Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.


karit

84 posts

Master Geek


#109230 15-Sep-2012 11:15
Send private message

We all know that Manufacturers and CellCos are very slow at updating Android (if they update at all). The updates in addition to adding features these updates also include security updates. Recent news shows that 50% of Android devices have known unpatched vulnerabilities (http://news.cnet.com/8301-1009_3-57512467-83/report-half-of-android-devices-have-unpatched-holes/).

This got me thinking NZ has the Consumer Guarantees Act. Which does say something along the lines of if there is a fault in the product you have purchased the versatile either has to fix it (which they can only do by providing the latest Android update) or to replace (which will only help if it is brand spanking new phone model) or provide you with a refund. Consumer Magazine says that the expected life span of a phone is five years (http://www.consumer.org.nz/reports/appliance-life-expectancy/lifespan-electronics) and they a respected independent body for providing the expected life span for the use in the CGA.

There is a app http://www.xray.io/ which will identify currently eight different privilege escalation  vulnerabilities on Android phones (there are more security than this and the default release notes seem to always say security fixes). This app would provide a easy way to walk into a store and show someone in a repeatable way the (security) fault with your phone. So I was wondering if anyone had all ready tried this method and what success that had?

I got my current phone from a NZ Online retailer, so I will be writing them up an email soon. I am just going down the security update path because they are faults in the product. Feature updates you can't really define as a fault, so leaving those to the side and focusing on the security ones.

View this topic in a long page with up to 500 replies per page Create new topic
 1 | 2 | 3 | 4 | 5 | 6
sbiddle
30853 posts

Uber Geek

Retired Mod
Trusted
Biddle Corp
Lifetime subscriber

  #686366 15-Sep-2012 11:19
Send private message

So what is the fault with your handset?



Affiliate link
 
 
 

Affiliate link: Free kids accounts - trade shares and funds (NZ, US) with Sharesies.
johnr
19282 posts

Uber Geek
Inactive user


  #686367 15-Sep-2012 11:22
Send private message

CGA for Android updates / security updates you have to be kidding me? Have you actually read the CGA and understood it?

John

nakedmolerat
4589 posts

Uber Geek

Trusted
Lifetime subscriber

  #686371 15-Sep-2012 11:31
Send private message

sbiddle: So what is the fault with your handset?




i guess he is trying to say that the software on the phone is 'faulty'. 



sbiddle
30853 posts

Uber Geek

Retired Mod
Trusted
Biddle Corp
Lifetime subscriber

  #686374 15-Sep-2012 11:38
Send private message

nakedmolerat:
sbiddle: So what is the fault with your handset?




i guess he is trying to say that the software on the phone is 'faulty'. 


Software has been covered by the CGA since 2002 with case law already in existance. The problem is the same wording used for phyical items can't necessarily be applied to software.

Good luck to the OP if you want to try..


karit

84 posts

Master Geek


  #686375 15-Sep-2012 11:40
Send private message

sbiddle: So what is the fault with your handset?



The fault with the phone is that it has security vulnerabilities. There are fixes for these security "faults" yet they are not forthcoming with these fixes.

sbiddle
30853 posts

Uber Geek

Retired Mod
Trusted
Biddle Corp
Lifetime subscriber

  #686376 15-Sep-2012 11:43
Send private message

karit:
sbiddle: So what is the fault with your handset?



The fault with the phone is that it has security vulnerabilities. There are fixes for these security "faults" yet they are not forthcoming with these fixes.


Have you read any of the case law surrounding the CGA and software? My feeling right now is that you haven't.


johnr
19282 posts

Uber Geek
Inactive user


  #686377 15-Sep-2012 11:49
Send private message

Does your phone Boot up? Can you send SMS? Can you make calls?

Please tell us the actual fault with the handset?



karit

84 posts

Master Geek


  #686379 15-Sep-2012 11:54
Send private message

johnr: CGA for Android updates / security updates you have to be kidding me? Have you actually read the CGA and understood it?

John


Yes


6 Guarantee as to acceptable quality
(1)Subject to section 41, where goods are supplied to a consumer there is a guarantee that the goods are of acceptable quality.



7 Meaning of acceptable quality
(1) For the purposes of section 6, goods are of acceptable quality if they are as
(c) free from minor defects

If it is free of minor defect I guess it also needs to be free of major defects. Is a phone that has a known security defect with a known fix that isn't being provided a product of acceptable quality? So shouldn't it be fixed by applying the update?







johnr
19282 posts

Uber Geek
Inactive user


  #686381 15-Sep-2012 12:00
Send private message

" Manufacturing defects "

karit

84 posts

Master Geek


  #686383 15-Sep-2012 12:03
Send private message

johnr: Does your phone Boot up? Can you send SMS? Can you make calls?

Please tell us the actual fault with the handset?

Using http://www.xray.io/ I know that my phone is susceptible to http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3874 I'm sure If I dug more I could find more unpatched security defects.

blair003
557 posts

Ultimate Geek


  #686387 15-Sep-2012 12:13
Send private message

I don't know any CGA case law but I think it's a pretty novel idea and on the face of it its not as ridiculous as some are making out. Let's assume for a moment you had a case under the CGA (others are saying you don't, they could be right and I have no idea)

If you had a valid case the main problem I see is that it's not very practical to use the CGA to get OTA updates. The reason we are not getting timely updates from what I have been led to believe is because of the testing process the software updates must go through before telecom/vodafone will push them out.

