On Tue, Feb 15, 2011 at 1:24 AM, droid_sec <[email protected]> wrote:
> Is this "over the air update facility" a part of the Android framework > (for kernel or built in app updates)? > Is there any documentation on this particular topic available? > It is partly in the framework, but requires cooperation with the device's bootloader etc. I don't know about documentation. > Does this also apply to embeeded native librairy? to core apps like > Browser which are not implemented only against SDK? > The OTA update facility allows anything in /system (and the kernel, and the radio, again depending on support in the boot loader) to be updated. > Does that mean that the patch for the Webkit vulnerability > (CVE-2010-1780) could have been sent over the air? > Yes such patches can and do get sent over the air. This depends though on the device manufacturer having the full support for OTA updates, and the carrier for delivering them. All compatible devices are required to have *some* way to system software updates, though this doesn't need to be OTA (I believe the CDD should have details on theses requirements). -- Dianne Hackborn Android framework engineer [email protected] Note: please don't send private questions to me, as I don't have time to provide private support, and so won't reply to such e-mails. All such questions should be posted on public forums, where I and others can see and answer them. -- You received this message because you are subscribed to the Google Groups "Android Security Discussions" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/android-security-discuss?hl=en.
