Void captures over a million Android TV boxes

[F7F7F7]

Fragmentation used to be touted as a feature of Android, not a … well, you know.

“Freedom”, I believe they called it.

Also, hardware standardization in the PC world is pretty much a thing. Not so much in the mobile (and mobile offshoot) world.

[donkeybeer]

Fragmentation is not the problem. The problem is inability to change os or firmware. If control of upgrading or changing os wasn't solely with the maker there wouldn't have been an issue in the first place. I bet for example many of these bugs might be due to the much older linux kernels in use in phones. Again something easily solved by making the os easily changeable and not presenting cryptographic etc roadblocks to reverse engineering, if they don't even want to open source the firmwares at least. At the end of the day these are software bugs not hardware bugs, so the solution as with any software is to be able to push fixes. It does not matter if there are a million different Android phone platforms, a fix to some bug in the Linux kernel for example should work the same on all of them. More importantly, as a piece of pure software this should be something anyone working on Linux or Android should be able to fix as happens in the more sane world of laptop, server etc hardware. If we weren't locked to the manufacturer for all operating system and software support this won't be a problem in the first place. Imagine how ridiculous it'd be if we had a Dell XPS 13 OS, a Lenovo Thinkpad T14 OS etc that went out of support the moment the model is discontinued instead of the sane and normal situation where your Debian or whatever os continues receiving software updates as long as Debian wants to support it.

[lupire]

You're making a bold assumption that an alternate, extremely uneconomical, OS would be more secure. This is far from obvious.

Now, if the phone's original OS were open source, it would be easier to make bugfix patches when old vulns are discovered.

[donkeybeer]

By "alternate" I don't necessarily mean some obscure os, but any os in general , in fact I rather specifically had in mind Android or Linux. By alternate here I meant the fact of being able to install any you want instead of being stuck with whatever ancient Android version and Linux kernel the original came with. Ie if your phone came with an ancient Android, you should be able to without OEM support install a newer Android or a recent Linux or anything else you'd like.

[donkeybeer]

And honestly I doubt 99.9% of these attacks are anything hardware specific but rather generic software bugs like buffer overflows in the kernel, so hardware is in any case a moot point.