I think Google needs to change that as well. Android is seen as a second class OS by a large percentage of people, and these kinds of revelations only increase that percentage. Google can do better, but for whatever reason they aren't.
This kind of thing, without a way to update hundreds of millions of older devices (mostly owned by laypeople that aren't going to be loading custom ROMs/rooting their phone), makes Android a second-class OS. They'll become aware of the issue when their bank account gets emptied or any of the other thousands of ways this could be exploited.
> Google can do better, but for whatever reason they aren't.
s/aren't/choose not to/
This is simply bad management – we're talking, what, a single engineer to backport critical fixes and some testing support. Contrast that against the damage this has done to Android's competitiveness – even the non-nerds I know talk about how they bought an iOS device because Android never gets updates – and increases the likelihood that they'll have a major security problem at some point when someone creates widespread exploit affecting all of those abandoned phones and the headlines talk about how many millions of people are at risk for a problem which was reported years ago.
The phone vendors and carriers had a large part in creating this problem but most of the reputation sticks to the platform and, as with the more general fragmentation problem, Google has been very slow to take it seriously.
>> we're talking, what, a single engineer to backport critical fixes and some testing support.
Understatement of the day? :) There is absolutely no way a single developer will be able to support huge/complex codebases like web-browsers across platform versions.
Also keep in mind that most of the original developers would have moved on from the project - due to lack of interest, greener pastures etc. I am wondering what kind of engineer would be willing to babysit a project like this - and if somebody is willing (for whatever reasons), would they be competent enough?
> Understatement of the day? :) There is absolutely no way a single developer will be able to support huge/complex codebases like web-browsers across platform versions.
Possibly but I wasn't talking about upgrading to the latest WebKit or the actual patch development – only the work required to backport a critical fix which has already been identified and fixed upstream. That's a fairly normal part of the support process at most places so I wouldn't expect it to be a huge amount of work unless you hit something which required an architectural change to fix.
Edit to add a link to the diffs which were posted earlier today:
Obviously not every patch is like that but there also aren't that many critical bugs – I'd be surprised if the engineer:tester ratio was anywhere near even on this kind of work.
> "...what kind of engineer would be willing..."
The kind that ends up on a layoff list when the inevitable
slowdown occurs. This is a zero-glory, zero-thanks task, with plenty of risk.
> "...support huge/complex codebases like web-browsers
> across platform versions..."
What could go wrong ?
