This has been a problem in mobile dating back to the early 2000's. A lack of software liability laws in the US - coupled with obscene terms of service, means US consumers *really* need help here. I expect consumers in other parts of the world could use the help, too. Perhaps Google/Android could develop a strategy to ensure timely updates?
For completeness, its not just an Android problem. It took Apple weeks to remove toxic Diginotar certifcates from their system (meanwhile, folks in Iran were being MitM'd, and some were likely tortured and killed). Google is in the envious position of being able to make a difference. http://www.infoworld.com/t/mobile-security/slow-patching-puts-android-users-further-risk-198668 ...carriers and device makers deserve some credit. Georg Wicherski of CrowdStrike and Miller demonstrated how they could infect an Android phone by exploiting a browser vulnerability discovered in February. The vulnerability was publicly disclosed by the Chrome development team and fixed, but carriers and device manufacturers have not pushed those fixes out to all Android users, thereby leaving them vulnerable, according to Reuters. ... -- You received this message because you are subscribed to the Google Groups "Android Security Discussions" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/android-security-discuss?hl=en.
