The biggest Android Flaw Ever?? CNN thinks so

Discussion in 'Alternatives to iOS and iOS Devices' started by MasterRyu2011, Jul 27, 2015.

  1. MasterRyu2011 macrumors 65816

    Joined:
    Aug 22, 2014
    #1
  2. Andres Cantu macrumors 68030

    Andres Cantu

    Joined:
    May 31, 2015
    Location:
    Rio Grande Valley in South Texas
    #2
    It does looks bad for CNN to say "Androids", although other websites should also pay attention to how they address companies, operating systems, and smartphones. For example, Apple vs. Google and Samsung, iOS vs. Android, and iPhone vs. Nexus (not Apple vs. Android or my iPhone vs. my Samsung).

    I'm more curious to see how this vulnerability plays out over time.
     
  3. lazard macrumors 65816

    Joined:
    Jul 23, 2012
    #3
    The biggest negative with Android is how updates are dependent of either the manufacturer or the carrier (or both). According to the article, Google already sent out the fix, but nothing has been done yet in regards to pushing out the update.
     
  4. MasterRyu2011 thread starter macrumors 65816

    Joined:
    Aug 22, 2014
    #4

    Agreed

    Google should the at very least demand their OEM partners to demand the carriers to stop/delay preventing manufacturing updates from happening. I can understand if the OEMs need to make their changes in order to release a new very of Android on their handsets, but it's absurd that carriers have any say at all. If Verizon wanted their VZNavigator crap to be available, just put it on the Play Store and call it a day.
     
  5. tbayrgs, Jul 27, 2015
    Last edited: Jul 28, 2015

    tbayrgs macrumors 603

    tbayrgs

    Joined:
    Jul 5, 2009
    Location:
    Florida, USA
    #5
    Problem is two-fold. How can Google demand anything when Android is open source and available to any OEM? Sure, they could change the conditions of Android's use and try to play hardball but it goes against the very nature of their business model. Google doesn't see the profit margins from hardware that Apple (or even Samsung) has and needs eyeballs on their services for their income. They need the volume of users and alienating OEMs risks big drops in users. Tighten the reins and exert more control and Android becomes more like iOS, exactly NOT was many Android users (and especially the purists) want.

    The second element of this is the nature of the carrier/OEM relationships and contract system here in the US. OEMs need their handsets front and center in carrier shops here in the US. Unlocked devices still don't have widespread appeal and simply don't sell well here. If they want their devices in retail stores, they have to play ball with the carriers...meaning they have to accommodate their software requirements. Apple is the only exception to this rule because 1) iPhones are the bestselling phones in the US and 2) Apple customers don't behave like your typical consumer. They will follow the iPhone anywhere and if carriers try to enforce their will on Apple, Apple moves on because they'll still sell the phone..only that customer will now be using a different carrier.

    Any way you slice it, changing these conditions is going to significantly impact Google (upset consumers or upset OEMs).
     
  6. epicrayban, Jul 27, 2015
    Last edited: Jul 27, 2015

    epicrayban macrumors 603

    epicrayban

    Joined:
    Nov 7, 2014
    #6
    Well explained.

    And while I want updates to always come faster, I've also accepted that this is how it is on android. It's just an entirely different beast. And there are tradeoffs to that. If android want open to interpretation you wouldn't have the freedoms you have now nor would you have OEM innovations like the things that can be done with touchwiz. Also, having the latest android update isn't going to make our break the average user (aka not peeps visiting these boards). Modern android phone are delivering very good and usable android versions. I think android got that stride a while back. Maybe as far back as ice cream sandwich.

    Lastly, OEMs have improved their update times. Namely Motorola, HTC, Sony. Even Samsung is doing better with updates.

    It can, of course, always get even better. Especially when it comes to security patch type updates.
     
  7. grkm3 macrumors 6502a

    Joined:
    Feb 12, 2013
    #7
    pretty sure any device on 5.02 or above jas this patched.
     
  8. ucfgrad93 macrumors P6

    ucfgrad93

    Joined:
    Aug 17, 2007
    Location:
    Colorado
    #8
    Agreed, if you have an Android phone getting updates is very hit or miss.
     
