Monday, November 3, 2008

Google patches Android security hole

Although the first commercial product based around Google's Android mobile platform – the HTC Dream, sold as the T-Mobile G1 – has only been around for just over a week, it has already enjoyed a security patch to keep its users safe from harm.

According to CNet, the patch is for an issue with the on-board web browser which first came to light on the 20th of October. Embarrassingly for Google, this particular security hole was common knowledge quite some time ago – the flaw has already been fixed in the code for the open-source packages on which Android is based. The reason Android was vulnerable is because – for whatever reason – Google decided to ship out-of-date code with their flagship mobile handset.

This has, of course, one singular advantage for the company: because the flaw has already been fixed, the work to repair the damage is done; all Google has to do is test the fix with their own implementation and roll it out. This goes some way to explaining the impressive speed with which the company has addressed the issue.

The bug also gives both T-Mobile and Google a chance to see their update process in action: by querying a Google server containing up-to-date product information, a handset is able to alert its owner that a software update is available. When the user chooses to install the package, the update is downloaded over the air – a process which, according to CNet's G1-owning Steven Shankland takes "a few minutes" – and then installs it to the device's flash memory.

While it saddens me to see the device require a security patch so early in its life, I am thrilled with the ease at which said patch can be applied. With a normal mobile device, the user would have to connect the unit to a computer and run specialist software to even see if an update is required – assuming they knew the hows and whys of such a thing. By making the process streamlined – and by nagging the user until it is completed – Google has ensured that all Android users will always be running the latest build of their software – something which will make the commercial reality of customer support less of a burden.

Have any of our readers managed to get their hands on the in-demand Googlephone and noticed the update, or are you all waiting for at least revision 2.0 before plonking down your hard-earned? Share your thoughts over in the forums.

  • Soft hardhat
  • Seven Critical patches due Tuesday
  • Acrobat suffers security flaw
  • 0 comments: