google not to fix bug hitting 60 of android phones
Last Updated : GMT 09:07:40
Egypt Today, egypt today
Egypt Today, egypt today
Last Updated : GMT 09:07:40
Egypt Today, egypt today

Google not to fix bug hitting 60% of Android phones

Egypt Today, egypt today

Egypt Today, egypt today Google not to fix bug hitting 60% of Android phones

Windows bug
Tehran - FNA

Just as Google is coming under fire for publicizing a Windows bug two days before Microsoft released a fix, the company is now in the crosshairs because of its approach towards updating its own software.
Not for the first time, a bug has been found in the WebView component of Android 4.3 and below. This is the embeddable browser control powered by a version of the WebKit rendering engine used in Android apps.
Android 4.4 and 5.0, which use Blink rather than WebKit for their WebView, are unaffected. But by Google's own numbers, some 60 percent of Android users are using 4.3 or below. As such, this is a widespread, high-impact bug. The normal procedure would be to report the bug to Google, and for Google to develop a fix and publish it as part of Android Open Source Project release, arstechnica reported.
But, writes Tod Beardsley, developer of the Metasploit security testing framework, that's not what happened this time. The Android security team was notified of the problem, and the response was.
If the affected version [of WebView] is before 4.4, we generally do not develop the patches ourselves, but welcome patches with the report for consideration. Other than notifying OEMs, we will not be able to take action on any report that is affecting versions before 4.4 that are not accompanied with a patch.
Google will tell OEMs about the problem, but has no interest in fixing it. Asked for clarification, the Android developers responded:
If the affected version [of WebView] is before 4.4, we generally do not develop the patches ourselves but do notify partners of the issue[...] If patches are provided with the report or put into AOSP we are happy to provide them to partners as well.
After further correspondence, the Android developers replied that components of Android 4.3 such as the media player would receive back-ported patches. But WebView was on its own. Though there appears to be no clear end-of-life policy from Google, Android 4.3's WebView has reached the limit. The WebView controls used on a majority of Android phones, and still used in newly sold Android phones today, are unsupported and insecure.
Making this worse, Google isn't even providing much information about those Android vulnerabilities that are reported or fixed. Beardsley writes that Google's only indication of a fixed security flaw is the commit message written when the fix is integrated into AOSP. When a flaw isn't even fixed, there's obviously no commit message, and so there's no good public record of the problem.
Of course, Google producing a patch for Android 4.3 and below would only be the first step. OEMs would have to bake that patch into their own firmware updates, mobile operators would have to validate and customize those firmware updates further still, and it's unlikely that, in practice, many Android users would ever receive the patch. But without Google taking the first step, even that slim possibility is eliminated.
This difficulty has not prevented Google from developing updates in the past; in April of last year, it developed a fix for Android 4.1.1 to fix the Heartbleed flaw. OEM availability of that update may have been limited, but at least the option existed. For the WebView problems, it does not.
In principle, most phones running Android 4.3 or below could receive major updates to 4.4 or even 5.0, and eliminate the bug in that manner. This, however, ignores the practice that OEMs are frequently unwilling to make this kind of major update; given what we know of smartphone manufacturers, expecting them to pick up the very newest version just to get security fixes isn't at all realistic. The OEM position is understandable. A manufacturer shipping a customized version of Android 4.3 on a phone will generally find it much easier to update that custom version to a newer 4.3 patch level than it will to update to Android 4.4 or 5.0. The changes are smaller, and the work required is lesser.
Google's position is complicated, because it has produced a platform that it has no power to update. There's no Windows Update for Android phones, and Google has no ability to push out updates to the operating system; it has to depend on a range of OEMs and network operators to adopt its source code changes and distribute them to users. Both Apple and Microsoft, in contrast, have a direct channel to update their mobile operating systems.
What Google can update is apps, through the Play Store infrastructure. With each new release of Android, Google has pushed more functionality into packages such as Google Play Services and Google Play Store that run on top of the core Android OS. These packages are updated and maintained through the Play Store system, and in Android 5, this includes the WebView control. So going forward, this component can be updated—though the same problem will remain for those portions that remain as part of the core open source Android OS. Android 5.0 is, incidentally, currently in use by less than 0.1 percent of Android users, by Google's own estimates.
This improved servicing and maintenance is one of the reasons that Google has been pushing more features into APKs and out of the Android OS. But it does little to help the 60 percent of Android users who are currently at risk every time they open a link in the browser embedded into their Twitter client.

 

egypttoday
egypttoday

Name *

E-mail *

Comment Title*

Comment *

: Characters Left

Mandatory *

Terms of use

Publishing Terms: Not to offend the author, or to persons or sanctities or attacking religions or divine self. And stay away from sectarian and racial incitement and insults.

I agree with the Terms of Use

Security Code*

google not to fix bug hitting 60 of android phones google not to fix bug hitting 60 of android phones



GMT 07:32 2017 Saturday ,11 March

Nanshy unveils latest product

GMT 14:16 2018 Monday ,08 October

Rupee closes at record low of 74.06 to dollar

GMT 16:34 2012 Thursday ,12 April

Qatar Exchange Up 0.29%

GMT 10:06 2017 Tuesday ,08 August

Saudi Arabia, Iraq sign MoU on air transport

GMT 13:05 2011 Sunday ,12 June

Emirati students lend a helping hand in Asia

GMT 15:21 2011 Wednesday ,29 June

N.M. fire prompts radiation concerns

GMT 10:15 2012 Thursday ,12 January

World\'s smallest frog discovered

GMT 10:46 2017 Thursday ,09 March

Aramco’s evaluation will be a pleasant surprise

GMT 14:44 2016 Tuesday ,21 June

Euro 2016: Wales Dominate Russia, Tops Group B

GMT 08:31 2012 Monday ,26 March

H&M eco-friendly collection

GMT 08:02 2017 Friday ,17 February

HRH Premier condoles with UAE

GMT 18:18 2011 Monday ,29 August

Hyundai E&C ranks 23rd in world

GMT 23:01 2012 Sunday ,26 February

Moscino masculinity Autmn/winter collection

GMT 09:17 2011 Monday ,26 September

Villarreal’s Marco Ruben to miss Napoli
 
 Egypt Today Facebook,egypt today facebook  Egypt Today Twitter,egypt today twitter Egypt Today Rss,egypt today rss  Egypt Today Youtube,egypt today youtube  Egypt Today Youtube,egypt today youtube

Maintained and developed by Arabs Today Group SAL.
All rights reserved to Arab Today Media Group 2021 ©

Maintained and developed by Arabs Today Group SAL.
All rights reserved to Arab Today Media Group 2021 ©

egypttoday egypttoday egypttoday egypttoday
egypttoday egypttoday egypttoday
egypttoday
بناية النخيل - رأس النبع _ خلف السفارة الفرنسية _بيروت - لبنان
egypttoday, Egypttoday, Egypttoday