Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.




84 posts

Master Geek


# 109230 15-Sep-2012 11:15
Send private message

We all know that Manufacturers and CellCos are very slow at updating Android (if they update at all). The updates in addition to adding features these updates also include security updates. Recent news shows that 50% of Android devices have known unpatched vulnerabilities (http://news.cnet.com/8301-1009_3-57512467-83/report-half-of-android-devices-have-unpatched-holes/).

This got me thinking NZ has the Consumer Guarantees Act. Which does say something along the lines of if there is a fault in the product you have purchased the versatile either has to fix it (which they can only do by providing the latest Android update) or to replace (which will only help if it is brand spanking new phone model) or provide you with a refund. Consumer Magazine says that the expected life span of a phone is five years (http://www.consumer.org.nz/reports/appliance-life-expectancy/lifespan-electronics) and they a respected independent body for providing the expected life span for the use in the CGA.

There is a app http://www.xray.io/ which will identify currently eight different privilege escalation  vulnerabilities on Android phones (there are more security than this and the default release notes seem to always say security fixes). This app would provide a easy way to walk into a store and show someone in a repeatable way the (security) fault with your phone. So I was wondering if anyone had all ready tried this method and what success that had?

I got my current phone from a NZ Online retailer, so I will be writing them up an email soon. I am just going down the security update path because they are faults in the product. Feature updates you can't really define as a fault, so leaving those to the side and focusing on the security ones.

View this topic in a long page with up to 500 replies per page Create new topic
 1 | 2 | 3 | 4 | 5 | 6
28338 posts

Uber Geek

Moderator
Trusted
Biddle Corp
Lifetime subscriber

  # 686366 15-Sep-2012 11:19
Send private message

So what is the fault with your handset?



19282 posts

Uber Geek
Inactive user


  # 686367 15-Sep-2012 11:22
Send private message

CGA for Android updates / security updates you have to be kidding me? Have you actually read the CGA and understood it?

John

 
 
 
 


4543 posts

Uber Geek

Trusted
Lifetime subscriber

  # 686371 15-Sep-2012 11:31
Send private message

sbiddle: So what is the fault with your handset?




i guess he is trying to say that the software on the phone is 'faulty'. 





28338 posts

Uber Geek

Moderator
Trusted
Biddle Corp
Lifetime subscriber

  # 686374 15-Sep-2012 11:38
Send private message

nakedmolerat:
sbiddle: So what is the fault with your handset?




i guess he is trying to say that the software on the phone is 'faulty'. 


Software has been covered by the CGA since 2002 with case law already in existance. The problem is the same wording used for phyical items can't necessarily be applied to software.

Good luck to the OP if you want to try..




84 posts

Master Geek


  # 686375 15-Sep-2012 11:40
Send private message

sbiddle: So what is the fault with your handset?



The fault with the phone is that it has security vulnerabilities. There are fixes for these security "faults" yet they are not forthcoming with these fixes.

28338 posts

Uber Geek

Moderator
Trusted
Biddle Corp
Lifetime subscriber

  # 686376 15-Sep-2012 11:43
Send private message

karit:
sbiddle: So what is the fault with your handset?



The fault with the phone is that it has security vulnerabilities. There are fixes for these security "faults" yet they are not forthcoming with these fixes.


Have you read any of the case law surrounding the CGA and software? My feeling right now is that you haven't.


19282 posts

Uber Geek
Inactive user


  # 686377 15-Sep-2012 11:49
Send private message

Does your phone Boot up? Can you send SMS? Can you make calls?

Please tell us the actual fault with the handset?

 
 
 
 




84 posts

Master Geek


  # 686379 15-Sep-2012 11:54
Send private message

johnr: CGA for Android updates / security updates you have to be kidding me? Have you actually read the CGA and understood it?

John


Yes


6 Guarantee as to acceptable quality
(1)Subject to section 41, where goods are supplied to a consumer there is a guarantee that the goods are of acceptable quality.



7 Meaning of acceptable quality
(1) For the purposes of section 6, goods are of acceptable quality if they are as
(c) free from minor defects

If it is free of minor defect I guess it also needs to be free of major defects. Is a phone that has a known security defect with a known fix that isn't being provided a product of acceptable quality? So shouldn't it be fixed by applying the update?







19282 posts

Uber Geek
Inactive user


  # 686381 15-Sep-2012 12:00
Send private message

" Manufacturing defects "



84 posts

Master Geek


  # 686383 15-Sep-2012 12:03
Send private message

johnr: Does your phone Boot up? Can you send SMS? Can you make calls?

Please tell us the actual fault with the handset?

Using http://www.xray.io/ I know that my phone is susceptible to http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3874 I'm sure If I dug more I could find more unpatched security defects.

553 posts

Ultimate Geek


  # 686387 15-Sep-2012 12:13
Send private message

I don't know any CGA case law but I think it's a pretty novel idea and on the face of it its not as ridiculous as some are making out. Let's assume for a moment you had a case under the CGA (others are saying you don't, they could be right and I have no idea)

If you had a valid case the main problem I see is that it's not very practical to use the CGA to get OTA updates. The reason we are not getting timely updates from what I have been led to believe is because of the testing process the software updates must go through before telecom/vodafone will push them out.

