google not to fix bug hitting 60 of android phones
Last Updated : GMT 09:40:38
Themuslimchronicle, themuslimchronicle
Themuslimchronicle, themuslimchronicle
Last Updated : GMT 09:40:38
Themuslimchronicle, themuslimchronicle

Google not to fix bug hitting 60% of Android phones

Themuslimchronicle, themuslimchronicle

Themuslimchronicle, themuslimchronicleGoogle not to fix bug hitting 60% of Android phones

Windows bug
Tehran - FNA

Just as Google is coming under fire for publicizing a Windows bug two days before Microsoft released a fix, the company is now in the crosshairs because of its approach towards updating its own software.
Not for the first time, a bug has been found in the WebView component of Android 4.3 and below. This is the embeddable browser control powered by a version of the WebKit rendering engine used in Android apps.
Android 4.4 and 5.0, which use Blink rather than WebKit for their WebView, are unaffected. But by Google's own numbers, some 60 percent of Android users are using 4.3 or below. As such, this is a widespread, high-impact bug. The normal procedure would be to report the bug to Google, and for Google to develop a fix and publish it as part of Android Open Source Project release, arstechnica reported.
But, writes Tod Beardsley, developer of the Metasploit security testing framework, that's not what happened this time. The Android security team was notified of the problem, and the response was.
If the affected version [of WebView] is before 4.4, we generally do not develop the patches ourselves, but welcome patches with the report for consideration. Other than notifying OEMs, we will not be able to take action on any report that is affecting versions before 4.4 that are not accompanied with a patch.
Google will tell OEMs about the problem, but has no interest in fixing it. Asked for clarification, the Android developers responded:
If the affected version [of WebView] is before 4.4, we generally do not develop the patches ourselves but do notify partners of the issue[...] If patches are provided with the report or put into AOSP we are happy to provide them to partners as well.
After further correspondence, the Android developers replied that components of Android 4.3 such as the media player would receive back-ported patches. But WebView was on its own. Though there appears to be no clear end-of-life policy from Google, Android 4.3's WebView has reached the limit. The WebView controls used on a majority of Android phones, and still used in newly sold Android phones today, are unsupported and insecure.
Making this worse, Google isn't even providing much information about those Android vulnerabilities that are reported or fixed. Beardsley writes that Google's only indication of a fixed security flaw is the commit message written when the fix is integrated into AOSP. When a flaw isn't even fixed, there's obviously no commit message, and so there's no good public record of the problem.
Of course, Google producing a patch for Android 4.3 and below would only be the first step. OEMs would have to bake that patch into their own firmware updates, mobile operators would have to validate and customize those firmware updates further still, and it's unlikely that, in practice, many Android users would ever receive the patch. But without Google taking the first step, even that slim possibility is eliminated.
This difficulty has not prevented Google from developing updates in the past; in April of last year, it developed a fix for Android 4.1.1 to fix the Heartbleed flaw. OEM availability of that update may have been limited, but at least the option existed. For the WebView problems, it does not.
In principle, most phones running Android 4.3 or below could receive major updates to 4.4 or even 5.0, and eliminate the bug in that manner. This, however, ignores the practice that OEMs are frequently unwilling to make this kind of major update; given what we know of smartphone manufacturers, expecting them to pick up the very newest version just to get security fixes isn't at all realistic. The OEM position is understandable. A manufacturer shipping a customized version of Android 4.3 on a phone will generally find it much easier to update that custom version to a newer 4.3 patch level than it will to update to Android 4.4 or 5.0. The changes are smaller, and the work required is lesser.
Google's position is complicated, because it has produced a platform that it has no power to update. There's no Windows Update for Android phones, and Google has no ability to push out updates to the operating system; it has to depend on a range of OEMs and network operators to adopt its source code changes and distribute them to users. Both Apple and Microsoft, in contrast, have a direct channel to update their mobile operating systems.
What Google can update is apps, through the Play Store infrastructure. With each new release of Android, Google has pushed more functionality into packages such as Google Play Services and Google Play Store that run on top of the core Android OS. These packages are updated and maintained through the Play Store system, and in Android 5, this includes the WebView control. So going forward, this component can be updated—though the same problem will remain for those portions that remain as part of the core open source Android OS. Android 5.0 is, incidentally, currently in use by less than 0.1 percent of Android users, by Google's own estimates.
This improved servicing and maintenance is one of the reasons that Google has been pushing more features into APKs and out of the Android OS. But it does little to help the 60 percent of Android users who are currently at risk every time they open a link in the browser embedded into their Twitter client.

 

themuslimchronicle
themuslimchronicle

Name *

E-mail *

Comment Title*

Comment *

: Characters Left

Mandatory *

Terms of use

Publishing Terms: Not to offend the author, or to persons or sanctities or attacking religions or divine self. And stay away from sectarian and racial incitement and insults.

I agree with the Terms of Use

Security Code*

google not to fix bug hitting 60 of android phones google not to fix bug hitting 60 of android phones

 



Themuslimchronicle, themuslimchronicle
Themuslimchronicle, themuslimchronicle
Themuslimchronicle, themuslimchronicle

GMT 08:26 2018 Tuesday ,23 January

Five things to know about Davos

GMT 21:30 2017 Wednesday ,01 November

New York Times’ third-quarter revenue up 6.1%

GMT 11:09 2017 Friday ,24 November

Berlin police seeking more missing John Lennon items

GMT 06:34 2017 Saturday ,09 December

Rockets down Jazz for eighth straight NBA win

GMT 23:25 2017 Thursday ,16 February

Pakistan adds 16 new fighter jets to its fleet

GMT 10:50 2018 Tuesday ,23 January

Saudi university to open driving school for women

GMT 03:31 2017 Saturday ,07 January

Sharjah launches award for refugee support
Themuslimchronicle, themuslimchronicle
Themuslimchronicle, themuslimchronicle
 
 Themuslimchronicle Facebook,themuslimchronicle facebook  Themuslimchronicle Twitter,themuslimchronicle twitter Themuslimchronicle Rss,themuslimchronicle rss  Themuslimchronicle Youtube,themuslimchronicle youtube  Themuslimchronicle Youtube,themuslimchronicle youtube

Maintained and developed by Arabs Today Group SAL.
All rights reserved to Arab Today Media Group 2023 ©

Maintained and developed by Arabs Today Group SAL.
All rights reserved to Arab Today Media Group 2023 ©

muslimchronicle muslimchronicle muslimchronicle muslimchronicle
themuslimchronicle themuslimchronicle themuslimchronicle
themuslimchronicle
بناية النخيل - رأس النبع _ خلف السفارة الفرنسية _بيروت - لبنان
themuslimchronicle, themuslimchronicle, themuslimchronicle