bit-tech.net

Google patches Android security hole

Google patches Android security hole

The G1 handset might have only been available for just over a week, but this weekend saw its first security patch.

Although the first commercial product based around Google's Android mobile platform – the HTC Dream, sold as the T-Mobile G1 – has only been around for just over a week, it has already enjoyed a security patch to keep its users safe from harm.

According to CNet, the patch is for an issue with the on-board web browser which first came to light on the 20th of October. Embarrassingly for Google, this particular security hole was common knowledge quite some time ago – the flaw has already been fixed in the code for the open-source packages on which Android is based. The reason Android was vulnerable is because – for whatever reason – Google decided to ship out-of-date code with their flagship mobile handset.

This has, of course, one singular advantage for the company: because the flaw has already been fixed, the work to repair the damage is done; all Google has to do is test the fix with their own implementation and roll it out. This goes some way to explaining the impressive speed with which the company has addressed the issue.

The bug also gives both T-Mobile and Google a chance to see their update process in action: by querying a Google server containing up-to-date product information, a handset is able to alert its owner that a software update is available. When the user chooses to install the package, the update is downloaded over the air – a process which, according to CNet's G1-owning Steven Shankland takes “a few minutes” – and then installs it to the device's flash memory.

While it saddens me to see the device require a security patch so early in its life, I am thrilled with the ease at which said patch can be applied. With a normal mobile device, the user would have to connect the unit to a computer and run specialist software to even see if an update is required – assuming they knew the hows and whys of such a thing. By making the process streamlined – and by nagging the user until it is completed – Google has ensured that all Android users will always be running the latest build of their software – something which will make the commercial reality of customer support less of a burden.

Have any of our readers managed to get their hands on the in-demand Googlephone and noticed the update, or are you all waiting for at least revision 2.0 before plonking down your hard-earned? Share your thoughts over in the forums.

9 Comments

Discuss in the forums Reply
liratheal 3rd November 2008, 13:17 Quote
While it was a bit of a cockup to release out of date code, at least they've done something about it rather than sitting on their thumbs.

I'll be giving Android a try when my iPhone contract is up, unless Apple somehow make the damned thing more than an expensive toy.
ChaosDefinesOrder 3rd November 2008, 14:00 Quote
I just pre-ordered myself a Touch HD so will probably slap an Android ROM on that when it (inevitably) starts floating around...

Am very surprised with the direction HTC decided to go with the design of the G1, seems like such a cheap and clunky form compared to their other models, especially recently!
TreeDude 3rd November 2008, 14:10 Quote
Over the air updates is nothing new. I have a 3 year old Samsung A920 which allows for over the air updates. Most phones have it now. The nagging however is something most phones don't do.
n3mo 3rd November 2008, 15:51 Quote
Well, almost all advanced Nokia phones (Eseries, Nseries) can update OTA. But nagging to do it, especially when mobile Internet connection can bez extremely expensive is something to think about before buying.
Dreaming 3rd November 2008, 19:25 Quote
Windows Mobile - you have to browse the worst forum in the world - find the latest version thats been hacked together and modded by some really talented guy, then install loads of random tools from different parts of the forum and install them in a certain order.

If you're a software dev it's easy, if you're an average guy like me then it's so confusing, I would LOVE for microsoft to send me a message saying there is an update and have it update itself on the fly. Did I mention updating windows mobile requires you lose all data / settings / everything?
TreeDude 3rd November 2008, 19:58 Quote
Quote:
Originally Posted by n3mo
Well, almost all advanced Nokia phones (Eseries, Nseries) can update OTA. But nagging to do it, especially when mobile Internet connection can bez extremely expensive is something to think about before buying.

In the US at least, almost all carriers require you to get an unlimited data plan in order to buy any type of smart phone. So that is usually not an issue.
cyrilthefish 3rd November 2008, 20:50 Quote
Quote:
Originally Posted by ChaosDefinesOrder
Am very surprised with the direction HTC decided to go with the design of the G1, seems like such a cheap and clunky form compared to their other models, especially recently!
Same here.

I usually go crazy wanting new HTC phones, but this one just seems a bit off. Not terrible, but definitely not brilliant either.

Hopefully the next model Android phone will be better so i can go get one! I really want to get away from windows mobile
Nexxo 3rd November 2008, 22:31 Quote
Quote:
Originally Posted by liratheal
I'll be giving Android a try when my iPhone contract is up, unless Apple somehow make the damned thing more than an expensive toy.

And what makes you think that the Android is any different?
Spaceraver 5th November 2008, 02:31 Quote
I'm just waiting for the rom to surface on xda. Then i'll try it on my diamond. That will be a first time flashing it anyhow. If it doesn't work the way I want it to, I will most likely flash it with something else.
Log in

You are not logged in, please login with your forum account below. If you don't already have an account please register to start contributing.



Discuss in the forums