"Google presumably also "scanned" its Android code and failed to realize that it wasn't even verifying app signing certificates. That's pretty basic PKI work. "
Sure, just like that mistake apple made. But go on.
"This isn't even remotely true. Google has started issuing some updates and patches via Google Play Services, but this happened all of twice this year. The last update is 5.0, from June 25. Check your phone to see if you have an update. You do not, because a new one hasn't been released yet. "
And since they fixed it back in April when it was disclosed and GP services is updated every 6 weeks or more, you have proof it wasn't already patched before disclosure? Of course not, you are just making BS assumptions.
"Thanks for the tip. Google "how to sideload android software" and you get 1M responses. Are you so sure nobody has ever followed any of those?
How about the "Android Central Sideload Wonder Machine" which Android Central promotes and tells its users: "It's a Windows program that can install applications you have downloaded outside the official Android Market to your Android phone.""
And there are 2.6 millions results on how to jailbreak ios7.1. So what? Google search anything and you'll find a lot of results.
Wait you use google?
"What a fantastically ignorant thing to say. So nobody sideloads Android apps, and the same company that doesn't know how to implement basic PKI cryptography for its users is a magical sky god that omnisciently protects all the peoples who buy cheap phones. "
Even if they did, what of it? They saw the warning about what happens when they do. Even side loaded apps are scanned, but you wouldn't know that.
You want to say that the only way to fix stupid is to not allow him to be stupid? Go ahead. Terrible shame that the level of intelligence in people today is at a steady decline that the average person can't even change a stupid vacuum belt if their life depended on it.
"Except cheap phones like the Galaxy Nexus (and +80% of all Android phones actively accessing Google Play), which still carry those other serious vulnerabilities related to integrated Flash that pervade every app on the system.
?Keep telling yourself that."
Yeah, and for all the ways you can hack an ios device, the sky hasn't fallen yet. Oh, except for the time that a bunch of people were locked out of their ios devices remotely. Hmm..., but that's OK!
.Hmm, I know! Let's ask anyone who has Windows and probably 80% of them will say they've dealt with malware, reinstalling windows, driver issues, slowdowns, to frustrations with printers.
Now let's all ask our fellow Android users and see how many have complained of anything.
Also, "Google Play Services is not Android. It is a proprietary layer of Google APIs, apps and services that runs on top of Android. When the vulnerability is in core Android, Google Play Service updates will have no impact on any device not running this layer (most devices in China or Kindle Fire, for example)
So un-updateable devices that have forked off from the main branch of Google-supported Android won't get an update from Google? Why do you think Google would/should care? Amazon made their choice here, let them patch their own subOS. Likewise for the Chinese devices.
Dressing these forks up as a Google issue is grasping for criticism.
Quote:
Originally Posted by Corrections
or protect against any malicious app that uses the core vulnerability directly, since that vulnerability will continue to exist until the core OS is updated.
Is it even possible to get around Google Play Services by using "the core vulnerability directly" or are you just making stuff up?
Comments
"Google presumably also "scanned" its Android code and failed to realize that it wasn't even verifying app signing certificates. That's pretty basic PKI work. "
Sure, just like that mistake apple made. But go on.
"This isn't even remotely true. Google has started issuing some updates and patches via Google Play Services, but this happened all of twice this year. The last update is 5.0, from June 25. Check your phone to see if you have an update. You do not, because a new one hasn't been released yet. "
And since they fixed it back in April when it was disclosed and GP services is updated every 6 weeks or more, you have proof it wasn't already patched before disclosure? Of course not, you are just making BS assumptions.
"Thanks for the tip. Google "how to sideload android software" and you get 1M responses. Are you so sure nobody has ever followed any of those?
How about the "Android Central Sideload Wonder Machine" which Android Central promotes and tells its users: "It's a Windows program that can install applications you have downloaded outside the official Android Market to your Android phone.""
And there are 2.6 millions results on how to jailbreak ios7.1. So what? Google search anything and you'll find a lot of results.
Wait you use google?
"What a fantastically ignorant thing to say. So nobody sideloads Android apps, and the same company that doesn't know how to implement basic PKI cryptography for its users is a magical sky god that omnisciently protects all the peoples who buy cheap phones. "
Even if they did, what of it? They saw the warning about what happens when they do. Even side loaded apps are scanned, but you wouldn't know that.
You want to say that the only way to fix stupid is to not allow him to be stupid? Go ahead. Terrible shame that the level of intelligence in people today is at a steady decline that the average person can't even change a stupid vacuum belt if their life depended on it.
Oh wait, they haven't.
Also, "Google Play Services is not Android. It is a proprietary layer of Google APIs, apps and services that runs on top of Android. When the vulnerability is in core Android, Google Play Service updates will have no impact on any device not running this layer (most devices in China or Kindle Fire, for example)
So un-updateable devices that have forked off from the main branch of Google-supported Android won't get an update from Google? Why do you think Google would/should care? Amazon made their choice here, let them patch their own subOS. Likewise for the Chinese devices.
Dressing these forks up as a Google issue is grasping for criticism.
or protect against any malicious app that uses the core vulnerability directly, since that vulnerability will continue to exist until the core OS is updated.
Is it even possible to get around Google Play Services by using "the core vulnerability directly" or are you just making stuff up?