• Google will discontinue official support for Android Lollipop OS, which debuted with Nexus 6.
  • Also known as Android 5.0, it was widely popular for introducing Material You to Android devices.
  • The said OS will no longer receive Google Play Updates, citing that less than one percent of active devices are running it.
  • huginn
    link
    fedilink
    arrow-up
    3
    ·
    4 months ago

    Yeah but also vulnerabilities in older android remain unpatchable.

    EG: Strandhogg 2.0 can’t be patched - you just have to set min SDK 28.

    • 0x0@programming.dev
      link
      fedilink
      arrow-up
      2
      ·
      4 months ago

      I’m sorry, what? Setting min SDK is, itself, a patch. I’m sure Google could backport that patch if they so desired. It’s not Spectre, it’s a software vulnerability.

      There’s no technical reason not to provide security backports to software. This is intentional.

      • huginn
        link
        fedilink
        arrow-up
        2
        ·
        4 months ago

        You can’t modify activity intent apis on older versions of Android to fix intentjacking is my understanding. It fundamentally breaks the versions.

        In theory they could’ve supported down to sdk26 afaik. Android Sec is ancillary to my main day to day.