top | item 34399112

(no title)

jwatt | 3 years ago

I would like something like this but one thing that makes Android-based music players like this unappealing is the versions of Android they start with. When this is releases in February, Android 13 will have been out for six months. Android devices don't get security updates for long enough as it is, so starting out the gate with a non-current version of Android isn't great.

discuss

Tams80|3 years ago

It's a DAP. I mean, sure, you could be doing smart device things on it, but really it only runs Android to get easy access to streaming services and media apps.

So it doesn't really matter, as the vast majority of owners aren't going to be doing anything that will get it compromised. Many might never connect it to the Internet again after setup.

jwatt|3 years ago

I agree the number of attack vectors is significantly reduced in comparison to the same version of Android on a smartphone (particularly if the user is making little or no use of the music player's already limited app store). But there are still many, many CVEs for Bluetooth, for example. Taking the Bluetooth example, I would be happier connecting to a hire car's audio system with a version of Android that is getting patched than a version that is not, and may have known vulnerabilities. I don't want my DAP to potentially be a vector for transferring malware around.