> > Does this also apply to embeeded native librairy? to core apps like > > Browser which are not implemented only against SDK? > > The OTA update facility allows anything in /system (and the kernel, and the > radio, again depending on support in the boot loader) to be updated. > > > Does that mean that the patch for the Webkit vulnerability > > (CVE-2010-1780) could have been sent over the air? > > Yes such patches can and do get sent over the air. This depends though on > the device manufacturer having the full support for OTA updates, and the > carrier for delivering them. All compatible devices are required to have > *some* way to system software updates, though this doesn't need to be OTA (I > believe the CDD should have details on theses requirements).
Are this "over the air" patches for native librairies or embeeded apps installable without end user interaction? In other words, could a carrier or a phone manufacturer push a security patch without user interaction? If this mechanisms exists, is it a part of Android or something specific to phone manufacturers? At which part of Android source should I look to get more informations on OTA mechanisms? Regards -- You received this message because you are subscribed to the Google Groups "Android Security Discussions" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/android-security-discuss?hl=en.
