[IvanIV]

Quote:

Originally Posted by rosetech

You keep on posting this, but it has already been explained on this thread why Google cant do anything on this version.

The codefix already exists, the means to distribute it to the phones doesnt. Google needs the phone manufacturer to send it.

That's not true. They can fix it let's say for Jelly Bean. They can share their binaries, they can share their source code. It's then up to manufacturers to include the changes into their versions if they changed anything at all. Google should be able to push any priority fixes bypassing networks okaying them first. It's not impossible, they just give up before they even try. It's very convenient for them.

[slattery69]

Quote:

Originally Posted by IvanIV

That's not true. They can fix it let's say for Jelly Bean. They can share their binaries, they can share their source code. It's then up to manufacturers to include the changes into their versions if they changed anything at all. Google should be able to push any priority fixes bypassing networks okaying them first. It's not impossible, they just give up before they even try. It's very convenient for them.

its not the networks they have to bypass it the makers of the handsets and there custom software. Google technically have fixed the problem. the problem was in android 4.3 they fixed it in 4.4
if samsung h&c etc have chosen not to upgrade certain phones softwares theres not much google can do.
google can't push a sense update or a touch wiz update. only thing they can do it is via play services and if they can't implement the fix that way its going to be hard for them

[rosetech]

Quote:

Originally Posted by IvanIV

That's not true. They can fix it let's say for Jelly Bean. They can share their binaries, they can share their source code. It's then up to manufacturers to include the changes into their versions if they changed anything at all. Google should be able to push any priority fixes bypassing networks okaying them first. It's not impossible, they just give up before they even try. It's very convenient for them.

The code is shared (AOSP). Google can't bypass the manufacturers. On later versions of Android they have split out these components to circumvent this problem but for this particular version there is nothing more they can do.

[IvanIV]

Quote:

Originally Posted by slattery69

its not the networks they have to bypass it the makers of the handsets and there custom software. Google technically have fixed the problem. the problem was in android 4.3 they fixed it in 4.4
if samsung h&c etc have chosen not to upgrade certain phones softwares theres not much google can do.
google can't push a sense update or a touch wiz update. only thing they can do it is via play services and if they can't implement the fix that way its going to be hard for them

Sometimes it's not possible for manufacturers to upgrade to the next version. Google can fix it in 4.3, provide the patched source code, and manufacturers can integrate it in their modified versions. Looks like fixes are all in one more or less standalone component, so it should not be that difficult. And if Google does not fix their own bugs, nobody else will.

[IvanIV]

Quote:

Originally Posted by rosetech

The code is shared (AOSP). Google can't bypass the manufacturers. On later versions of Android they have split out these components to circumvent this problem but for this particular version there is nothing more they can do.

I meant priority delivery, not bypassing manufacturers. And if they can push the fix of 4.4 to the manufacturers, surely they can do the same for 4.3.

[kidspud]

Are we seriously saying that if Google find a critical security flaw in the OS, they are reliant on the manufacturers to push it out? If that is the case I would question all the claims made on here from time to time stating fragmentation is not a problem.

[IvanIV]

This would mean the only way for Google to fix bugs is to release a new OS version and wait till it gets used. Which is absurd and pretty fvcked up by any standards. It's also not true. There are also handsets with an original Google build on them that can get fixed any version any time.

[rosetech]

Quote:

Originally Posted by IvanIV

I meant priority delivery, not bypassing manufacturers. And if they can push the fix of 4.4 to the manufacturers, surely they can do the same for 4.3.

Er just explained the webview component is not split out in earlier versions, so no they can't just push out an update bypassing the manufacturers.

What the heck is priority delivery?

[rosetech]

Quote:

Originally Posted by kidspud

Are we seriously saying that if Google find a critical security flaw in the OS, they are reliant on the manufacturers to push it out? If that is the case I would question all the claims made on here from time to time stating fragmentation is not a problem.

Prior to 4.4 Google had very little ability to do anything directly to your phone. Google it seems also got fed up with manufacturers not updating when they easily could. They have now changed this so you will see for example Google services run as an app which can be updated without reference to manufacturers.

This is not fragmentation by the way.

[kidspud]

Quote:

Originally Posted by rosetech

Prior to 4.4 Google had very little ability to do anything directly to your phone. Google it seems also got fed up with manufacturers not updating when they easily could. They have now changed this so you will see for example Google services run as an app which can be updated without reference to manufacturers.

This is not fragmentation by the way.

If they are reliant on manufacturers then it very much is fragmentation.

However, thanks for answering my question.

[IvanIV]

Quote:

Originally Posted by rosetech

Er just explained the webview component is not split out in earlier versions, so no they can't just push out an update bypassing the manufacturers.

What the heck is priority delivery?

I said to the manufacturers, not around them. They did not pick 4.3 on a tree, they got it from Google in some form. So they can get it from Google again. It's more complicated than with Apple or Microsoft, but it's not a rocket science. Manufacturers need to patch their source code. Google can make the changes that manufacturers can merge into their code, because Google knows what and where. Google won't make the changes. I think for 60% of Android users they should. Priority delivery is when a critical bug is fixed and let's say MS pushes out an update without networks being able to make obstructions. Maybe Google doesn't have it.

