Friday, November 5, 2010

Android Webkit Attack

I kept looking at the way Android is released and thinking that if for some reason they needed to upgrade everyone quickly, there might be an issue. Well it looks like the issue is coming. A researcher (sounds better than hacker) has discovered several holes in the Webkit that Android uses, this is the same Webkit that several other mobile and non-mobile browsers use (including the iPhone and BlackBerry), the researcher has discovered an issue that has been fixed in Android 2.2 (the latest and greatest version of Android), but it hasn't been fixed in previous versions.

The solution to this is obvious, upgrade everyone to Android OS 2.2... Well it's not that easy, see the Android OS is modified by each manufacturer and service provider for their specific phones and functionality, meaning that when Google updates Android, it's up to Motorola to update all their phones across all their carriers, this isn't always that easy technically and for business it could be that while Verizon allows upgrades for their new Droid models, they might not want to update the OS for older models (why would Verizon want to give people new functionality that wouldn't require the user to buy a new phone or extend their contract?).

When going to the AT&T website right now, I see the Motorola BackFlip is the phone listed on their website as the one to get. It's running Android 1.5 (though they don't specify that in the phone's specs), they claim to be updating it in November to 2.1, but I don't see how it's acceptable to sell an out of date OS and then to upgrade it to another out of date OS. This isn't technically Android's issue, but it's a sign of what's happening on the platform.

Again this is the one good thing about the strangle hold Apple has put on their technology, they know what's out there, Apple supports the phone and Apple releases the updates. It is up to the user though to manually update their phone (I wish Apple would push this to the phone like Android does).

Android's problem is even bigger with the release of Google TV, my Google TV (A Sony Blue-Ray player) is running Android 2.1, which means that my Blue-Ray player and everything that goes through the browser on it, is susceptible to attack. While I'm bringing it up, if you're going to get Google TV because you think it's fantastic, uh don't, it's not that great, well at least for me.

No comments: