Google confirms Android attacks; no fix for most Samsung users

(www.forbes.com)

208 points mohi-kalantari | 1 comments | 08 Dec 25 16:32 UTC | HN request time: 0.283s | source

Show context

charcircuit ◴[08 Dec 25 17:37 UTC] No.46195181[source]▶

>>46194315 (OP) #

>But in reality, Samsung (and the other Android OEMs) cannot compete with Google and its unique control over hardware and software.

Yes, they can. We are talking about applying provided security patches to source code, and then releasing a new version of their OS. For patches that have existed for months. The time from patch to release should be on the order l of days from receiving the patches to having a validated OS release with the fix being sent to users. It's not the control of Android which makes Google possible to patch their Pixel branch of AOSP faster than Samsung can patch their own. It's that Samsung doesn't care about prompt security fixes so they don't allocate engineers to do the work.

replies(2): >>46195681 #>>46195907 #

kwanbix ◴[08 Dec 25 18:14 UTC] No.46195681[source]▶

>>46195181 #

The problem is that each OEM releases 50 different models per year, vs Google (or Apple) that release 3 or 4 models.

replies(8): >>46195780 #>>46195961 #>>46196041 #>>46196054 #>>46196062 #>>46196127 #>>46196192 #>>46196240 #

1. arghwhat ◴[08 Dec 25 18:57 UTC] No.46196192[source]▶

>>46195681 #

That's still one OS. Customization is mostly userspace "system" apps that they swap out and maintain, but reused across all their phones with some small variation. Hardware enablement will differ between models, but that's just the cost of doing business.

Can be a pain to move the whole suite to a new major (porting all their inhouse apps, getting all the hardware enablement from vendors updated to match, ...), but we're not dealing with a major upgrade here.

A security patch is "just" a matter of taking the last release, applying the diff, build, qa, release. No customization.

↑