Using the CGA to get Android updates in a timely manner

Forums › Android › Using the CGA to get Android updates in a timely manner

1 | 2 | 3 | 4 | 5 | 6

84 posts

Master Geek

#686544 15-Sep-2012 21:32

You buy the phone and nowhere does it say they promise to update it for you, When was the last time you got an update on a Nokia 5110?

Yeah but we are in 2012 and phones are running much heavier OS and have internet connections so security and the security updates are far more important now. We have banks now rolling out apps to use on phones to do banking.

With a Nokia 5110 could you identify a defect in the OS? With my phone I can clearly say that it has CVE-2011-3874 and Google does have a fix for it https://code.google.com/p/android/issues/detail?id=21681. so some researchers have found the issue and done a CVE and Google has acknowledge the defect and created a patch for it.

Trend Micro

Affiliate link

Affiliate link: Trend Micro provides enhanced protection against viruses, malware, ransomware and spyware and more for your connected devices.

joutei

307 posts

Ultimate Geek

#686547 15-Sep-2012 22:03

A Phone can stop receiving updates and patches at anytime.

If the phone you have received is in working order, then that is their job done.

Unless it is major threat to the user, then alot of end users will bring that to the manufacturers attention.

Just be patient and it will come out once it is ready.

iMac 27 2014
Macbook Pro Retina 2013
iPhone 6s
iPad Air 2

VDSL Sync @ 69Mbps Down / 29Mbps Up

karit

84 posts

Master Geek

#686551 15-Sep-2012 22:10

joutei:
Just be patient and it will come out once it is ready.

Google release the patch for CVE-2011-3874 on 9 Nov 2011 https://code.google.com/p/android/issues/detail?id=21681

So what part needs to be ready? Google has acknowledged it as a high defect and they have written the patch (which is attached to the defect report). All the bits are there.

joutei

307 posts

Ultimate Geek

#686554 15-Sep-2012 22:30

The carriers need to test it.

iMac 27 2014
Macbook Pro Retina 2013
iPhone 6s
iPad Air 2

VDSL Sync @ 69Mbps Down / 29Mbps Up

CYaBro

3826 posts

Uber Geek

ID Verified

Subscriber

#686582 16-Sep-2012 01:44

A security hole in the software is not a defect, the Phone still works as intended so not covered by the cga.

NonprayingMantis

6434 posts

Uber Geek

#686583 16-Sep-2012 02:22

I understand that criminals can break into cars using only a brick through the window.

I demand that Holden replace my 2 year old Commodore with a brand new model that has unbreakable windows. I claim this under the CGA.

I can do that... right?

sbiddle

30853 posts

Uber Geek

Retired Mod

Trusted

Biddle Corp

Lifetime subscriber

#686588 16-Sep-2012 07:20

Going right back to the start I posted about software and the CGA - something many people are overlooking.

Software is covered by the CGA, an inclusion that was added in 2002. There is case law regarding claims, but they're not going to side with the OP. If he wants to push the claim I'm sure you'll be able to get some good legal advice, however it's certainly going to cost you more than a new phone.

gregmcc

2031 posts

Uber Geek

ID Verified

Trusted

Lifetime subscriber

#686593 16-Sep-2012 07:50

Software is software, if it's in a cellphone, computer, coffee maker, or car, makes no difference. Imagine if there was a bug in the software of the ABS computer of your car and under certain conditions the brakes would not function at all, no imagine if the car maker said "tough luck, we will get around to issuing a patch and releasing it when we feel like it, good luck".

so the cell phone software crashing isn't as bad as the ABS computer in a car failing, but the CGA does quite clearly say software must be free from defects

CYaBro

3826 posts

Uber Geek

ID Verified

Subscriber

#686599 16-Sep-2012 08:29

Except the op didn't say that the phone is crashing, they said there are security vulnerabilities and these don't affect the functionality of the phone. The phone is doing everything that it is intended to do.

