3. Google explains why vulnerability in WebView goes unpatched in Android 4.3 and e...

Google explains why vulnerability in WebView goes unpatched in Android 4.3 and earlier

Please don't conflate the OS distribution with the embedded platform distribution.

I'm not conflating anything. You don't understand how the Android ecosystem works. It is fragmented into many different operation systems maintained and distributed by OEMs, not a unified OS controlled by Google. The hardware vendors are shipping AOSP at all. They are making a true fork of the project with customizations across the board, which is why they can't simply update to the latest 4.x point release.

Google are absolutely the OS distributor. Others might repackage it for deployment onto specific hardware but Google are the ones deploying and maintaining the OS itself. This is the upstream/downstream relationship.

Google is the OS distributor for the fork of AOSP that they deploy on Nexus devices. The OEMs maintain their own forks and make major changes to the operating system. They are not simply taking AOSP, adding their drivers and shipping it as is. That's why they can't simply update from 4.3 -> 4.4. They have a fork of the operating system, and they would need to rework many of their non-hardware-related changes for the 4.4 release. It's certainly possible to run 4.4 (or even 5.0 in many cases) with the same kernel as 4.3.

Which, again, they could not do if they were not the maintainers and deployers of the Android OS. They are the ones who provide the path to delivery of the AOSP and Android itself. Third party downstreams pull down the Android OS from the AOSP or directly from Google through other means (licensing agreements with Google, normally) and then repackage it and rebundle it for distribution onto specific platforms, including and introducing their unique libraries and drivers.

AOSP isn't what gets deployed on devices. It's a base for building an operating system, but doesn't really run on real hardware itself. The OEMs aren't simply repackaging / rebundling AOSP... they are making a per-device fork to add the hardware support and then make sweeping changes to many other components.

So yes, this is entirely on Google. The Browser in question is a Google product, and the downstreams are delivering it as-is. Google are the ones who are responsible for delivering backports of the binary.

Google is responsible for the fact that the Galaxy Nexus hasn't been updated to 4.4. Google isn't responsible for other OEMs not updating to 4.4.

/r/programming Thread Link - hothardware.com
Previous
Next

Recently removed from /r/programming

A Plea for Fairness for Non-profit Developers of Open Source Software TIL It takes developers 23 minutes of uninterrupted focus until they hit their “flow” state - the stage in which they do actual coding. Slack messages, fragmented meeting schedules and the need to be "available" online is hampering the possible productive gains “ChatGPT Will Replace Programmers Within 10 Years” - What do YOU, the programmer think? Docker is deleting Open Source organisations - what you need to know Disambiguating Arm, Arm ARM, Armv9, ARM9, ARM64, Aarch64, A64, A78, ... ASP.NET Core Blazor - A Complete Overview The Case for Functional CSS Why we ditched GraphQL for tRPC Single mom sues coding boot camp over job placement rates Good day. I'm writing a QUIC proxy in C. It's halfway done. It uses HTTP as protocol. Parser written, QUIC implemented through MS's library. Please star if you like. Thanks. Meta releases Sapling, a new way of using source control We’ve filed a law­suit chal­leng­ing GitHub Copi­lot, an AI prod­uct that relies on unprece­dented open-source soft­ware piracy. We Need To Talk About The Bad Sides of Go GitHub Copilot investigation Is a ‘software engineer’ an engineer? Alberta regulator says no, riling the province’s tech sector

More Random Comments

CDPR do not deserve your forgiveness. Debut Twitch! KUOW - Seattle looks at new ‘poverty defense’ for misdemeanors The amount of poor shaming for users playing on PS4&XB1 is disgusting Negative stereotypes toward Black men can be provoked or deflected by clothing. Clothing emits signals of power and status and can carry with it certain stereotypes. Men in formal clothing were rated more trustworthy, intelligent, and warm than men in soccer uniforms. Have you ever started your own business or are you planning on starting one? My cousin found out I’m Pagan, made fun of me and my religion, and now I think he might snitch on me to my family. Please help. How to feel about (ignorant) People of our world? What is your honest opinion about school? I will be alone forever, not sure how to cope? What is something you’ve always wanted to ask a woman, but daren’t? I was the cheater - update: how can I make the break up easier for him? Worst/scariest firsthand censorship experiences from the propaganda machine itself? WARNING: Possible Child Predator Caterers at finance guru Dave Ramsey's holiday party told not to wear masks, complaint says