So Epic release an installer for Fortnite outside of the play store, @TimSweeneyEpic bitches about the store the whole time, and when Google do Epic's job and find a security issue, wait for the patch to go out and then alert users to the issue, Tim whines even more about Google?
Wouldn’t it be safer to disclose the technical details of vulnerabilities based on adoption rate of updates rather than mere availability? Of course the PR about the existence of a vulnerability and importance of updating could go ahead without disclosing the technical details.
-
-
Case in point: This sort of policy would be disastrous if Google applied it to to security flaws they discovered in their own software, given the Google/IHV/carrier bottlenecks in pushing Android OS updates.
-
Can Google even see adoption rates of updates for software outside of the Play Store? If not, then your point may be moot.
- 1 more reply
New conversation -
-
-
History shows that people figure out vulnerabilities just from the updates (no disclosure of vuln existence needed). https://twitter.com/aionescu/status/948750715844898817 … is discovery of speculation control MSRs from patches released before Spectre/Meltdown were public. We must assume attackers are as good.
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
-
-
You argue on what would have been safer ? How about placing it on the google store to begin with?
-
Being in the playstore would not change the fact it had a vulnerability, only the update period. The playstore has lots of vulnerable exploitable software as well as malware. If put in the playstore it would have been auto-scanned and passed as fine until hackers found the flaw.
End of conversation
New conversation -
-
-
1. Making vendors force a critical update in an emergency is intended behaviour. Otherwise, incentivises vendors to not issue updates to known bugs. 2. No telling if bug is already being exploited in the wild. Users need to be informed ASAP.
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.