On Sat, Jul 28, 2012 at 8:02 PM, Jeffrey Walton <[email protected]> wrote:
> This has been a problem in mobile dating back to the early 2000's. A
> lack of software liability laws in the US - coupled with obscene terms
> of service, means US consumers *really* need help here. I expect
> consumers in other parts of the world could use the help, too. Perhaps
> Google/Android could develop a strategy to ensure timely updates?
>From Slide 36 of the Mobile Exploit Intelligence Project
(www.trailofbits.com/resources/mobile_eip-04-19-2012.pdf):
* Android patches have little effect on problem
** Google has no ability to force carriers/OEMs to react
That's what I'm taliking about when I ask Google to develop an
effective strategy.
> http://www.infoworld.com/t/mobile-security/slow-patching-puts-android-users-further-risk-198668
>
> ...carriers and device makers deserve some credit. Georg Wicherski of
> CrowdStrike and Miller demonstrated how they could infect an Android
> phone by exploiting a browser vulnerability discovered in February.
> The vulnerability was publicly disclosed by the Chrome development
> team and fixed, but carriers and device manufacturers have not pushed
> those fixes out to all Android users, thereby leaving them vulnerable,
> according to Reuters.
> ...
--
You received this message because you are subscribed to the Google Groups
"Android Security Discussions" group.
To post to this group, send email to [email protected].
To unsubscribe from this group, send email to
[email protected].
For more options, visit this group at
http://groups.google.com/group/android-security-discuss?hl=en.
