smartphone manufacturers, expecting them to pick up the very newest version just to get security fixes isn't at all realistic. The OEM position is understandable. A manufacturer shipping a customized version of Android 4.3 on a phone will generally find it much easier to update that custom version to a newer 4.3 patch level than it will to update to Android 4.4 or 5.0. The changes are smaller, and the work required is lesser.
Google's position is complicated, because it has produced a platform that it has no power to update. There's no Windows Update for Android phones, and Google has no ability to push out updates to the operating system; it has to depend on a range of OEMs and network operators to adopt its source code changes and distribute them to users. Both Apple and Microsoft, in contrast, have a direct channel to update their mobile operating systems.
What Google can update is apps, through the Play Store infrastructure. With each new release of Android, Google has pushed more functionality into packages such as Google Play Services and Google Play Store that run on top of the core Android OS. These packages are updated and maintained through the Play Store system, and in Android 5, this includes the WebView control. So going forward, this component can be updated—though the same problem will remain for those portions that remain as part of the core open source Android OS. Android 5.0 is, incidentally, currently in use by less than 0.1 percent of Android users, by Google's own estimates.
This improved servicing and maintenance is one of the reasons that Google has been pushing more features into APKs and out of the Android OS. But it does little to help the 60 percent of Android users who are currently at risk every time they open a link in the browser embedded into their Twitter client.

 

themuslimchronicle
themuslimchronicle

Name *

E-mail *

Comment Title*

Comment *

: Characters Left

Mandatory *

Terms of use

Publishing Terms: Not to offend the author, or to persons or sanctities or attacking religions or divine self. And stay away from sectarian and racial incitement and insults.

I agree with the Terms of Use

Security Code*

google not to fix bug hitting 60 of android phones google not to fix bug hitting 60 of android phones

 



Themuslimchronicle, themuslimchronicle
Themuslimchronicle, themuslimchronicle
Themuslimchronicle, themuslimchronicle

GMT 14:15 2017 Thursday ,31 August

Mohamed bin Zayed receives HCT delegation

GMT 07:29 2017 Thursday ,23 February

Kohli issues Starc warning to India's batsmen in Pune

GMT 09:38 2017 Friday ,11 August

At least 36 killed in China bus crash

GMT 06:36 2018 Wednesday ,24 January

World powers step up pressure on Syria, Russia

GMT 21:36 2011 Thursday ,12 May

Euro steadies against dollar

GMT 20:12 2011 Tuesday ,10 May

Qatar exchange up 1.42 %

GMT 08:37 2016 Thursday ,08 September

By alleged toxic bomb attacks in Aleppo

GMT 19:18 2011 Wednesday ,09 February

RiRi - love the way you smell

GMT 22:55 2017 Wednesday ,04 October

Trump says he has 'total confidence' in Tillerson

GMT 10:54 2015 Monday ,23 March

Simple chocolate button egg

GMT 16:37 2015 Saturday ,23 May

Classic lasagne

GMT 19:08 2017 Wednesday ,01 November

Libya coastguard rescues nearly 300 migrants at sea

GMT 04:42 2017 Wednesday ,30 August

Saudi Arabia says ready to welcome

GMT 13:01 2017 Thursday ,30 November

Streaking Cavs survive James' first career ejection
Themuslimchronicle, themuslimchronicle
Themuslimchronicle, themuslimchronicle
 
 Themuslimchronicle Facebook,themuslimchronicle facebook  Themuslimchronicle Twitter,themuslimchronicle twitter Themuslimchronicle Rss,themuslimchronicle rss  Themuslimchronicle Youtube,themuslimchronicle youtube  Themuslimchronicle Youtube,themuslimchronicle youtube

Maintained and developed by Arabs Today Group SAL.
All rights reserved to Arab Today Media Group 2023 ©

Maintained and developed by Arabs Today Group SAL.
All rights reserved to Arab Today Media Group 2023 ©

muslimchronicle muslimchronicle muslimchronicle muslimchronicle
themuslimchronicle themuslimchronicle themuslimchronicle
themuslimchronicle
بناية النخيل - رأس النبع _ خلف السفارة الفرنسية _بيروت - لبنان
themuslimchronicle, themuslimchronicle, themuslimchronicle