Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.
View this topic in a long page with up to 500 replies per page Create new topic
1 | 2 | 3 | 4
3019 posts

Uber Geek
+1 received by user: 767

Trusted
Lifetime subscriber

  Reply # 1603090 2-Aug-2016 16:39
Send private message

NikT:

 

BlackBerry, Sony, and Xiaomi have been pretty good at keeping up with the patches. Still boggles my mind that phone manufacturers make this much harder for themselves than it needs to be, with endless regional SKUs and unnecessary - unasked for - local-market customisation. What Apple do is not revolutionary or difficult.

 

 

 

tripp:

 

What i have found is that the telco's seem to be holding things up.

 

 

 

Can't speak for Spark, but when I was there, Voda's testing and approval process took a week at max. The delays were all on the manufacturers' ends*.

 

Went a little like this:

 

"When are we getting a new build? Enterprise customers are concerned about recently-publicised vulnerabilities." "Dunno."

 

"Okay, it's approved, when will you roll it out OTA?" "Dunno."

 

 

 

From the big vendors' perspectives, NZ is a tiny market and its region-specific SKUs are low on the priority chain for updates. Several have said this to me directly. I don't like that at all, but that's how it is. Right now, the truth is that you have to choose between suitability for/reliability on local networks, and frequency of security patches.

 

 

 

*Except that one time HTC decided they'd ship a single flagship SKU with a unified software build to AU and NZ, then found they couldn't roll updates to any of them until every telco in both markets had approved said updates...and naming no names, but some telcos are great at dragging their feet in the name of user experience.

 

 

Well the telco's need to start screaming at the suppliers or something, if it is the OEM's holding it up yet they have said they will be doing monthly updates then it should be up to the telco to keep on to them about it.  It may be an issue if people start requesting refunds for handsets due to OEM's not doing what they say they will.  Guess it could also hit retailers.

 

 

 

 


1488 posts

Uber Geek
+1 received by user: 334


  Reply # 1603142 2-Aug-2016 18:14
Send private message

With all these android vulnerabilities in the wild, has anyone actually been affected? Or are we just a storm in a teacup here?

320 posts

Ultimate Geek
+1 received by user: 56
Inactive user


  Reply # 1603367 3-Aug-2016 09:53
Send private message

1eStar: With all these android vulnerabilities in the wild, has anyone actually been affected? Or are we just a storm in a teacup here?

 

 

 

That's not how it works.

 

 

 

 


4450 posts

Uber Geek
+1 received by user: 843

Trusted
Lifetime subscriber

  Reply # 1603378 3-Aug-2016 10:14
Send private message

1eStar: With all these android vulnerabilities in the wild, has anyone actually been affected? Or are we just a storm in a teacup here?

 

+1, we have heard this since the beginning of Android. 






789 posts

Ultimate Geek
+1 received by user: 75

Trusted

  Reply # 1603385 3-Aug-2016 10:22
Send private message

How many Windows vulnerabilities have existed and users themselves have failed to run windows update? Sensible use of both mobiles and PCs might help avoid some of the vulnerabilities also.

 

In saying that, I don't think this makes it ok. If fixes are available, users should be able to access them. As others have said, perhaps there needs to be more separation between the updates. Google already has some of this with the way it updates certain things through the Play Store, even some of the manufacturers have moved aspects to the Store for easier updating. Some aspects shouldn't be held up by carriers and/or manufacturers surely.

 

Blackberry Priv is tempting, something different, plus it is getting 'Nexus like' updates and timeframes.


320 posts

Ultimate Geek
+1 received by user: 56
Inactive user


  Reply # 1603386 3-Aug-2016 10:22
Send private message

nakedmolerat:

 

1eStar: With all these android vulnerabilities in the wild, has anyone actually been affected? Or are we just a storm in a teacup here?

 

+1, we have heard this since the beginning of Android. 

 

 

To me, the difference is that you know of the problem and have accepted the cost/benefit trade-off.  But my parents who both have androids and read emails and roam on the devices overseas, do not know of the cost and have not accepted the cost/benefit trade-off.

 

What if all these idiots who scam pensioners by phone who you see on trade-me realise they can get the personal information/access by sending emails?  What if the ransomware people who are out there and are active expand their market from pc/mac/desktop?

 

You can accept the cost, and I can reluctantly do so as well, but my outlook is that it is a matter of time.


3019 posts

Uber Geek
+1 received by user: 767

Trusted
Lifetime subscriber

  Reply # 1603389 3-Aug-2016 10:28
3 people support this post
Send private message

nakedmolerat:

 

1eStar: With all these android vulnerabilities in the wild, has anyone actually been affected? Or are we just a storm in a teacup here?

 

+1, we have heard this since the beginning of Android. 

 

 

 

 

That's the issue however, people don't really view that their phones could get hacked etc, most people are in the frame of mind as PC users back in the mid/late 90's.  All it would take is some encryption virus to hit and know how to jump to devices via bluetooth/wifi and all hell would break loose.  

 

Sure google and apple check apps on the market place however there have been a couple of times that google has missed things in the apps, I am sure apple has slipped up once or twice as well.

 

Android lets you run any 3rd party apk from the web (if you OK the install).  There is a reason why google is doing a monthly security update now, should we all just accept that there is no issue?  Or should we now expect OEM's etc to supply updates.

 

Would you be happy if your windows / MacOS / Linux did not get security patches or your antivirus supplier did not release patches for months?

 

People need to think about what they have on their phones, they have banking apps, payment systems, personal details, password apps etc, if anything, hitting a phone has a bigger payoff than hitting a PC/Mac these days.

 

 

 

 

 

 

 

 


320 posts

Ultimate Geek
+1 received by user: 56
Inactive user


  Reply # 1603406 3-Aug-2016 10:48
Send private message

tripp:

 

People need to think about what they have on their phones, they have banking apps, payment systems, personal details, password apps etc, if anything, hitting a phone has a bigger payoff than hitting a PC/Mac these days. 

 

 

I was reading about, what is it, IFTTT on this forum.  Do people grant access to it, to all their services?  Email, twitter, instagram, .. Well, the main one would be email.  I saw 6000 people had an IFTTT rule that did something with their email.  How many of these services have precise apis that can be locked down to just limited access?  


21451 posts

Uber Geek
+1 received by user: 4355

Trusted
Subscriber

  Reply # 1603485 3-Aug-2016 12:23
One person supports this post
Send private message

The gives access to everything model is something I hate about google. I dont want to be logged into my email just to be able to favorite youtube videos etc. I used to have seperate google accounts for things to sort that out, but with the youtube red free with google play music deals and things like that it is harder to do so.





Richard rich.ms

1488 posts

Uber Geek
+1 received by user: 334


  Reply # 1603918 3-Aug-2016 22:20
Send private message

Google considers that having root access is a vulnerability.

If I want to have updated security patches on my 4year old Samsung, I need to root and rom it.

Oh the irony...

320 posts

Ultimate Geek
+1 received by user: 56
Inactive user


  Reply # 1603999 4-Aug-2016 07:32
Send private message

I looked at my redmi note 2 last night, up to date with 2016-08-01 security patch level.  Miui do seem to be doing a pretty good job.


1549 posts

Uber Geek
+1 received by user: 353


  Reply # 1607433 10-Aug-2016 09:57
3 people support this post
Send private message

Lets not blame the telco's

 

Its an industry wide issue for Android (with some exceptions)
God knows , the telcos arnt to blame for no updates on Andriod tablets. So saying its the telcos is a red herring.
When famous brand tablets are sold, new, with old versions of Android, and then your Tablet is somehow obselete within a year (no more updates) :Samsung.....

 

Lets put the blame where it belongs, at the one company who could force some action on rolling out updates & patches. The one company that has some
say over what happens with its brand when installed on other companies hardware .

