
Stagefrightened? - 2510c39011c5
http://googleprojectzero.blogspot.com/2015/09/stagefrightened.html?repost=1
======
DHowett
While this is certainly fascinating, it seems terribly irresponsible given the
sheer number of unpatched devices out in the wild.

~~~
btian
Unfortunately, majority of Android devices will never get patched because
Google doesn't exert control over the OS.

Imagine if security patch for a normal PC needs to be written by Microsoft,
approved by Dell / HP (OEMs) and Bestbuy / Fry's Electronics (carriers).

Personally I'd recommend Nexus phones for people who like Android, and avoid
anything else.

~~~
superuser2
Indeed. I wonder if widespread exploitation of this issue will finally
disillusion the community with the supposed wonders of an open ecosystem. An
single entity that can unilaterally release (or better yet, push) a fix to all
users is starting to look really good right around now compared to the
"democratized" approach where every company with a finger in the pie has the
autonomy to sit on its ass.

~~~
wtbob
> I wonder if widespread exploitation of this issue will finally disillusion
> the community with the supposed wonders of an open ecosystem.

The problem is not that we have an open ecosystem; it's that we have multiple
closed ecosystems with controlling entities of varying competence.

> An single entity that can unilaterally release (or better yet, push) a fix
> to all users is starting to look really good

A single entity which can unilaterally push a fix to my phone is a single
entity which can be ordered by a court to push malware to my phone.

> compared to the "democratized" approach where every company with a finger in
> the pie has the autonomy to sit on its ass.

It's not currently democratized; it is, if anything, feudal.

What we need is for phones to me simply computers, with users free to update
and upgrade them as desired.

