Updates don't need to be done OTA. That is however the preferred way, since you are going to update a much greater % of the devices by pushing the update to them rather than relying on the user to know about the update and deliberately get it and install it.
Currently the Android CDD requires some kind of data connectivity for the device. People can build Android devices without data connectivity (Android is open source they can do whatever they want with it), but this will not be a compatible device as per the CDD and thus not able to have Market and outside the purview of what we can consider. Also... being concerned about security vulnerabilities for a device that doesn't have data connectivity... doesn't that seem a bit pointless? If you don't have data, you don't have web browsing nor ability to use Market to install apps, so... what do you need to be secure from? On Tue, Aug 10, 2010 at 6:09 PM, perumal316 <[email protected]> wrote: > Hi All, > > Thanks for the inputs. Currently all the updates are done Over The Air > (OTA). Is it the only way to do updates or patch a vulnerability? What > if the user does not have a data plan? > > Regards, > Perumal > > On Aug 11, 6:13 am, Dianne Hackborn <[email protected]> wrote: > > This has nothing to do with special UI candy coating, and with the > > manufacturer maintaining the build for their devices and being > responsible > > for maintaining them, including QA of any updates. This will not change. > > > > On Tue, Aug 10, 2010 at 2:03 PM, Duane Blanchard <[email protected] > >wrote: > > > > > > > > > > > > > It still seems that each hardware manufacturer has to confirm that the > > > new update won't mess up their specialized UI candy coating, and that > > > if this is the case, that Android is still splintered, though > > > artificially so. Truly, other *nix platforms face similar issues, e.g. > > > KDE, GNOME, and others could be negatively impacted by some > > > update/change to the Linux kernel, but the onus to resolve any impact > > > probably falls only on the desktop environment community, not on the > > > Linux kernel community. Granted, if the kernel update contains a bug, > > > that falls on the kernel devs, but I think it is clear what I'm saying > > > here. > > > > > We have some flexibility with Android due to the Android Open Source > > > Project making the code, and many tools available to everyone, and due > > > to key players in the community being able to build distributions for > > > a variety of devices, with and without MotoBlur and HTC Sense. Those > > > willing/able to root their devices have the choice to install just > > > Android, or Android plus a UI add-on. However, there is still an > > > artificial barrier to fresh updates for most users because only their > > > carrier can push updates to their devices, and users cannot pull > > > updates directly from the Open Handset Alliance. > > > > > The terms of the Apache license allow for all this, but I wonder > > > whether the current model of carriers pushing updates to devices will > > > be sustained, or whether there will come a point at which people > > > expect updates to come directly from the OHA (or from Google, since > > > many people seem to think Google is the sole party behind all of > > > Android). > > > > > D > > > > > On Tue, Aug 10, 2010 at 12:41 PM, Dianne Hackborn <[email protected] > > > > > wrote: > > > > A system update *is* a patch. It may be small (fix one vulnerability > in > > > web > > > > kit) or large (update everything to Android 2.2). > > > > > > On Tue, Aug 10, 2010 at 12:23 AM, perumal316 <[email protected]> > > > wrote: > > > > > >> Hi All, > > > > > >> I am just wondering how does Android do patching? For example how do > > > >> they push down software patches to solve security vulnerabilities > etc? > > > >> Or it is only system upgrade. Like from 2.1 to 2.1 update 1 to 2.2. > So > > > >> is there is no patches pushed down in the interim period. > > > > > >> Thanks In Advance, > > > >> Perumal > > > > > >> -- > > > >> You received this message because you are subscribed to the Google > > > Groups > > > >> "Android Security Discussions" group. > > > >> To post to this group, send email to > > > >> [email protected]. > > > >> To unsubscribe from this group, send email to > > > >> [email protected]<android-security-discuss%[email protected]> > <android-security-discuss%[email protected]<uss%[email protected]> > > > > > . > > > >> For more options, visit this group at > > > >>http://groups.google.com/group/android-security-discuss?hl=en. > > > > > > -- > > > > Dianne Hackborn > > > > Android framework engineer > > > > [email protected] > > > > > > Note: please don't send private questions to me, as I don't have time > to > > > > provide private support, and so won't reply to such e-mails. All > such > > > > questions should be posted on public forums, where I and others can > see > > > and > > > > answer them. > > > > > > -- > > > > You received this message because you are subscribed to the Google > Groups > > > > "Android Security Discussions" group. > > > > To post to this group, send email to > > > > [email protected]. > > > > To unsubscribe from this group, send email to > > > > [email protected]<android-security-discuss%[email protected]> > <android-security-discuss%[email protected]<uss%[email protected]> > > > > > . > > > > For more options, visit this group at > > > >http://groups.google.com/group/android-security-discuss?hl=en. > > > > > -- > > > You received this message because you are subscribed to the Google > Groups > > > "Android Security Discussions" group. > > > To post to this group, send email to > > > [email protected]. > > > To unsubscribe from this group, send email to > > > [email protected]<android-security-discuss%[email protected]> > <android-security-discuss%[email protected]<uss%[email protected]> > > > > > . > > > For more options, visit this group at > > >http://groups.google.com/group/android-security-discuss?hl=en. > > > > -- > > Dianne Hackborn > > Android framework engineer > > [email protected] > > > > Note: please don't send private questions to me, as I don't have time to > > provide private support, and so won't reply to such e-mails. All such > > questions should be posted on public forums, where I and others can see > and > > answer them.- Hide quoted text - > > > > - Show quoted text - > > -- > You received this message because you are subscribed to the Google Groups > "Android Security Discussions" group. > To post to this group, send email to > [email protected]. > To unsubscribe from this group, send email to > [email protected]<android-security-discuss%[email protected]> > . > For more options, visit this group at > http://groups.google.com/group/android-security-discuss?hl=en. > > -- Dianne Hackborn Android framework engineer [email protected] Note: please don't send private questions to me, as I don't have time to provide private support, and so won't reply to such e-mails. All such questions should be posted on public forums, where I and others can see and answer them. -- You received this message because you are subscribed to the Google Groups "Android Security Discussions" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/android-security-discuss?hl=en.