 

 

 

 


158 posts

Master Geek
+1 received by user: 33


  Reply # 1607438 10-Aug-2016 10:11
Send private message

You can blame the telcos though. They should be pressuring the Mobile suppliers. Take LG G4 for example. Still sitting on Android 6.0 in NZ although the 6.0.1 release has been OTA in the rest of the world for months! So what's the problem???


3019 posts

Uber Geek
+1 received by user: 767

Trusted
Lifetime subscriber

  Reply # 1607516 10-Aug-2016 11:45
Send private message

Just an FYI

 

I have flashed the non branded AU firmware on my samsung edge 7 a couple of weeks ago and on Saturday I got the OTA with security fixes and July's security patch.

 

Just checking the firmware for all 3 of our telcos here (spark, voda, 2degrees) and they still only have firmware dated back in April.

 

 

 

 

 

 


1426 posts

Uber Geek
+1 received by user: 495

Trusted

  Reply # 1608510 10-Aug-2016 12:16

olivernz:

 

You can blame the telcos though. They should be pressuring the Mobile suppliers. Take LG G4 for example. Still sitting on Android 6.0 in NZ although the 6.0.1 release has been OTA in the rest of the world for months! So what's the problem???

 

 

LG has basically no mobile presence in NZ (Because they don't want to invest in marketing, so the big telcos aren't interested), and I doubt a significant number of units were brought in from AU and actually sold through 2degrees/Harvey Norman. Consider it's a tiny subsection of an already limited SKU for APAC, and you can see why it's not LG's #1 priority. I can also imagining pressuring LG - who, again, provide no marketing support, and chose not to bring the G5 to NZ because there was no interest - won't get 2d anywhere. What are they gonna hold over LG, not ranging their next phone either? When a product drops in price, it isn't because it sold well.

 

 

 

The problems with updates are, fundamentally:

 

  • Updates, especially platform updates, cost a LOT of money to build, test, certify, and roll out
  • The average customer does not care about updates, or actively hates them (For which I largely blame legacy versions of Windows)
  • The only three companies which are financially incentivised to provide ongoing updates are Google, Apple, and Microsoft, because they own the ecosystems and get revenue from app/content sales
  • There's only so much profit to be made in a given handset once the costs of R&D/manufacturing/logistics/marketing/training/GST/Et cetera are taken off the top
  • That revenue gets spread very thin over an installation base through the course of a device's commercial lifecycle (Time it's sold through official channels for), even more so over its consumer lifecycle (Time it's in use for), so the high costs to the companies vs. limited benefits aren't worth it
  • There are too many different hardware SKUs globally, and too many individual telco/market software builds to maintain in a reasonable timeframe

This needs to be fixed. Incentivising Android OEMs to update has to come from Google. They could share revenue from purchases made from a given vendor's handsets provided they're running the latest Android version or security patch. They could provide support, kickbacks, rebates per SKU, et cetera. The issue with too many SKUs may solve itself in time as telcos globally migrate to LTE and common frequencies, or it may get worse as every spare scrap of spectrum is deployed and devices need to accommodate 4-5 obscure bands per network per country for maximum network performance.

 

 

 

Look, as an enthusiast who got to see the inner workings of the industry, I feel you. I'm passionate about updates and security, and it bothers me that there's a trade-off between the best network experience and timely feature/bugfix/security patches. But the reality is that an update to the G4 isn't going to come any faster if 2degrees' devices team calls up LG Australia and complains. NZ is too small, the volumes sold here are too low to make a difference, and the solutions have to come from a different place.

 

 

 

I also note that BlackBerry has differentiated itself in Android-land by providing timely security patches, but enthusiasts who do want those updates aren't exactly rushing out to buy a Priv.





Product Manager @ PB Tech

https://pbtech.co.nz/smartphones


1 | 2 | 3 | 4
View this topic in a long page with up to 500 replies per page Create new topic

Twitter »

Follow us to receive Twitter updates when new discussions are posted in our forums:



Follow us to receive Twitter updates when news items and blogs are posted in our frontpage:



Follow us to receive Twitter updates when tech item prices are listed in our price comparison site:



Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.



Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.