I would say that some responsibility of the security of your device falls on the owner, just like with a computer.
If you don't run antivirus software on your computer then really it's your own fault if you get infected or hacked via a security vulnerability.
There is antivirus software available for android devices so I'd say if you aren't using that then you're not taking the security of your device seriously so you can't blame the manufacturer for that, jus like with a pc.

gregmcc

2031 posts

Uber Geek

ID Verified

Trusted

Lifetime subscriber

#686601 16-Sep-2012 09:04

CYaBro: Except the op didn't say that the phone is crashing, they said there are security vulnerabilities and these don't affect the functionality of the phone. The phone is doing everything that it is intended to do.

I pretty sure that "security vulnerabilities" were not an advertised feature of the phone at time of purchase that been the case it is a software problem and under the CGA the manafacture is obligated to fix it

joutei

307 posts

Ultimate Geek

#686704 16-Sep-2012 15:54

A car is a totally different story.

A phone is not going to kill you nor injure you if it doesnt have its updates.

iMac 27 2014
Macbook Pro Retina 2013
iPhone 6s
iPad Air 2

VDSL Sync @ 69Mbps Down / 29Mbps Up

karit

84 posts

Master Geek

#686708 16-Sep-2012 16:07

joutei: A car is a totally different story.

A phone is not going to kill you nor injure you if it doesnt have its updates.

Safe is mentioned in the CGA though there is no definition of what safe means. And I assume the bar for safe is less than life critical.

Safe in regards to firmware could be applied to life critical but safe in firmware and software could also be applied to safe from the installation of the a trojan that could steal all you money given that most of the major banks have banking apps now.

I have no expectation that they will ship a product with zero defects but all I am asking for it to be provided with the security updates. XP was last sold via OEMs in 2010 (2008 for last off the shelf sales) and will receive security updates until 2014. So MS have a way every patch Tuesday of finding defects and releasing fixes to defects, which would mean they are making an effort to meet their CGA obligations around fixing defects in their product (sure CGA wouldn't have been a consideration but yeah).

richms

25269 posts

Uber Geek

Trusted

Subscriber

#686709 16-Sep-2012 16:08

Well, at least if this was to happen then I could use the CGA against samsung for the aweful software on my "smart" tv that is anything but. And as that has usability issues etc it would be a much more fair case for being somthing that the CGA would cover, but it isnt so I cant do anything about it.

Richard rich.ms

karit

84 posts

Master Geek

#686710 16-Sep-2012 16:10

CYaBro: A security hole in the software is not a defect, the Phone still works as intended so not covered by the cga.

So why has Google accepted it in their Defect tracking system and produced a patch for it if it wasn't a defect? https://code.google.com/p/android/issues/detail?id=21681

sbiddle

30853 posts

Uber Geek

Retired Mod

Trusted

Biddle Corp

Lifetime subscriber

#686711 16-Sep-2012 16:19

karit:
joutei: A car is a totally different story.

A phone is not going to kill you nor injure you if it doesnt have its updates.

Safe is mentioned in the CGA though there is no definition of what safe means. And I assume the bar for safe is less than life critical.

Safe in regards to firmware could be applied to life critical but safe in firmware and software could also be applied to safe from the installation of the a trojan that could steal all you money given that most of the major banks have banking apps now.

I have no expectation that they will ship a product with zero defects but all I am asking for it to be provided with the security updates. XP was last sold via OEMs in 2010 (2008 for last off the shelf sales) and will receive security updates until 2014. So MS have a way every patch Tuesday of finding defects and releasing fixes to defects, which would mean they are making an effort to meet their CGA obligations around fixing defects in their product (sure CGA wouldn't have been a consideration but yeah).

If you're so convinced you're right the best thing you can do is call a lawyer. It'll probably cost you a few $k however.

Since nobody else has mentioned it it's worth noting that software licences aren't necessarily covered by the law, and the OS on your phone is a licence, you do not own the software. You'll getting some more good case law even if it might cost you waaaaaay more than the cost of a new phone..

1 | 2 | 3 | 4 | 5 | 6