I have a Pixel C that will never have an official patch to this exploit. I wonder if this is a user space exploit too, and if so, that would mean there's no technical reason for why they can't update it.
Yep it does, I have it on Lineage. However Lineage cannot update the Kernel (due to no vendor support), it's stuck on 3.10.
I'll take a look at Postmarket, I didn't know they were working on it. My issue is that I use the tablet primarily as my music workstation, and there are several apps I use that depend on Google Play.
I do have a Pinephone, and I would honestly prefer to use my time to get a matured OS for that.
EDIT: I looked around on PostmarketOS, I did not see anything for the Pixel C? I just saw an external resource on how to boot Linux onto the Pixel C
In the UK I always wonder if it's possible to bring a claim under Part 1 Chapter 2 of the Consumer Rights Act 2015. The goods must be 'satisfactory'. Remove code execution over bluetooth is not satisfactory, even if it only became apparent 3 years later.
Biggest forced manufacturing recall ever recorded in history. VW Group barely hangs on in Chapter 11 because the people for once decided not to accept scapegoating some figureheads in a limited hangout.
Not sure what you're referring to. Chapter 11 is a form of reorganization in bankruptcy in US law.
Volkswagen AG (i.e. the VW Group) is an EUR85 billion German company that - despite the massive fines and recall - has been consistently profitable, with a small loss in 2015 due to the aforementioned issue and earned ~EUR12 billion in net profit last year.
Was it really because of the Consumer Right Act? Part of VW's settlement with regulators was that they had to buy back a large majority (I don't recall the exact number) of the defective cars.
I'm in the UK, and bought an original Pixel directly from Google. The bluetooth daemon would just crash for me rather than being exploitable. I just don't think I have a case - phone manufacturers don't promise security updates in perpetuity. I don't think it passes the test of a reasonable person being dissatisfied.
a legal battle with a phone manufacturer will cost much more than the phone itself. 99% of retailers will say it's nothing to do with them, take it up with the manufacturer. phones are relatively cheap and transient commodities compared to something like houses, where "consumer rights" might actually mean something
”Under EU rules, a trader must repair, replace, reduce the price or give you a refund if goods you bought turn out to be faulty or do not look or work as advertised.”
So, the manufacturer, in the EU, never has anything to do with the consumer, legally.
I think a trader could successfully argue they didn’t advertise the device as secure, that the user didn’t suffer from it or, for devices that are out of warranty, that they don’t need to correct this issue anymore. claiming that it wasn’t ‘faulty’ could be harder, but I’m sure they would try. If a vulnerability isn’t known, is it a fault? Depends on whether its cause was generally known, I would think.
Unless I'm missing something, it's only for 2 years after purchase?
"The legal guarantee covers any defects presumed to have existed at the time of delivery and which become apparent within a period of two years. However, the crucial period is the 6 months after you bought your product:"
That's the absolute EU mandated minimum. Per country it can be stricter. Also, generally businesses are expected to do somewhat better than "the bare minimum that makes you not want to demand your money back".
> a legal battle with a phone manufacturer will cost much more than the phone itself
You'd only need to do it once to set a precedent, and everyone can get their phones fixed or replaced. The problem is that the law applies to the retailer, not to the manufacturer. As I didn't buy my phone direct, I'd have to get the retailer to replace it, and as I went to a high street retailer who is suffering from competition from Amazon etc, and closing branches, it feels bad to give the problem to them.
If I'd bought the phone from the manufacturer direct, from Amazon, or from a phone network, I'd gladly go ahead with the action because those retailers would have enough clout that the manufacturer would care about loosing their business.
I've done it myself and got paid by an intransigent phone retailer relatively promptly after that point. My lawsuit was about a contractual dispute rather than faulty goods though.
The solution is rather simple; buy devices with better documented and open internals rather than what's cheapest, shiniest, and most convenient. There are alternatives, and we all vote with our wallets.
This is like saying "we dont need regulations in meat packing, every individual can become educated in butchery cleanliness and track the supply chains for the products they buy and everything will be better!"
We surely need regulation that demands at least delayed publication of firmware source and hardware documentation, I agree. The analogy to regulation in the food industry is enlightening.
It's easier to achieve regulation when people care and show that they care. It seems to me, voting now with your wallet is one of the most direct ways to make a case.
Voting against the tyranny of the ignorant masses (or just people who also value convenience; or those who can't afford expensive) is a discarded vote. Your pennies are not going to change the world.