  9. Roadstar macrumors 6502a

    Roadstar

    Joined:
    Sep 24, 2006
    Location:
    Vantaa, Finland
    #9
    If only that were the case, but currently e.g. my Nexus 5 on 5.1.1 remains vulnerable. They've fixed some (but not all) of the flaws on Nexus 6, but that's about it. I hope Google fixes at least Nexus devices quickly as the Black Hat conference is just around the corner.
     
  10. maflynn Moderator

    maflynn

    Staff Member

    Joined:
    May 3, 2009
    Location:
    Boston
    #10
    Its not like google has control over the OS, as noted, its open sourced. Their only leverage is the google apps license. They threaten that when someone is doing what google wants with android.

    This has been the achilles heel of Android, Google went the open source route to get multiple manufacturers to embrace the platform along with multiple carriers. By going this route, they lost a lot of control, and in a sense that loss of control was what they touted. Allowing manufacturers final say, now they're trying to change that, and that's just not possible.
     
  11. MRU macrumors demi-god

    MRU

    Joined:
    Aug 23, 2005
    Location:
    Ireland
    #11
    That implies that carriers are the ones delaying software updates and yet in my experience buying only unbranded sim free devices - more often than note a 'carrier versions' gets the update pushed out weeks and sometimes months before unbranded sim free devices get the update from the manufacturer.
     
  12. diamond.g macrumors 603

    diamond.g

    Joined:
    Mar 20, 2007
    Location:
    Virginia
    #12
    What is worse is this isn't a text messaging flaw, it is an OS flaw. MMS is just easier to exploit than the browser. The temp fix for the MMS portion is to not allow auto download of MMS content. Supposedly only FF isn't affected by the issue (as far as Android browsers are concerned).
     
  13. diamond.g macrumors 603

    diamond.g

    Joined:
    Mar 20, 2007
    Location:
    Virginia
    #13
    Sometimes they do. AT&T has been holding back updates for my N6 even though I didn't get a branded phone.
     
  14. MRU macrumors demi-god

    MRU

    Joined:
    Aug 23, 2005
    Location:
    Ireland
    #14
    True, but even the Lollipop 5.1.1 update was very protracted releasing it device by device over a number of weeks - even when its just 'google'.
     
  15. OrangeInc macrumors member

    Joined:
    Jul 31, 2013
    #15
    I have a custom rom and don't update my phone but I hear this all the time about delayed software updates. It really is dependent on the manufacturer and/or phone carrier. Google just gives them the platform for them to customize on so I imagine once an android update comes out, google gives the code to the manufacturers and then they in turn have to implement it in a way that it works on all their different phone models. And a lot of these manufacturers also have other parts of their business production to focus on. I can see why there is such a bottle-neck.
     
  16. gotluck macrumors 603

    gotluck

    Joined:
    Dec 8, 2011
    Location:
    East Central Florida
    #16
    how do you guys know what versions are vulnerable?

    if im not mistaken they have not released real juicy details regarding this yet aside from the 95% effected number.
     
  17. MasterRyu2011 thread starter macrumors 65816

    Joined:
    Aug 22, 2014
    #17

    Don't go by the CNN article. The real details are in the blog by the security research group who found it. It's basically all devices running Android 2.2 Froyo or later:

    http://blog.zimperium.com/experts-found-a-unicorn-in-the-heart-of-android/

    "Android and derivative devices after and including version 2.2 are vulnerable. Devices running Android versions prior to Jelly Bean (roughly 11% of devices) are at the worst risk due to inadequate exploit mitigations. If ‘Heartbleed’ from the PC era sends chill down your spine, this is much worse."


    So unless, you're using an Android device built in 2010 (that's when Android 2.2 Froyo came out) and never updated your phone, you're vulnerable.
     
  18. gotluck macrumors 603

    gotluck

    Joined:
    Dec 8, 2011
    Location:
    East Central Florida
    #18
    Roger that! But we are still awaiting details of the actual exploit eh? As in it can't really be weaponized yet because it is not documented.

    Fingers crossed that there will be a workaround/fix that mitigates this for rooted users because my phone will likely not be updated!
     
  19. lowendlinux Contributor

    lowendlinux

    Joined:
    Sep 24, 2014
    Location:
    North Country (way upstate NY)
    #19
    They could just tie it in with GMS. If they don't allow Google to OTA update then the phone can't use GMS. I'd like to see the carriers try to sell a phone with just AOSP.
     

Share This Page