Isn't it a security risk to support users on vulnerable versions of Android? If users need the protection of Tor or other tools, then supporting users on a vulnerable OS could do more harm than good by giving people a false sense of security. For example, isn't there a RCE for pre-4.4 WebView that could be exploited by malicious exit nodes when visiting HTTP sites?
On Mon, Aug 1, 2016 at 11:47 AM, Hans-Christoph Steiner < [email protected]> wrote: > > > Michael Rogers: > > On 01/08/16 16:50, Nathan of Guardian wrote: > >> Three years ago in Thailand, I bought a $50USD 6 inch wifi only tablet > >> device running 4.0 ICS. I also bought a $100USD smartphone running > >> 2.3.6, which seemed to be the last of its kind. > >> > >> We do still see support requests for Orbot users still running 2.3.x > >> from time to time, and are working at adding support back in to SDK 10 > >> and pre-PIE devices. Supporting SDK 8/9/10 is more of a gesture towards > >> leaving no user behind, than a practical necessity. > >> > >> Another way to look at it is, if you have limited resources and need to > >> balance building a storage, network and battery efficient app, versus > >> supporting old APIs/OSes, I would say that the former is a better use of > >> time and skills. > > > > I'll take that advice, thanks Nathan! > > > > Cheers, > > Michael > > To second what Nathan said, for Briar, I'd recommend setting at least > android-16 as the minimum. Its a fair amount more effort to support the > older versions. > > .hc > > -- > PGP fingerprint: EE66 20C7 136B 0D2C 456C 0A4D E9E2 8DEA 00AA 5556 > https://pgp.mit.edu/pks/lookup?op=vindex&search=0xE9E28DEA00AA5556 > _______________________________________________ > List info: https://lists.mayfirst.org/mailman/listinfo/guardian-dev > To unsubscribe, email: [email protected] >
_______________________________________________ List info: https://lists.mayfirst.org/mailman/listinfo/guardian-dev To unsubscribe, email: [email protected]
