I am answering the same question over and over here. OTA updates all anything in /system (plus kernel, radio image, whatever else the device manufacturer supports) to be updated.
Whether there is user interaction is up to the device manufacturer. They certainly could do this without any user interaction, but that is often not desireable since this requires rebooting the device and you don't want to disrupt what they are doing. I don't know off-hand where code relating to this is. I don't think there is anything else I can answer here to help. Maybe you should talk with someone who has an android device that does OTA updates and see what their experience with it is? Nexus 1 and Nexus S certainly do this, with updates supplied by Google. On Wed, Feb 16, 2011 at 2:16 AM, loic <[email protected]> wrote: > > > Does this also apply to embeeded native librairy? to core apps like > > > Browser which are not implemented only against SDK? > > > > The OTA update facility allows anything in /system (and the kernel, and > the > > radio, again depending on support in the boot loader) to be updated. > > > > > Does that mean that the patch for the Webkit vulnerability > > > (CVE-2010-1780) could have been sent over the air? > > > > Yes such patches can and do get sent over the air. This depends though > on > > the device manufacturer having the full support for OTA updates, and the > > carrier for delivering them. All compatible devices are required to have > > *some* way to system software updates, though this doesn't need to be OTA > (I > > believe the CDD should have details on theses requirements). > > Are this "over the air" patches for native librairies or embeeded apps > installable without end user interaction? > In other words, could a carrier or a phone manufacturer push a > security patch without user interaction? > If this mechanisms exists, is it a part of Android or something > specific to phone manufacturers? > > At which part of Android source should I look to get more informations > on OTA mechanisms? > > Regards > > -- > You received this message because you are subscribed to the Google Groups > "Android Security Discussions" group. > To post to this group, send email to > [email protected]. > To unsubscribe from this group, send email to > [email protected]. > For more options, visit this group at > http://groups.google.com/group/android-security-discuss?hl=en. > > -- Dianne Hackborn Android framework engineer [email protected] Note: please don't send private questions to me, as I don't have time to provide private support, and so won't reply to such e-mails. All such questions should be posted on public forums, where I and others can see and answer them. -- You received this message because you are subscribed to the Google Groups "Android Security Discussions" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/android-security-discuss?hl=en.