AFAIK you normally complain to the retailer under the CGA. The retailer has no ability to "fix" the "problem" you are presenting to them (well they could root the phone and install the updated software, but that would probably void the warranty so its not really an option). So to get any action it would require enough of us going into retailers such that they made it an issue for the networks. I find it hard to see this happening as most people don't care.

You could complain to your local MP/government, but I am pretty sure telecom/vodafone will argue the delay is for QA testing they have do it to ensure there are no issues with the updated device on their network.

Kinda makes you glad the internet is currently open so we can connect whatever the hell we want.



84 posts

Master Geek


  # 686388 15-Sep-2012 12:15
Send private message

johnr: " Manufacturing defects "

Which section says "Manufacturing defects" as I can't that reference to the limitation of defect. The word defect in the defining aspect of the act seems to be only used section 7. Defect is used later but is the remedy type sections 19 and 20.

They do define manufacturer as
manufacturer means a person that carries on the business of
assembling, producing, or processing goods, and includes—
(a) any person that holds itself out to the public as the
manufacturer of the goods:
(b) any person that attaches its brand or mark or causes or
permits its brand or mark to be attached, to the goods:
(c) where goods are manufactured outside New Zealand
and the foreign manufacturer of the goods does not have
an ordinary place of business in New Zealand, a person
that imports or distributes those goods

And to me that isn't limiting to hard and soft aspects of a phone



610 posts

Ultimate Geek


  # 686389 15-Sep-2012 12:18
Send private message

At risk of trolling, but couldn't pc manufacturers and so forth be held accountable as well (going by the OP original post) because you need to purchase/obtain antivirus software etc in order to make the product "safe" from intrusion because the computer manufacturer doesn't ensure the product they sell is safe?

4223 posts

Uber Geek

Trusted

  # 686390 15-Sep-2012 12:18
Send private message

Just for a moment, consider what you are implying...

- Every single computer sold by a retailer with an OS now needs to be replaced.
- Every single GPS unit sold by a retailer now needs to be replaced.
- Every TV, every DVR, every piece of consumer electronics need to be replaced.

And once these items are replaced, the new replacements now themselves, need to be replaced.

And what about the case when your brand new replacement phone (or untested SW update) itself has a minor defect? That's right, it needs to be replaced. Oh, and then that one has to be replaced.

You probably see where I'm going with this.

Cheers - N




--

 

Please note all comments are the product of my own brain and don't necessarily represent the position or opinions of my employer, previous employers, colleagues, friends or pets.


3212 posts

Uber Geek


  # 686391 15-Sep-2012 12:21
Send private message

Talkiet: Just for a moment, consider what you are implying...

- Every single computer sold by a retailer with an OS now needs to be replaced.
- Every single GPS unit sold by a retailer now needs to be replaced.
- Every TV, every DVR, every piece of consumer electronics need to be replaced.

And once these items are replaced, the new replacements now themselves, need to be replaced.

And what about the case when your brand new replacement phone (or untested SW update) itself has a minor defect? That's right, it needs to be replaced. Oh, and then that one has to be replaced.

You probably see where I'm going with this.

Cheers - N


This.

The idea is preposterous and is a slippery slope.  If you want regular guaranteed updates then go buy an iPhone.






Always be yourself, unless you can be Batman, then always be the Batman



 1 | 2 | 3 | 4 | 5 | 6
View this topic in a long page with up to 500 replies per page Create new topic



Twitter and LinkedIn »



Follow us to receive Twitter updates when new discussions are posted in our forums:



Follow us to receive Twitter updates when news items and blogs are posted in our frontpage:



Follow us to receive Twitter updates when tech item prices are listed in our price comparison site:





News »

Spark launches new wireless broadband "Unplan Metro"
Posted 11-Nov-2019 08:19


Malwarebytes overhauls flagship product with new UI, faster engine and lighter footprint
Posted 6-Nov-2019 11:48


CarbonClick launches into Digital Marketplaces
Posted 6-Nov-2019 11:42


Kordia offers Microsoft Azure Peering Service
Posted 6-Nov-2019 11:41


Spark 5G live on Auckland Harbour for Emirates Team New Zealand
Posted 4-Nov-2019 17:30


BNZ and Vodafone partner to boost NZ Tech for SME
Posted 31-Oct-2019 17:14


Nokia 7.2 available in New Zealand
Posted 31-Oct-2019 16:24


2talk launches Microsoft Teams Direct Routing product
Posted 29-Oct-2019 10:35


New Breast Cancer Foundation app puts power in Kiwi women's hands
Posted 25-Oct-2019 16:13


OPPO Reno2 Series lands, alongside hybrid noise-cancelling Wireless Headphones
Posted 24-Oct-2019 15:32


Waikato Data Scientists awarded $13 million from the Government
Posted 24-Oct-2019 15:27


D-Link launches Wave 2 Unified Access Points
Posted 24-Oct-2019 15:07


LG Electronics begins distributing the G8X THINQ
Posted 24-Oct-2019 10:58


Arlo unveils its first video doorbell
Posted 21-Oct-2019 08:27


New Zealand students shortlisted for James Dyson Award
Posted 21-Oct-2019 08:18



Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.


Support Geekzone »

Our community of supporters help make Geekzone possible. Click the button below to join them.

Support Geezone on PressPatron



Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.