Google has published its annual 0-day vulnerability report, presenting in-the-wild exploitation stats from 2022 and highlighting a long-standing problem in the Android platform that elevates the value and use of disclosed flaws for extended periods.
Patch updates really should be auto install by default for those users (but still let users opt out manually through settings if they want). Probably on home WiFi and while charging, just like Google Play does by default.
With A/B devices, there’s no reason not to. It’s completely invisible to the user, and takes effect next time they reboot or run out of battery. Just needs maybe a single notification when it’s all done to tell the user to reboot when it’s convenient for them, or reboot overnight when the device is idle and charging. Completely transparent.
My girlfriend’s phone applies patches automatically and puts a notification up suggesting to restart or schedule a restart over night and it just gets ignored. I press the button whenever I see it though.
People don’t like being inconvenienced even if there’s an option just do do everything over night while charging, and even if everything was automatic and updates were just installed over night I guarantee people would find something to complain about. Unfortunately there’s no winning, but I agree that increased security from opt out updates would be beneficial.
Patch updates really should be auto install by default for those users (but still let users opt out manually through settings if they want). Probably on home WiFi and while charging, just like Google Play does by default.
With A/B devices, there’s no reason not to. It’s completely invisible to the user, and takes effect next time they reboot or run out of battery. Just needs maybe a single notification when it’s all done to tell the user to reboot when it’s convenient for them, or reboot overnight when the device is idle and charging. Completely transparent.
My girlfriend’s phone applies patches automatically and puts a notification up suggesting to restart or schedule a restart over night and it just gets ignored. I press the button whenever I see it though.
People don’t like being inconvenienced even if there’s an option just do do everything over night while charging, and even if everything was automatic and updates were just installed over night I guarantee people would find something to complain about. Unfortunately there’s no winning, but I agree that increased security from opt out updates would be beneficial.
The problem is, many popular devices still don’t have A/B partitions - Samsung being one of them.
I’m not sure even if the S24 / Fold 5 have it, haven’t heard anyone mention anything about this yet.