I know that but it's been mostly patched (quickly), so it's unlikely a user would be affected,

As other posters have said the full patch may be in the expected 4.3 update. Or an incremental upgrade to 4.2.

We have had kidspuds balanced 'marketing' since day 1.
The flow is 'Flaws in Android are for honesty whilst flaws in IOS are for haters and should be ignored.'

BTW Tampered Flash Android downloads are still possible so checksums are worth checking/matching.
Blame Adobe and those who leant on Adobe for removing it.

Which is a much quicker update than any similar security flaw if happened on any other platform. The Play Store is a forced update, unlike having to update iOS as an example.

This is where googles separation of its OS into apps delivered from the App store is really to its benefit, which kind of makes the android fragmentation irrelevant at times like these.

Hang on though - an update to the Play Store doesn't solve the underlying problem at all.

Yeh, that Andoid is the only system that comes c/w a Jailbreak for user choice, risk and control!
Fact is that Microsoft is also removing user choice in the marketing pretence of privacy. Apple did exactly the same.

I'd almost suggest the Microsoft supported semi media driven privacy campaign is almost a trojan horse for removing freedom and thus choice.

Almost bizarre considering that Android is the only open platform

BiB: Into the realms of fantasy and conspiracy theory now.

Not for Android, no.

As in knowing the methods of how things usually work.

No need for one.

With the Intel monopoly broken and ever further shrinking of die cost computers are much a commodity.

The only way to maintain such massive income is to further own the platform and users. And they simply do not have the luxury of any 'premium perception' to sell.

Seems a strange approach considering the use of the play store is not compulsory.

So the apps can be forced to update? How do I tell that has happened?

And given I have waited months already for 4.2 and will probably wait several more months, I don't have much confidence that HTC will respond in a timely fashion.

I would hardly call that a fiasco. It was only a problem if you accepted the default Apple password. Who in their right mind wouldn't set their own ?

Uhm....me...

My focus is WPF, I don't have to know details about everything.

I can be that lazy too sometimes. IOS should not propose something that compromises user 's security. Google should not use their "special" way of validating signatures. Both are security holes, both should be closed.

I said, who in their right mind

I do agree it was a breach of security, but somewhat easier to fix than the Android one (i.e. set your own password).

I don't see it as lazy. It's actually easier to set your own password because then you have one you can probably remember later e.g. mine would be the same as my home wifi.
In fact if I took Apple's suggestion I would then have work to do to record it in my password database.

Yes, and it would be enough for Apple to not offer a default password and maybe check how strong the entered password is, done. Google needs to fix the validation AND check where else they used it and basically revise all their cryptography code. But I think these things need attention so they are dealt with and not swept under a rug. Getting defensive because somebody 'attacks' one's OS helps nobody.

That's HTC's fault. Nobody elses. They've always been behind in terms of updates. You'd think they'd update quicker now to retain customers and turn around their fortunes.

But as I said, this isn't Google or anybody's fault other than HTC's.

I noticed how a startup suddenly published and made a big deal out of the vulnerability. I think they cashed in on it. Why not keep it quiet? It's not like Google refused to fix it.

Fundamentals of logic mean engineers can simply deduce the workings of it, but always with a chance inaccuracy in the method used.

It usually stops us talking complete nonsense.

But it is an inevitable result of letting manufacturers (and carriers) tinker with the supplied OS, just goes with the Android territory I'm afraid.

It goes with HTC territory but NOT all Android.

Hitting, I think 98% usage in some countries, you can't really fault the methodology

Considering the opposition is turning away from being 'the latest and greatest', maybe fewer are bothered about these supposed upgrade updates.

And I totally unshocked to hear that the battery life on that 'Stock S4' is not better than an S4 with a Samsung GUI. (stock is slightly worse but that might be just due to slight battery variance)