The fact is that Google has fixed the bug. The fix is in Android 4.4. From Google's perspective, the onus is on manufacturers to then ship Android 4.4 to the end users.
In retrospect it was a poor assumption on Google's part to think that these manufacturers were actually going to support their customers. That is why they have spend the last 2+ years re-architecting the system to shove a bunch of functionality into things that Google can update or libraries that developers can incorporate into their apps. I imagine when they started out, they did not intend to have a huge amount of the system in a support library that is packaged inside every single app. I bet they also didn't intend to have the bulk of new features be in the Google Play Services package. Yet here we are, largely because the manufacturers are much like PC makers in that they put their own interests far ahead of the ecosystem interests.
The problem is that even GOOGLE does not support their customers on the Nexus line. I have, in my drawer, an otherwise perfectly good Galaxy Nexus that is stuck running 4.3 because Google cannot be bothered to update it to 4.4. If Google will not update its own Nexus hardware to 4.4, how can anybody reasonably blame other hardware vendors for behaving the same way?
My immediate question is whether requiring an upgrade to 4.4 is substantially more difficult for the manufacturers and carriers to make it work with the affected hardware. That seems like a much messier job than just patching WebKit.
Given that the bug in Android 4.3 was fixed in Android 4.4, which AFAIK is available to all manufacturers, how much blame should accrue to the manufacturers for being chronically months or years late in pushing out version updates?
I don't think they're late, I think they choose to stop sending updates to devices. The obvious reason is they want people to buy new devices (i.e. renew 2 year contracts).
I am not sure whether Google should develop a fix or not for these devices.
Version 4.4 does not have this issue, so the obvious solution would be to update the system.
In the real world, android updates are not .. ubiquitous though, not to mention that after some time, all OEMs stop updating their terminals (that also includes security patches though ...).
Google has solved webview/browser bugs in 5.0 by having auto-updates during the activation and a chromium based webview which is update through the webstore but there are surely bugs that can't be solved that way or through Play Services.
The absence of 'forced' upgrades was probably a very good idea in order to popularize Android among OEMs but it seems to me that Google should start thinking about a way to make Android easy to update.
In that context, I would not be against reduced customization possibilities. Especially since the need for OEMs to differentiate themselves often lead to UIs with very discutable choices compared to stock Android (cough Samsung cough).
Most skins brought large improvements over stock in the 1.x 2.x era, nowadays it is far more debatable.
The problem is Google are abusing their position once the customization capability is removed.
For example, they were done for using Google Street View cars to slurp WiFi information, so now they just use Android devices to do it for them. Manufacturers have to have this enabled by default if they want Gmail and the Play Store on the device. (EDIT: and even worse, if you agree to that for one device you have to agree to not release any Android devices which do not have those things, thus removing the ability for the market to decide).
When people, rightly, complain about the Facebook app having permission to do way more than it should they seem to be oblivious to the fact Google are doing things which are far worse.
That is likely to be the actual importance of Ara: Not configurable hardware, because hardly anyone re-configures their hardware, but rather software that can be configured to a much wider range of hardware.
Sheez. So when the broken code in question is over 2 years old, and is hard to fix, then Google just washed their hands of it? Google is a big company with substantial resources. How about they support their customers beyond the "new and shiny period" like many, many other companies do?
That's no so much a response as a wall-of-text that attempts to deflect any responsibility from Google at all. Given that they are so keen on pointing out the weaknesses of others in exactly this area they really need to make sure their own shit is together much better.
Is it that PR people are pushing this story, or that the clickbait potential of the headline is irresistible?
The fact is that Android 4.0+ can use Chrome, which doesn't have this bug. That's 85%+ of the installed base. This is an uncontroversial as any of the other bugs recently closed as NTBF.
I suspect that your average Android user has no idea about the browser on their phone. These are the users who are most at risk.
Also, correct me if I am wrong, but app-based webviews (or app actions that spawn a browser instance) would defer to the default browser, ignoring any installed 3rd party browser. So i believe that the "install chrome" solution does not actually resolve the problem.
[+] [-] krschultz|11 years ago|reply
In retrospect it was a poor assumption on Google's part to think that these manufacturers were actually going to support their customers. That is why they have spend the last 2+ years re-architecting the system to shove a bunch of functionality into things that Google can update or libraries that developers can incorporate into their apps. I imagine when they started out, they did not intend to have a huge amount of the system in a support library that is packaged inside every single app. I bet they also didn't intend to have the bulk of new features be in the Google Play Services package. Yet here we are, largely because the manufacturers are much like PC makers in that they put their own interests far ahead of the ecosystem interests.
[+] [-] drewg123|11 years ago|reply
[+] [-] ryanhuff|11 years ago|reply
[+] [-] ldng|11 years ago|reply
What I mean here is that Google's move here is far from being only a support matter.
[+] [-] PhasmaFelis|11 years ago|reply
I can see arguments both ways.
[+] [-] nhayden|11 years ago|reply
[+] [-] on_and_off|11 years ago|reply
Google has solved webview/browser bugs in 5.0 by having auto-updates during the activation and a chromium based webview which is update through the webstore but there are surely bugs that can't be solved that way or through Play Services.
The absence of 'forced' upgrades was probably a very good idea in order to popularize Android among OEMs but it seems to me that Google should start thinking about a way to make Android easy to update.
In that context, I would not be against reduced customization possibilities. Especially since the need for OEMs to differentiate themselves often lead to UIs with very discutable choices compared to stock Android (cough Samsung cough). Most skins brought large improvements over stock in the 1.x 2.x era, nowadays it is far more debatable.
[+] [-] fidotron|11 years ago|reply
For example, they were done for using Google Street View cars to slurp WiFi information, so now they just use Android devices to do it for them. Manufacturers have to have this enabled by default if they want Gmail and the Play Store on the device. (EDIT: and even worse, if you agree to that for one device you have to agree to not release any Android devices which do not have those things, thus removing the ability for the market to decide).
When people, rightly, complain about the Facebook app having permission to do way more than it should they seem to be oblivious to the fact Google are doing things which are far worse.
[+] [-] Zigurd|11 years ago|reply
[+] [-] zues|11 years ago|reply
[+] [-] ryanhuff|11 years ago|reply
[+] [-] fidotron|11 years ago|reply
[+] [-] Yver|11 years ago|reply
> A day after Google publicized a flaw in Windows 8.1 before Microsoft could do anything about it, [...]
I stopped reading after this, for obvious reasons.
[+] [-] nhayden|11 years ago|reply
[+] [-] chisleu|11 years ago|reply
Biased article from line 1.
I want to like Microsoft. I really do. This kind of "journalism" isn't doing them any favors in that regard.
[+] [-] Zigurd|11 years ago|reply
The fact is that Android 4.0+ can use Chrome, which doesn't have this bug. That's 85%+ of the installed base. This is an uncontroversial as any of the other bugs recently closed as NTBF.
[+] [-] ryanhuff|11 years ago|reply
Also, correct me if I am wrong, but app-based webviews (or app actions that spawn a browser instance) would defer to the default browser, ignoring any installed 3rd party browser. So i believe that the "install chrome" solution does not actually resolve the problem.
[+] [-] guelo|11 years ago|reply
[+] [-] mccr8|11 years ago|reply
[+] [-] unknown|11 years ago|reply
[deleted]