RC29, RC30 G1 Android updates get explained
We'd already gotten a general idea about what Google's RC29 and RC30 Android updates for the G1 did, but if you're curious about all the little details, you'll no doubt be pleased to know that the Google Android Security Team has now finally come out and explained the updates themselves. As we had heard, the RC29 update fixed a vulnerability that could potentially let malicious sites take over your browser, but it apparently also fixed two other software bugs, including a universal cross-site scripting problem that could also give someone control of the browser, and an exploit that let folks bypass Android's locking mechanism by booting the phone into safe mode. As for RC30, it apparently not only fixed that little root access issue, but two other bugs related to WebKit, which could, again, let someone take over your browser, and access to the G1's memory to, for instance, read stored cookies and gain online privileges. Google has also clarified that it intends to wait until all users have access to updates before it discloses the full details about them, so it looks like this cycle of confusion is going to be a regular occurrence for G1 owners.[Via Talk Android]
Filed under: Cellphones
Reader Comments (Page 1 of 1)
Hotrod @ Nov 13th 2008 1:05PM
I apologize in advance for being off-topic, but who is making the next Android phone? Will HTC make a HTC HD version?
Taylor @ Nov 13th 2008 3:16PM
Android doesn't yet support onscreen keyboards - that's on the roadmap for finishing up the beginning of 2009... and then manufacturers will need to test it with their hardware, so i bet we won't see a Touch HD android phone ever, sadly. There will be more though, and i'm sure a high res touch screen version is in the works. No one has released any info on who will be next, however.
-Taylor
DC @ Nov 13th 2008 3:42PM
Actually there already is a touch keyboard app on the Marketplace for the G1.
papertowel @ Nov 14th 2008 12:03AM
The on screen keyboard on the marketplace is not quite there yet. As I understand it, apps. have to code to support it. I think what we're waiting for is something that's more integrated into the OS.
Kiwi616 @ Nov 13th 2008 1:05PM
Well at least they're looking out for other's well being and privacy
Alex @ Nov 13th 2008 1:07PM
They kinda have to right?!
Testies, Testies, 1, 2... 3? @ Nov 13th 2008 5:42PM
Hmmm, What happens to those of us who have been left behind on the updates? RC19 anyone?
Sam @ Nov 13th 2008 1:07PM
It's such a shame that google are following microsofts lead of rushing out an OS and patch it endlessly.
Mark @ Nov 13th 2008 1:19PM
Umm so basically following the lead of just about every developer out there? Maybe you don't recall but apple did the same thing with Leopard as well as the iphone 2.0 update. SOFTWARE HAS BUGS: get used to it.
cxp3 @ Nov 13th 2008 1:59PM
Windows Mobile has very updates compare with, I don't know, the iPhone.
blahblah @ Nov 13th 2008 2:03PM
Has there ever been an OS that never needed to be updated? Right now, Android is still for early adopters. I actually think going with the G1 is part of Google's plan to get a tech user-base so that little bugs don't scare off the masses. Expect sleek new Android phones in 2009 when the OS has stabilized.
Sam @ Nov 13th 2008 2:11PM
But do we want that blahblah? At the moment Android seems to be a public beta like google chrome. Most people when buying a mobile phone prefer it to be the finished article. Over then ten years i've owned a mobile phone, i've only once updated one and that was a fault of the service providers fault not the manufacturers.
When running early versions of software on the pc we aren't expected to pay, so why should we with a mobile phone?
Oneybm @ Nov 13th 2008 2:34PM
@Sam
I agree and disagree with your thoughts.
1. "At the moment Android seems to be a public beta like google chrome." You're probably right and I don't disparage that thought at all. However, what software or operating have you used in the last ten years that did not have something that needed updated or patching? Microsoft does it, Apple does it, *nix does it, Adobe, Intuit... Everyone. You can't test for everything and unfortunately, real world trials by more than a few dozen or even hundred people are where you really learn what something can or can not do and you alter it accordingly. We live in fluidic times and so must our devices to many a person dismay.
2. "Over then ten years i've owned a mobile phone, i've only once updated one and that was a fault of the service providers fault not the manufacturers." But you still updated it is the point. Also this technically is an admitted fault of the provider. The provider just so happens to be for the base operating system. I'm also assuming, not knowing what kind of phone or the whole situation, due to earlier devices have such closed and proprietary reigns on them there was still somewhat of a manufacturer issue.
3. "When running early versions of software on the pc we aren't expected to pay, so why should we with a mobile phone?" There is a mutliple part answer this one. Yes you may have been getting an early version of software on the phone; however, most providers will immediately advise you to update to the latest version or the software will search for it if possible. I've even had T-Mobile, on another phone, update it for me because I could not at the time. This was all done, free of charge. What you are paying for is the device in its current configuration. The software, can almost be, seen as a bonus to the device as it adds abilities not physical features. Also, in turn, you're paying monthly for access to the providers signal. Because of this, I see their act as being very responsible since you may end up damaging your device while using their signal.
Anyway, let the flame begin because I know this isn't going to end nicely as they never do on these forums.
Oneybm @ Nov 13th 2008 2:37PM
Grrrr, just reread my post and saw the numerous errors. Hopefully, the point gets made. Typing with a broken collar bone suxx.
sideshowRaheem @ Nov 13th 2008 1:08PM
I finally got my RC30 update everything seems the same but my reception seems a little better.
Hoonie @ Nov 13th 2008 1:10PM
Just got updated to rc29 today, does that seem a little odd? Or does rc30 need rc29 first?
skeleton69 @ Nov 13th 2008 1:17PM
Well we didn't see this coming. Wasn't the secret knock supposed to take care of all the security issues?
http://www.youtube.com/watch?v=KEYWtouy8eE
Valicore @ Nov 13th 2008 1:20PM
rotflmao :)
LondonConsultant @ Nov 14th 2008 6:44AM
yep, some funny bits in that...
Blacksheep @ Nov 13th 2008 1:58PM
I finally got RC30 yesterday. I was on RC19 until then!
Teeth @ Nov 13th 2008 1:59PM
Well everytime i left my phone on all night my phone would run SLOOOOOOOOOOOOOOOOOOOOOOOOOOW and that was with rc29, when i got rc30 everything just as fast as when i reboot it no matter how long the phone is on, thats the only real MAJOR fix that ive seen :-\
still wish aim would stay connect longer then 10 seconds no matter what program i connect to aim with /wrists
R @ Nov 13th 2008 2:37PM
AIM is somewhat of a crappy protocol for the tyep of devices people try to access it from, so it's not a surprise. I've had those issues too, but with jabber and gtalk, it seems to be fine and handles intermittent internet connectivity well.
KarlW @ Nov 13th 2008 3:24PM
Security issues related to WebKit? I wonder if these were discovered by Google, or if they simply updated their version of WebKit. If patched by Google, it's possible the attack would affect the iPhone/Safari/Chrome too. Certainly Google would have submitted the patch to stop the vulnerability in future releases for all platforms, but unpatched systems (like the iPhone) could be vulnerable until the next update.
As WebKit becomes more popular, it'll be interesting to see how the open source and security arguments go. WebKit is arguably more attractive to attack than other open source engines, such as Gecko.
ducky @ Nov 13th 2008 4:20PM
Can someone explain this more clearly? Why is Google trying to block unlocking when T-Mobile does it for you?
jake @ Nov 13th 2008 5:52PM
They aren't blocking unlocking the phone by T-mobile, you can still unlock the phone for other networks by getting an unlock code from T-mobile. They are blocking people from bypassing the lock screen (the one with 9 dots to unlock the phone) by going into safe mode.
They are also blocking root access to the phone.
firerock @ Nov 13th 2008 11:42PM
How about fixing the email notification and email connection errors on pop3/imap????
Blair @ Nov 14th 2008 11:10AM
I think its super that it updates at night and stops my Alarm clock from going off until I accept the update!!!
Can you update automatically so this doesn't happen?
Blair @ Nov 14th 2008 11:11AM
Also, I think my GPS is more accurate now.