Google patches Android security flaw
Google and T-Mobile have begun distributing a security patch for the first Android-powered phone, the G1 built by HTC. This is the update alert message.
(Credit: Stephen Shankland/CNET News)Google has begun distributing a patch to its Android mobile phone operating system, an early test for how nimbly the company can respond and how well the infrastructure works to distribute and install updates.
For the Android test phone I'm using, a T-Mobile G1, the update was smoother than the process by which the software problem came to light publicly on October 24.
The handset I'm testing gave me a message Saturday afternoon: "A system update is available," and a choice to update now or later. When I clicked the button to begin the update, it downloaded new software, which took a few minutes, then installed it, then resumed working with no hitches.
The patch fixes the highly publicized security problem with Android's Web browser and makes a few other minor changes, according to a Google spokesman quoted in IT World on Friday.
The researchers--Charlie Miller, Mark Daniel, and Jake Honoroff of Independent Security Evaluators--called the Android Web browser flaw serious, but Google said its severity was mitigated by Android's design, which restricts each program to its own area.
Earlier, Google appealed for what it called "responsible disclosure" of security vulnerabilities--in other words, a grace period to fix problems before they're made public to reduce the likelihood an attacker will get a chance to exploit a vulnerability. There's an ages-old tension between companies that want to fix their products and security researchers who want to get the word out, in part because attackers also are trying to find the vulnerabilities.
Google didn't respond to a request for comment Saturday.
Here the G1 shows progress in downloading the update.
(Credit: Stephen Shankland/CNET News)
Once the patch is downloaded, the phone automatically installs it.
(Credit: Stephen Shankland/CNET News)
Stephen Shankland writes about a wide range of technology and products, but has a particular focus on browsers and digital photography. He joined CNET News in 1998 and since then also has covered Google, Yahoo, servers, supercomputing, Linux and open-source software, and science. E-mail Stephen, or follow him on Twitter at http://www.twitter.com/stshank. 
Writing one software package to cover a multitude of non controlled hardware configurations will be disastrous.
You read it here first.
every new product has problems from coffee makers to cars to space craft. As the level of complexity increases, so does the potential for the need for fixes.
"Writing one software package to cover a multitude of non controlled hardware configurations will be disastrous."
non controlled? there's a developer standard and Google prominently worked with T Mobile and HTC on this phone.
as to one OS working on a multitude of hardware configs...you mean like Linux? (or Windows) or the myriad of devices (microwave ovens to DVD players) using lesser known embedded systems like qnx or other?
Linux has demonstrated an open OS can take on large commercial OSes and gain market share.
The real test will be to see how much market share Android phones have in 12-18 months.
My suspicion is they will be a significant competitor to iPhone and take some marketshare from Blackberry and Symbian and other business class devices.
Are you saying this browser (webkit) flaw won't happen on a platform with controlled hardware i.e. iphone/mac os x?
> You read it here first
Old news. Android will face the same challenges as Windows.
You worry about "non-controlled" configurations. Yet in reality, Google, HTC, and the other Android partners are working closely together. Clearly, Google had no problem getting this bug fix downstream.
Another thing, this thing uses ALOT of battery when you have the gps and wi-fi, so i turn this off. I love this phone and I think that upgrades should be welcomed.
- by mtnwing November 5, 2008 9:24 AM PST
- Can anyone else verify if they've tried installing this system update on a G1 that's already been unlocked from the T-Mobile network? If so did it work OK or does it cause an issues with the previous unlock?
- Like this Reply to this comment
-
(10 Comments)