zlacker

[return to "Delayed Security Patches for AOSP (Android Open Source Project)"]
1. mdasen+Ll[view] [source] 2025-09-07 16:55:02
>>transp+(OP)
Google sold Android to nerds as open source. We thought that mobile operating systems would be won by the "Linux of mobile OSs."

But Google has made sure that didn't happen and we're left with devices more locked down than the proprietary Windows ecosystem we were hoping to leave in the past - and with a company in charge looking to exert even more power over us than Microsoft did.

◧◩
2. arcane+po[view] [source] 2025-09-07 17:10:56
>>mdasen+Ll
The trick is adding a ton of features which expose extra attack surface that needs them to maintain and fix, under the pretense that it will make everyone's life easier. Make it complicated enough so that the community cannot maintain it, enabling the corporation to throw its weight around.
◧◩◪
3. yupyup+ME[view] [source] 2025-09-07 18:49:07
>>arcane+po
This is what happened with the Qt app dev framework. The Qt Company delayed releases of LTS updates to non-paying users by 1 year, while not properly dealing with the steady stream of regressions that were affecting normal releases. I quit Qt development partially because I felt that I was dealing with forever-beta software.

But actually, with Qt you do have KDE devs who push their own patches which does help deal with the flaws in the upstream project.

In the Android world, they need more devs doing the same and supporting projects like GrapheneOS with security testing/hardening.

[go to top]