AFAIK you normally complain to the retailer under the CGA. The retailer has no ability to "fix" the "problem" you are presenting to them (well they could root the phone and install the updated software, but that would probably void the warranty so its not really an option). So to get any action it would require enough of us going into retailers such that they made it an issue for the networks. I find it hard to see this happening as most people don't care.

You could complain to your local MP/government, but I am pretty sure telecom/vodafone will argue the delay is for QA testing they have do it to ensure there are no issues with the updated device on their network.

Kinda makes you glad the internet is currently open so we can connect whatever the hell we want.

karit

84 posts

Master Geek


  #686388 15-Sep-2012 12:15
Send private message

johnr: " Manufacturing defects "

Which section says "Manufacturing defects" as I can't that reference to the limitation of defect. The word defect in the defining aspect of the act seems to be only used section 7. Defect is used later but is the remedy type sections 19 and 20.

They do define manufacturer as
manufacturer means a person that carries on the business of
assembling, producing, or processing goods, and includes—
(a) any person that holds itself out to the public as the
manufacturer of the goods:
(b) any person that attaches its brand or mark or causes or
permits its brand or mark to be attached, to the goods:
(c) where goods are manufactured outside New Zealand
and the foreign manufacturer of the goods does not have
an ordinary place of business in New Zealand, a person
that imports or distributes those goods

And to me that isn't limiting to hard and soft aspects of a phone



Loismustdye
827 posts

Ultimate Geek

Trusted

  #686389 15-Sep-2012 12:18
Send private message

At risk of trolling, but couldn't pc manufacturers and so forth be held accountable as well (going by the OP original post) because you need to purchase/obtain antivirus software etc in order to make the product "safe" from intrusion because the computer manufacturer doesn't ensure the product they sell is safe?

Talkiet
4573 posts

Uber Geek

Trusted

  #686390 15-Sep-2012 12:18
Send private message

Just for a moment, consider what you are implying...

- Every single computer sold by a retailer with an OS now needs to be replaced.
- Every single GPS unit sold by a retailer now needs to be replaced.
- Every TV, every DVR, every piece of consumer electronics need to be replaced.

And once these items are replaced, the new replacements now themselves, need to be replaced.

And what about the case when your brand new replacement phone (or untested SW update) itself has a minor defect? That's right, it needs to be replaced. Oh, and then that one has to be replaced.

You probably see where I'm going with this.

Cheers - N




--

 

Please note all comments are the product of my own brain and don't necessarily represent the position or opinions of my employer, previous employers, colleagues, friends or pets.


scuwp
3582 posts

Uber Geek


  #686391 15-Sep-2012 12:21
Send private message

Talkiet: Just for a moment, consider what you are implying...

- Every single computer sold by a retailer with an OS now needs to be replaced.
- Every single GPS unit sold by a retailer now needs to be replaced.
- Every TV, every DVR, every piece of consumer electronics need to be replaced.

And once these items are replaced, the new replacements now themselves, need to be replaced.

And what about the case when your brand new replacement phone (or untested SW update) itself has a minor defect? That's right, it needs to be replaced. Oh, and then that one has to be replaced.

You probably see where I'm going with this.

Cheers - N


This.

The idea is preposterous and is a slippery slope.  If you want regular guaranteed updates then go buy an iPhone.






Always be yourself, unless you can be Batman, then always be the Batman



 1 | 2 | 3 | 4 | 5 | 6
View this topic in a long page with up to 500 replies per page Create new topic





News and reviews »

Samsung Introducing Galaxy Z Flip4 and Galaxy Z Fold4
Posted 11-Aug-2022 01:00


Samsung Health Innovations with Galaxy Watch5 and Galaxy Watch5 Pro
Posted 11-Aug-2022 01:00


Google Bringing First Cloud Region to Aotearoa New Zealand
Posted 10-Aug-2022 08:51


ANZ To Move to FIS Modern Banking Platform
Posted 10-Aug-2022 08:28


GoPro Hero10 Black Review
Posted 8-Aug-2022 17:41


Amazon to Acquire iRobot
Posted 6-Aug-2022 11:41


Samsung x LIFE Picture Collection Brings Iconic Moments in History to The Frame
Posted 4-Aug-2022 17:04


Norton Consumer Cyber Safety Pulse Report: Phishing for New Bait on Social Media
Posted 4-Aug-2022 16:50


Microsoft Announces New Solutions for Threat Intelligence and Attack Surface Management
Posted 3-Aug-2022 21:54


Seagate Addresses Hyperscale Workloads with Enterprise-Class Nytro SSDs
Posted 3-Aug-2022 21:50


Visa Launching Eco-friendly Payment Solutions in New Zealand
Posted 3-Aug-2022 21:48


NCR Delivers Services to Run Bank of New Zealand ATM Network
Posted 30-Jul-2022 11:06


New HP Portfolio Supports New Era of Hybrid Work
Posted 28-Jul-2022 17:14


Harman Kardon Launches Citation MultiBeam 1100 Soundbar
Posted 28-Jul-2022 17:10


Nanogirl Labs Launches Creator Project
Posted 28-Jul-2022 17:05









Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.



Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.







GoodSync is the easiest file sync and backup for Windows and Mac