Hi, I love my Android phone, but one of my concerns about the Android platform is the lack of a clear end-to-end process for distribution of security patches and bugfixes.
The model outlined in the FAQ states that once a patch or bugfix has been released into the source, then it is up to the hardware vendors to pick up and push them. At present this seems to be a haphazard and unreliable process. On any other OS one can simply run the platform equivalent of 'Check for updates' and get up to date virtually immediately. If Google can't build their own update service, then can they at least require those OEMS that are certified 'With Google' to disseminate critical patches and fixes with a minimum period after the fix has been released? It could be something like 30 days for non-critical patches and a few days for critical security or stability issues. Non-compliant vendors could lose their certified status and no longer have access to Google App Market etc. if they don't get their act together This might get things moving faster. Also, what is the point of the 'Security Announcements' group if it has had no posts since the initial welcome message in 2008? Supposedly it was to highlight important releases and list teh process for updating hw from various vendors. In practice it looks like no-one has cared about it since day one. -- You received this message because you are subscribed to the Google Groups "Android Security Discussions" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/android-security-discuss?hl=en.
