1 edit | Is Android fragmentation a huge security risk? An old article, but rather disturbing when it comes to OS security. All it would take is finding one zero-day exploit, and because there is no firmware consistency millions of users would be SOL, right?
»techcrunch.com/2011/10/27/charte···ntation/
"If you thought that entitled you to some support, think again:
- 7 of the 18 Android phones never ran a current version of the OS.
- 12 of 18 only ran a current version of the OS for a matter of weeks or less.
- 10 of 18 were at least two major versions behind well within their two year contract period.
- 11 of 18 stopped getting any support updates less than a year after release.
- 13 of 18 stopped getting any support updates before they even stopped selling the device or very shortly thereafter.
- 15 of 18 don’t run Gingerbread, which shipped in December 2010.
- In a few weeks, when Ice Cream Sandwich comes out, every device on here will be another major version behind.
- At least 16 of 18 will almost certainly never get Ice Cream Sandwich."
|
|
|
|
 BlitzenZeusBurnt Out CynicPremium
join:2000-01-13
kudos:2
 ·Frontier FiOS
| You don't think Apple leaves phones behind?
»en.wikipedia.org/wiki/IOS_version_history
quote:
iOS 4 was made available to the public for the iPhone and iPod touch on June 21, 2010. This is the first major iOS release to drop support for some devices. It is also the first major iOS release that iPod touch users do not have to pay for.
The iPhone 3G and iPod touch 2nd Gen. have limited features, while the iPhone 4, iPhone 3GS, iPod touch 3rd Gen. & iPod touch 4th Gen. have all features enabled. The iPhone and iPod touch 1st Gen. cannot run iOS 4.0 and above.
quote:
iOS 5 was previewed to the public on June 6, 2011.[70] This is also the second major iOS update to drop support for older devices, in this case; the iPhone 3G, and iPod touch 2nd Generation (MB & MC models). It was released for iPhone 3GS, iPhone 4 (GSM and CDMA), iPhone 4S, iPod touch (3rd and 4th generation), iPad, and iPad 2
Welcome to e-waste, they want you to buy that new phone every two years as they are going to stop supporting it anyway.
--
I distrust those people who know so well what god wants them to do because I notice it always coincides with their own desires- Susan B. Anthony
Yesterday we obeyed kings, and bent out necks before emperors. But today we kneel only to the truth- Kahlil G. |
|
| reply to DarkSithPro
In my view being on the current version is about new features and not necessarily security. In the few months i have had mu SGS2 I have jumped a few versions of Android 2.3 (Gingerbread) e.g. 2.33 to 2.35 my operator (O2) choosing to skip some in between and I believe that unbranded phones are now on 2.36 or 2.37. Some of these point updates will be about security and if a phone continued to get point updates then not being on Android 4.0 (ICS) doesn't really matter in some ways as long as the major security updates are applied.
As an aside Android has changed substantially in the last few years since its release I'd argue far more than iOS so its understandable that some phones get left behind as specs have increased exponentially for the OS in a short time. Some are physically incapable of being upgraded and others would function poorly if upgraded. Try and run Windows 7 on a Pentium III and see how it performs. I would also argue that being on the latest version is meaningless if all you get is a different version number string how many of the new features in the latest iOS run on the oldest supported phone and iPod version? That being said some manufacturers have abandoned phones for commercial rather than technical reasons and in the ideal world you would hope to get at least 18 - 24 months of updates after release (not necessarily to the latest version) as that is the typical length of a contract (and within the EU the phone is under warranty for 2 years after purchase as well) so those who purchase it on release day should have a reasonable expectation of updates during this period.
In summary you can have security updates without being on the current release and there are good reasons why some phones can't or wont be upgraded to the latest release.
Morpheus
P.S.
Android 3.0 (Honeycomb) was never a phone version so Gingerbread is only one release behind Ice cream Sandwich and incidentally ICS 4.0.3 is currently in beta for the SGS2.
--
Just because you're paranoid, it doesn't mean they are not after you |
|
| reply to DarkSithPro
Dude, with Android, you can install any mod you want to, keeping you up-to-date forever. For instance, I have bought ZTE Blade with 2.2 version of Android. Now running Cyanogen mod7 in it, which means 2.3.7 version of Android. If I want to change to something else, I can do that with just a few clicks of button(s)...ROM Manager makes it very easy to change from one OS version to other.
Ofcourse the operators and resellers of Android dont care about this or dont know about this. They should tell their customers to keep updating themself or provide the updates to their customers. But its not Androids fault if they arent doing that. |
|
| Going to CM7/CM9 did give you mileage in overall security, like program permissions
But, BOTH stock(official) & mod roms DONOT really update the components properly
in CM7 & stock 2.3.7 it is still stuck at OPENSSL 1.0.0.a (bug in DTLS for use in any VPN application  )
in 4.0.3 OPENSSL 1.0.0.f (which is much better, but still not the latest, allow denial of service when using VPN)
you can check it by downloading the source form source.android.com
look for external, openssl folder, configure.version
So are you safe when using Android & VPNs with your company??? |
|
| just checked the CM9 (ics branch) of Cyanogenmod rom, it is so SAD that the Openssl version is @1.0.0e which lets Big Brother recover your VPN password at ease: [DTLS Plaintext Recovery Attack (CVE-2011-4108)]
»openssl.org/news/secadv_20120104.txt
The official Android openssl source is @1.0.0f
You are warned to use FULL TCP VPN to be safe than sorry in your mobile life...... |
|