[Chrysalis]

Quote:

Originally Posted by Everything Goes

Google could of course roll out KitKat 4.4 or even Lollipop to older devices but that will never happen.

google dont control the rollouts.

the network providers and manufacturers do, and they prefer to sell new phones than support old ones.

[rosetech]

Quote:

Originally Posted by IvanIV

I said to the manufacturers, not around them.

Ok

Quote:

Originally Posted by IvanIV

They did not pick 4.3 on a tree, they got it from Google in some form. So they can get it from Google again.

By "they" I assume you mean manufacturers so yes they got it from Google. Which is exactly what has been said earlier in the thread. The manufacturers have access, they just choose in certain circumstances not to provide an update.

Quote:

Originally Posted by IvanIV

It's more complicated than with Apple or Microsoft, but it's not a rocket science. Manufacturers need to patch their source code.

Is it more complicated? - El Goog, have a source tree for Nexus devices. The manufacturers take this source code and add the changes necessary for their specific devices e.g. S5 and HTC One.

Quote:

Originally Posted by IvanIV

Google can make the changes that manufacturers can merge into their code, because Google knows what and where. Google won't make the changes.

Asked and answered - Google already provided a fix. The issue is getting that fix to the devices which dont receive updates anymore. How is that going to happen if your manufacturer (who builds the specific code/firmware for your phone) does not support your phone anymore?

Quote:

Originally Posted by IvanIV

I think for 60% of Android users they should. Priority delivery is when a critical bug is fixed and let's say MS pushes out an update without networks being able to make obstructions. Maybe Google doesn't have it.

We are talking about mobiles not desktops. Yes MS can push security updates to desktops. However for the Android OS the process steps are

1. Google - source code/stock android
2. OEM - build device specific
3. Carrier - test for network
4. User. - receive shiny o/s

(I would assume part of the reason Google wanted Cyangenmod is to move into step 2. so phones can be supported outside manufacturers whims and provide the updates required).

[IvanIV]

Quote:

Originally Posted by rosetech

Ok
Is it more complicated? - El Goog, have a source tree for Nexus devices. The manufacturers take this source code and add the changes necessary for their specific devices e.g. S5 and HTC One.

More complicated as in the additional merging has to be done. In case of MS they provide the changes/fixes in the OS. AFAIK manufacturer(s) do not modify existing modules, they extend it in a defined way. And Apple is doing it for themselves only. Looks simpler to me.

Quote:

Asked and answered - Google already provided a fix. The issue is getting that fix to the devices which dont receive updates anymore. How is that going to happen if your manufacturer (who builds the specific code/firmware for your phone) does not support your phone anymore?

From what I read Google refuses to fix anything older than 4.4. It's also in that article that I posted.

Quote:

We are talking about mobiles not desktops. Yes MS can push security updates to desktops. However for the Android OS the process steps are

1. Google - source code/stock android
2. OEM - build device specific
3. Carrier - test for network
4. User. - receive shiny o/s

I did not say anything else. If it were for a few users clinging to their ancient handsets, it would be okay, this is more than half of users. Google could show at least a token interest. If Google thinks it's too complicated they should go and sell cows instead. Support ends with purchase there.

[rosetech]

Quote:

Originally Posted by IvanIV

More complicated as in the additional merging has to be done. In case of MS they provide the changes/fixes in the OS. AFAIK manufacturer(s) do not modify existing modules, they extend it in a defined way. And Apple is doing it for themselves only. Looks simpler to me.

No idea what you are talking about

Quote:

Originally Posted by IvanIV

From what I read Google refuses to fix anything older than 4.4. It's also in that article that I posted.

Again - asked and answered. The fix exists it just has no means to be distributed.

Quote:

Originally Posted by IvanIV

I did not say anything else. If it were for a few users clinging to their ancient handsets, it would be okay, this is more than half of users. Google could show at least a token interest. If Google thinks it's too complicated they should go and sell cows instead. Support ends with purchase there.

Not sure what your fixation is on Google, this is a manufacturer issue. Google have plenty of bad points but this situation isnt one of them. Given they have actually responded to this (and changed to the operating system architecture to bypass both manfacturers and carriers) seems reasonable to me.

[IvanIV]

This is my fixation with Google, it's from the linked article. Point me to your source that says it's as you say and I find myself a new fixation.

Google has stopped patching a core component of Android in versions older than v. 4.4, aka "KitKat," a security researcher said today, as he urged the company to reconsider the policy that could leave more than 60% of all Android users vulnerable to future attacks.

On Monday, Tod Beardsley, the engineering manager at security vendor Rapid7, claimed that Google's security team said they would not craft fixes for flaws in WebView for Android 4.3 and older. Android 4.3, the predecessor to KitKat, is better known as "Jelly Bean."

