Google fixes Android OS security flaw
Shortly after the Google Android phone was introduced, a security flaw was discovered in its mobile phone operating system. This flaw was said to be serious in nature, and the problem was caused by Google erroneously including an older, flawed module when the final software release was built. The patch, which became available for the first time on Saturday, completely remedies the known security issue.
The Android mobile phone operating system is built using over 80 open source code libraries. One of the libraries shipped by Google in their production operating system was an old module which contained the security vulnerability. The vulnerability was well known in the open source community and had already been repaired by the owners of the software in question. Google, however, did not ship the most current version of the software, allowing the vulnerability to creep into the Android operating system.
News about the patch apparently came in the form of a message on the phone itself. Users got the choice of installing the patch immediately or later. When the user chose to install the patch, the new software was downloaded. That process apparently took only a few minutes. The download process is said to have gone smoothly, and once downloaded the new software was installed automatically.
This security upgrade was probably more of a test of Google’s stance on vulnerabilities and corrections than it was of their technical ability to upgrade the phone. When the flaw was first discovered by Charlie Miller, Mark Daniel, and Jake Honoroff of Independent Security Evaluators, the finders classed the problem as serious. Subsequent to the discovery, Google chose to downplay the severity of the flaw and seemed to even question the veracity of the discoverers.
We have all watched as various manufacturers tried hard to put positive spin on problems such as this. We were all hoping for a more open and transparent process of acknowledgment and correction by Google. So far, although the problem has been fixed, it is hard to be impressed by the way that Google handled it.
Related Posts:
