On Sat, Jul 28, 2012 at 8:02 PM, Jeffrey Walton <[email protected]> wrote: > This has been a problem in mobile dating back to the early 2000's. A > lack of software liability laws in the US - coupled with obscene terms > of service, means US consumers *really* need help here. I expect > consumers in other parts of the world could use the help, too. Perhaps > Google/Android could develop a strategy to ensure timely updates? > > For completeness, its not just an Android problem. It took Apple weeks > to remove toxic Diginotar certifcates from their system (meanwhile, > folks in Iran were being MitM'd, and some were likely tortured and > killed). Google is in the envious position of being able to make a > difference.
http://www.darkreading.com/security-services/167801101/security/security-management/240007491/services-can-help-identify-mobile-risks.html ... Patching on mobile devices, especially phones, is perhaps the biggest problem facing mobile security today. A security fix for Android, for example, has to be integrated into a firmware update by the device manufacturer and checked out by the carrier to make sure it does not cause any network problems. The two extra steps can add months to an update. In many cases, providers fail to update even serious security flaws. No wonder, then, that more than half of all Android devices have at least one major privilege escalation vulnerability, says Jon Oberheide, chief technology officer for mobile security firm Duo Security. Over the last seven weeks, the company has run a service, known as X-Ray, that can be installed on Android devices and will tell users if any software is vulnerable. The application has been installed on more than 26,000 devices encompassing some 1,146 different models and found that 59.8 percent of devices are vulnerable.... -- You received this message because you are subscribed to the Google Groups "Android Security Discussions" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/android-security-discuss?hl=en.