Unlike in some political systems, in the market the winner doesn't take all, but rather all receive their votes. Even then, I don't understand the psychology underlying the concept "discarded vote". I vote for what I think is best. To me that is what votes are all about. Is the psychological desire to be part of the winning group responsible?
I think you're taking the analogy of "vote with your wallet" a bit too far. It's not actual voting, or democratic, it just means that whoever has the most money decides. It's not really comparable to a political system of voting (and if you think it does seem suspiciously similar, that probably means that political system is broken).
> I vote for what I think is best.
Maybe you're an exception, but if you're talking about "vote with your wallet", then the vast majority will actually vote what they think is best for their wallets.
I mean, if you're going to let money decide, then expect the outcome to benefit money.
If you know you're voting for a niche candidate that cannot win, then that vote achieves nothing. It amounts to as much as not voting at all; voting, then, is an empty ritual, just a rain dance. Psychological desire has nothing to do with it, it's just hard facts.
Even in an archaic the-winner-takes-all vote, the result reveals important information besides determining the winner. That information can influence other voters, vote options, and the winners behavior.
We’re talking about voting with your wallet. The vendor you pick doesn’t need to “win”, it just needs to get enough to survive. This is why voting with your wallet is much more powerful than voting for winner-take-all representatives in a political system.
I don't think many people are talking directly to their officials about it. It certainly isn't something my local representatives talk about, and the political consultation groups some of my uni-friends now work in definitely don't have it on their radar.
>This is like saying "we dont need regulations in meat packing, every individual can become educated in butchery cleanliness and track the supply chains for the products they buy and everything will be better!"
People say this kind of thing all the time, even on HN. It's a libertarian saw that the FDA is unneccesary and obstructionist. Personally I think it's deranged, but apparently it's an ideological battle that's still being fought.
If you mean "a bunch of relatively new Android phones not getting security updates because their manufacturer doesn't support them", then yes. Apple is actively providing not just security patches but entire feature software updates for the iPhone 6S, which is 4.5 years old at this point.
Yup, that's what I mean. While I do have an Android phone that is patched (Samsung), I understand that many people will be hmm... irritated that this vulnerability won't be fixed and requires them to upgrade. I'd not treat switching to Apple ecosystem as panacea to everything though and would be more for security through audit, not obscurity.
Apple's security is heavily audited in a lot of ways. They give special phones to researchers that make it easier to audit them, and there are significant bug bounties.
There a couple of alternative solutions, from convenient to effort needed :
iOS ecosystem. Since Apple is a hardware manufacturer foremost, you notice from the start you aren’t the product. Lots of apps, many of high quality.
Librem/Pinephone : Linux phones. While the hardware is still closed source in certain parts, it’s a step up from what we have now. Librem allows you to install any linux variant you choose.
Zerophone : Build your own phone basically, very cheap to build ($50) , and currently in development.
To put that in perspective, as far as I've been able to determine Google provided security updates for the 2013 Nexus 5 until November 2018: https://arstechnica.com/gadgets/2018/03/google-ends-major-os...
It's doubtful that any other Android vendor provided updates for longer...
It stopped being listed as having guaranteed updates but it already has gotten at least one more update since then. Per https://developers.google.com/android/images#sailfish there's been an update for the Pixel in December 2019.
It is missing the Jan & Feb 2020 updates that the Pixel 2 received, but it's plausible the Pixel 1 could still get a patch for this critical issue.
S4 here too! The last great flagship, as far as I'm concerned. Removable battery (just ordered another!), headphone jack, microSD slot, USB OHG, HDMI/MHL out, glove-compatible touchscreen, and small enough to fit the hand.
I'm gonna keep these things running as long as I can, because the prospect of replacing them with something a decade newer but inferior in every meaningful way is simply sad.
LineageOS is the only reason I don't loathe the whole Android ecosystem, to be honest.
TBQH I've never been quite clear on what it means to root a device. I just run Heimdall and load the files they specify, plug the device in, and a few minutes later, it reboots into Lineage.
To install LineageOS, it is enough to unlock the bootloader, which permits the installation of operating system images that have not been signed by the manufacturer (e.g. Samsung).
Rooting permits applications to have more control over the device at runtime. Some devices require the bootloader to be unlocked to enable rooting, and others do not.
Buying iPhone makes sense if you're already invested in the whole ecosystem(owning MacBook, iWatch, AirPods, etc.). If you're not part of the Apple ecosystem the experience is less polished when you need one apple device to play well with the rest of your non apple devices.
Full disclosure: I'm very locked in the Apple ecosystem. They do play amazingly well with one another, but I feel like that's not at all their main selling point.
