Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie
Hi there,
There is an issue with role permissions that is being worked on at the moment.
If you are having trouble with access or permissions on regional forums please post here to get access: https://www.boards.ie/discussion/2058365403/you-do-not-have-permission-for-that#latest

Android bug

Comments

  • #2
    nedd
    Registered Users, Registered Users 2 Posts: 2,035 ✭✭✭nedd


    What is the bug? How will it affect 930 million phones?


  • #3
    Atomic Pineapple
    Registered Users, Registered Users 2 Posts: 18,272 ✭✭✭✭Atomic Pineapple


    It's apparently a security bug in Webkit which is the built in webview in Android, so if you are using a hybrid application or a native application which renders a web page inside itself then there is potential for the security flaw to be exploited.

    Technically Google has fixed it, its fixed in 4.4+. It's just that because of the fragmentation of Android it is impossible to apply the fix to lower versions of Android.


  • #4
    The_B_Man
    Registered Users, Registered Users 2 Posts: 7,893 ✭✭✭The_B_Man


    I read somewhere else that it'll affect apps that use ads. I'm not sure if they meant it like the ads are in little WebViews themselves, or if the idea is to get the user to click the ad, which will open up a webpage.

    If its in the ads themselves, then its just a matter of someone putting the code into an ad, and hoping it gets displayed on a vulnerable device. I'm not sure what the attacker can then do. It doesnt actually say what the potential dangers are. It might be minor, or it could allow an attacker to install an app that does whatever it wants. I'd imagine thats worst case scenario though.


  • #5
    D'Peoples Voice
    Registered Users, Registered Users 2 Posts: 1,698 ✭✭✭D'Peoples Voice


    Atomic Pineapple wrote: »
    Technically Google has fixed it, its fixed in 4.4+. It's just that because of the fragmentation of Android it is impossible to apply the fix to lower versions of Android.
    Yes, but webview in 4.4+ is based on Chromium not webkit, so as such they just changed the source code.

    Would many apps not be using the Webview with chromiumn base now anyway, so those running 4.3 will soon find the number of apps available greatly diminishing i would have thought.

    Even if Google did fix webview for 4.3, manufacturers have their own version of webview, so they would have to update their 4.3 ROM, and then the carriers would have to update their bloatware that would run on the 4.3 ROM (and 2.3.5 - 4.2).

    So, its not going to happen. Maybe they are better off - at least that old version of webview does text reflow.


  • #6
    The_B_Man
    Registered Users, Registered Users 2 Posts: 7,893 ✭✭✭The_B_Man


    Does anyone know if the bug is in closed source code? As in, is there anything stopping HTC and Samsung etc just fixing it themselves and rolling out an update? For someone reason, people are saying that its only Google who can fix it.

    Also, if they fix it, would it have to be an OS fix, or would it be a patch to the default browser that could be rolled out via the Play Store?


  • Advertisement
  • #7
    D'Peoples Voice
    Registered Users, Registered Users 2 Posts: 1,698 ✭✭✭D'Peoples Voice


    The_B_Man wrote: »
    Does anyone know if the bug is in closed source code? As in, is there anything stopping HTC and Samsung etc just fixing it themselves and rolling out an update?
    Yes it is closed source in most cases - which is one of the greatest causes of fragmentation in Android. Webview on Sammy is not the same as Webview on HTC. They had the same webkit base that Google put in the AOSP, but the manufacturers tailored webview to their liking. But these manufacturers have their hands full with lollipop rollouts, why should they care about products that are beyond their 18-month support period?;)
    The_B_Man wrote: »
    For someone reason, people are saying that its only Google who can fix it.
    Makes sense, most don't know what webview is :rolleyes:
    The_B_Man wrote: »
    Also, if they fix it, would it have to be an OS fix, or would it be a patch to the default browser that could be rolled out via the Play Store?
    It can't be rolled out via the Play Store, that's one of the advancements in Lollipop, that webview is NOW updated via the Play Store, but in Android 4.4 and all versions before, webview is only updated via an OS update. Given the current lollipop updates, carriers are not going to be bothered pushing out an update to the manufacturer's OS.

    We've rectified the problem in that webview is updated via the Play Store, so it can 't happen again. Google is doing this for a lot of apps, so that an Android update in the future will be less important as more apps are updated on a continuous basis in the Play Store.

    This also helps explains why manufacturers such as Motorola and HTC are pushing more and more of their apps into the Play Store, so they are less reliant on carriers to push out their updates.


Advertisement