Let me clarify my statement regarding WP8. I'm not claiming that it is more/less vulnerable than Android. What I am claiming is that it is in a better position to mitigate vulnerabilities that might arise. Here are two examples. First, OEM software can be uninstalled. If you do not want a Nokia or a carrier app, you can uninstall it without needed any extra privileges or phone hacks. Second, some OS software components can be updated via the Windows Store. Alas I am not sure exactly what the limit to these updates are, only that I have seen them numerous times on my WP8 device. Also, to be fair, as you said WP8 is newer and thus could learn from the mistakes of other vendors.
Regarding your statement regarding proprietary drivers and automatic updates, I'm not really sure where you're coming from? There are quite a few instances of binary blobs being used in package updates on *nix distributions. Proprietary graphics drivers are just one example. It's certainly true that packages have dependencies related to one distribution, but Android is a single distribution. Version dependencies (i.e., making sure Android 4.1 components aren't installed in Android 4.2) are an easy problem to solve and already covered in APK metadata as it exists now. I certainly haven't thought out what a prototype "package manager system for Android" might look like, but it's certainly possible. I mean, what is an App store but a glorified simple package manager? Cheers, Nathaniel -- You received this message because you are subscribed to the Google Groups "Android Security Discussions" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at http://groups.google.com/group/android-security-discuss. For more options, visit https://groups.google.com/groups/opt_out.