You can appreciate the longevity and continued support of an iPhone without having an Apple Watch. You can appreciate a MacBook for its OS (pre Catalina anyway) and build quality (I'm still running a 2014 model -- though I have read about recent models' issues) without having an iPhone to pair it with. To be fair, you cannot appreciate an Apple Watch without an iPhone at all since it won't do anything, and I'm no the fence about AirPods and how well they do outside the Apple world.
My point is, once you're in the ecosystem, you notice a lot of little things that may make your life easier. Are they great? Yeah absolutely. Are they what sells the product? In my opinion, not at all. Unless it happens to pinpoint your exact use case (I need to lock and unlock my MacBook 30 times a day and I'm tired of having to enter a password, I want my Apple Watch to unlock it), it's the product itself that will most likely convince you. The way they neatly play together at times is just the cherry on top, like when you notice your computer and phone now share a clipboard. That's awesome, but not a single selling point for anyone.
Now, I will be the first one to say: iTunes sucks. So, if you do buy an iPhone, it makes sense IMO to shed out the extra 99ct a month for iCloud storage.
While there are cheap computers that don't last well, pretty much any computer at the price point of an Apple computer will last at least five years, in fact they will probably last several times that. Additionally, Thinkpads for example have full user service manuals and often support users repairing or upgrading parts such as RAM and storage that explicitly maintains the warranty.
That's awesome! I have been using a Linux-running Thinkpad at work for almost three years now and I absolutely love it.
I didn't want my comment to sound like I'm saying Apple does it best. I just wanted to drive the point home that I don't think it's mainly the ecosystem that makes Apple devices fun to use.
As a side note, I wasn't talking hardware that lasts 5 years. We all know most devices on the market now can pull that off, bar one battery-replacement. I was rather talking continued software updates, where iOS is certainly in the lead.
Edit: just re-read your comment and you were talking Apple computers specifically. Oh well :)
FWIW, you don't need to be in the Apple ecosystem to have features like having a secondary device auto-unlock your laptop or desktop. Windows has supported a paired device unlocking your user account for a while now, and it does not have to be a manufacturer specific device. Logging in with devices like Yubikeys is also a supported login method.
That's fair! I guess a side-effect of being locked up in one ecosystem is that you only rarely notice what's happening in others.
I feel like that only furthers my original point though. I didn't want to argue that Apple does it best, only that you can enjoy their devices without being fully bought into the ecosystem.
I knew it was an updated cpu, but what i meant was they keep it going because it is similar enough looking and probably a lot of the parts are the same like the screen and other associated chips within the device.
That would work better mobile phones were anywhere in the vicinity of an efficient market. It's not.
* The barrier of entry is very high: You need a top-tier manufacturing system and supply chain. An operating system. An entire suite and market of applications. All of the apps users expect and rely on (mail, navigation, Facebook, chat, Instagram, etc.) must be supported. The hardware is only profitable if you manufacture at very high scale.
* Information asymmetry is very high. Users have almost no insight into how secure one platform is versus another. In fact, they have access to paradoxical information. The most secure platforms are the ones with the most transparent security flaw handling, but those are also the ones that appear the least secure because the vulnerabilities are more widely reported.
* Products are nowhere near commoditized. A phone is a very large constellation of hardware, operating system, and software features. There is no apples to apples comparison between phones. Maybe you like the camera on one but not the screen on the other. One has better apps but the other a more stable OS.
This is not a market where consumer choice will effectively drive solutions to diffuse problems.
They're all using the same junk SoC's with zero documentation and the crappiest possible level of "board" support anyway. You're actually better off buying a device where that support has been properly reverse-engineered/forward ported and is included in the mainline kernel. (Lots of Allwinner boards are "supported" in that way.) But it's ridiculous that we have to do this.
Also FWIW, the problem has zilch to do with "Android" per se - pre-Android mobile Linux was even worse. It's embedded platforms in general.
I hope you realize that with the exception of freescale, there are no phone and tablet devices where the vendor actually cooperate and does that. Many of the devices that are documented are because of the open source community that actually bother to dig in and do this (without any vendor support).
That means there is no Android or Apple device on the market today that accomplishes what you say.
The only phones that are out there that can do that are the Pinephone and Librem 5. I have beta devices of both, and while I am extremely excited to see them mature and turn into daily drivers, the fact is neither can actually be a daily driver today.
The closed source modem, or network firmware for that matter, isn't much of a problem if it can't see clear data and/or access to system memory or execute instructions.
