Android gets larger-than-usual patch bundle as researchers get to work As a further sign that researchers are getting serious about finding holes in Android operating systems, Google has released one of its biggest ever monthly patch bundles, with 39 flaws fixed. "The most severe of these issues is a Critical security vulnerability that could enable remote code execution on an affected device …
Money speaks far more than toothless regulators.
If it can be convincingly argued that security bugs are defects then manufacturers have a statutory obligation to provide improvements. Not to do so would be lead them open to both civil and criminal suits. The test case in the Netherlands is the one to watch.
In the meantime just root and mod the damn thing: Samsung makes this pretty easy.
I find the oft-repeated statement in all Reg articles about Android updates that Nexus users get updates especially irritating is it is patently not the case for early Nexus 7 tablets. Those who bought Samsung and similar bought into a clear history of updates for a few months if lucky. The only reason I got a Nexus was for the longevity and while it went longer than most non-Nexus models it has now been consigned to the scrap-heap and the Nexus brand joins my select blacklist.
"The only reason I got a Nexus was for the longevity and while it went longer than most non-Nexus models it has now been consigned to the scrap-heap and the Nexus brand joins my select blacklist."
Is this something we have come to expect thanks to Microsoft and it's rolling patches/updates for 10+ years on Windows versions? Does any other devices' software get supported for much more than three years? Or OS for that matter?
I'm not saying it's right that what is technically a build flaw from new should not be fixed even many years afterwards if at all possible, or discounting the fact that most other Android phone in particular are lucky to get update for as long as a year, but have we had our expectations raised by MS (Yes, I do feel dirty for saying this - need a shower now)
Maybe software/firmware should be supported for the "lifetime" of the product where said lifetime is equal to the same rules governing physical hardware and design flaws or "built in" faults. In the EU at least that would mean items like TVs and Phones being supported for up to 5 years. I'd think security fixes at least ought to be covered since they are inherent flaws in the device from new.
It's not really an opinion that the original Nexus 7's have an issue that can't be fixed - I spent some time trying to fix mine before having to give up.
My opinion is that it's worth taking that hit as I've been generally happy with the 4 other Nexus devices that I've had. Hopefully a one-off.
Whilst I rarely have anything positive to say about LG (mainly because of the bizarre swapping behaviour that android seems to have on this platform as opposed to the S6s in the household) they are at least pretty good about patch OTA updates. I got the March update on the 21st and Android 6 before that. Not exactly Nexus levels obviously - but waaaay better than Samsung.
As a software "pro" it is irritating that security still is seen as an optional extra.
Couldn't a company like Google to the security testing BEFORE they release things, rather than pay people to find the vulnerabilities afterwards? Sounds like closing the stable door after the horse has bolted, to use an exhausted cliche.
Sounds like they are somewhat at the mercy of 3rd party suppliers (Qualcomm was mentioned), but couldn't they enforce the same level of quality on them as on themselves?
Nobody has ever asked me to check security of the code we've been writing for the last 30+ years, most companies don't care or can't afford to do it, but the people who provide the platforms/OS should care.
>As a software "pro" it is irritating
You're clearly not a pro then. All software goes out the door with bugs still present. You may think you've found them all but you haven't. Professionals know that they won't have found the bugs but will have a degree of confidence that they have done their best within time and budget constraints to find them, and have sufficient processes and procedures to react to bugs found in the field, and promptly release patches.
"...if they performed the same level of testing..."
What do you mean "same level of testing"? These bugs are being reported by independent third parties not affiliated with Google. The devs and QA folk at Google have performed testing to the limits of resources available. Then the outsiders (or even insiders) stumble onto something.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2025