[rosetech]

Quote:

Originally Posted by IvanIV

This is my fixation with Google, it's from the linked article. Point me to your source that says it's as you say and I find myself a new fixation.

Google has stopped patching a core component of Android in versions older than v. 4.4, aka "KitKat," a security researcher said today, as he urged the company to reconsider the policy that could leave more than 60% of all Android users vulnerable to future attacks.

On Monday, Tod Beardsley, the engineering manager at security vendor Rapid7, claimed that Google's security team said they would not craft fixes for flaws in WebView for Android 4.3 and older. Android 4.3, the predecessor to KitKat, is better known as "Jelly Bean."

And this was the response from direct from a Google engineer.

Quote:

Keeping software up to date is one of the greatest challenges in security. Google invests heavily in making sure Android and Chrome are as safe as possible and doing so requires that they be updated very frequently. With Google’s assistance, Android device manufacturers (OEMs) have been moving rapidly to improve the rate that devices are updated and to ship devices with the most recent versions of Android. We provide patches for the current branch of Android in the Android Open Source Project (AOSP)[https://source.android.com/] and directly provide Android partners with patches for at least the last two major versions of the operating system.

Improving WebView and browser security is one of the areas where we’ve made the greatest progress. Android 4.4 (KitKat) allows OEMs to quickly deliver binary updates of WebView provided by Google, and in Android 5.0 (Lollipop), Google delivers these updates directly via Google Play, so OEMs won’t need to do anything.

Also for the 60% figure - this only affects users with Webview applications.

[IvanIV]

Quote:

Originally Posted by rosetech

And this was the response from direct from a Google engineer.



Also for the 60% figure - this only affects users with Webview applications.

So no fix for 4.3 then. I'd say any app that displays ads uses Webview, unless it has its own html renderer.

[rosetech]

Quote:

Originally Posted by IvanIV

So no fix for 4.3 then. I'd say any app that displays ads uses Webview, unless it has its own html renderer.

4.4 is the fix you are looking for - before you say you cannot upgrade that is the responsibility of the manufacturer

[Inspiration]

Don't say you weren't warned.

http://googlesystem.blogspot.co.uk/2...mentation.html

[IvanIV]

Quote:

Originally Posted by rosetech

4.4 is the fix you are looking for - before you say you cannot upgrade that is the responsibility of the manufacturer

Very convenient. Sometimes you cannot upgrade, it might not be acceptable to invest so much resources into an oldish handset, it needs new drivers, testing everything again, etc. Fixing a bug means recompiling the code with incremented version, done. Google won't fix 4.3, because very likely 4.3 is a big monolithic mess and they cannot just swap one "black box" for another. So it's their fault for being messy software designers. Manufacturers don't have much choice, it's Google's way or nothing.

[IvanIV]

Quote:

Originally Posted by Inspiration

Don't say you weren't warned.

http://googlesystem.blogspot.co.uk/2...mentation.html

It's getting better as we can see with this Webview affair. It has to be modular and they should not let manufacturers stick their noses everywhere (why would they need to modify HTML renderer? Write your own if you have to) Then they can swap parts of the OS via Google Play. MS is doing that from the beginning. Only the big ones require a regular upgrade.

[rosetech]

Quote:

Originally Posted by Inspiration

Don't say you weren't warned.

http://googlesystem.blogspot.co.uk/2...mentation.html

hey 2010 want their quote back

[rosetech]

Quote:

Originally Posted by IvanIV

Very convenient. Sometimes you cannot upgrade, it might not be acceptable to invest so much resources into an oldish handset, it needs new drivers, testing everything again, etc.

What?

Quote:

Originally Posted by IvanIV

Fixing a bug means recompiling the code with incremented version, done.

Yes

Quote:

Originally Posted by IvanIV

Google won't fix 4.3, because very likely 4.3 is a big monolithic mess and they cannot just swap one "black box" for another. So it's their fault for being messy software designers.

You keep saying wont fix the code, but there is a code fix. Have a look at AOSP and tells us whether it is actually a mess or not

Quote:

Originally Posted by IvanIV

Manufacturers don't have much choice, it's Google's way or nothing.

AOSP, Cyanogen, KOSP

[IvanIV]

Quote:

Originally Posted by rosetech

What?


Yes


You keep saying wont fix the code, but there is a code fix. Have a look at AOSP and tells us whether it is actually a mess or not


AOSP, Cyanogen, KOSP

An honest question. Do you know how software development works? It's a different kind of effort and resources to prepare an upgrade for a device than just fix a bug. For older devices it may not be financially acceptable for a manufacturer to do. You have to check everything even if just to find out everything is okay. If you fix a bug, you have to fix it in all (supported) versions. It can be very different in each version as it is now for 4.3. They clearly do not have a mechanism to deliver it as easily as they have in 4.4. Saying get a new version does not work for all. Google as a software provider has a certain responsibility. If there is more than half of users hit by a certain problem, any reasonable software house will bring out a fix. Google does not have an easy way to deliver the fix, which is their fault, too, by the way, but they should not abandon their users.