I'd see it more of a black box not unlike old RS232 connected modems: they could see all data going back and forth, but encrypting that data would be enough since they could never access the system memory to see the data before encryption or after decryption. Librem 5 and Pinephone should work along these lines. Having everything 100% open would be better, but in this case being closed doesn't create security concerns since all personal data is unavailable to these subsystems; only the main system, which is entirely open and where the user is king, can access them.
There aren't any, unless you go second hand. LOS and nearly all custom ROMs are aiming at widespread, mostly high end devices, which is one of the big problems.
If I have $200 to spend on a phone, I will not buy a low-end 2019 $200 phone.
I will buy a used (or new-old-stock) flagship that was $700 when it came out a few years ago, and is now $200 on the used market.
The older flagship will have similar specs to today's low-end junk, but also all the enthusiast support, better accessory availability, and probably better build quality overall, because it was originally intended to be the highest of the high-end.
Flagships have the most idiotic designs though, as far as I looked around. Low-end current year $200 phones often have removable batteries, headphone jack and dual sim support. Flagships typically have none of that.
Get a used Galaxy S5, should cost less than $100. Has an oled screen, so switching ui to dark mode saves battery. Has a headphone jack and removable battery. Runs Android 9 via LineageOS
My understanding is that each android phone model is unique and requires unique OS update (unlike, say, BIOS- or UEFI-based x86 PCs, where exact same Windows/Linux/BSD/... image can be installed on any of them).
Having a "standard" OS interface for the phone, where there is just one OS image for a given OS version, and that image could be installed on any phone - now that would be the true alternative, which I would be delighted to vote for with my wallet.
> Having a "standard" OS interface for the phone, where there is just one OS image for a given OS version, and that image could be installed on any phone
Project Treble is working towards this, in a way. But it's a huge hack that's still dependent on lots of weird AOSP-specific stuff, and doesn't even give you a "single" OS image for every device - the "proper" image for your device varies by baseline AOSP support (7, 8, 9, 10), "A" vs. "A+B" boot and of course 32-bit vs. 64-bit architecture. Nowhere near "UEFI-based PC" territory.
> My understanding is that each android phone model is unique
Sure, but each PC is also 'unique' in that sense, in fact I'd happily bet that there are more different kinds of hardware combinations for PCs than there are android phone models. And yet, that never was a problem.
Plug-and-Play and then ACPI have been used to get around this. Hardware discovery just doesn't seem to be a thing on these embedded SoC platforms, and even the hardware support itself (drivers, etc.) is extremely sub-par if you expect to run the ordinary, mainline kernel.
Even before harware discovery and plug-and-play you could do this by simply specifying what hardware you had or by 'probing' the hardware for presence of certain characteristics (this wasn't always fool proof). The hardest parts were when interrupts were still selected with jumpers rather than automatically enumerated.
8086 has 256 IO addresses, and hardware of that era had fairly simple initialization, so completely naive way to find peripheral X was to 'probe' each and every possible IO address with something like:
for i in range(256):
poke(i,magic1)
if peek(i) == magic2:
found!
256 probes in all is not that bad, and real-world probing would only try a handful of commonly used addresses, making it even faster.
Phone SoCs on the other hand have many peripherals memory-mapped, (meaning there are millions/billions addresses to 'probe'), plus there are things like power sequencing, GPIO enable lines that need to be asserted, and clock-sources configured before peripheral would even respond at all. Oh, and that GPIO, or power controller, or clock source themselves might be accessible via an i2c chip speaking its own protocol, so you need to initialize those first, etc, etc.
All of this complexity could be described via linux "devicetree" subsystem, and devicetrees are in a usable state for some hardware (although DT itself is often a labyrinth to navigate). Thing is - factory software for most phones have been extremely slow to adopt DT, and even some that do use DT, don't do it in a particularly portable way.
I would only buy a device running Android One, because they receive monthly security patches and new Android versions for up to 3 years.
The current options include all Nokia smartphones, Motorola One line, and Xiaomi Mi A line.
For the best hardware and 5G support, I would look at Nokia 9.2 (Snapdragon 8--) and Nokia 8.2 (Snapdragon 7--) releases this year.
The best deal is to buy 6 months after the release, when most Android devices become heavily (30-40%) discounted, but are still quite new.
I prefer Android over iOS because of the freedom to install open-source OS-level ad-blockers, such as Blokada[1], which greatly improve privacy and battery life.
Note that "Xiaomi Mi A" devices are the only ones that are similar to Android One. Most Xiaomi devices have a custom UX and additional weirdness. (Among which is the need to "sign up" online for bootloader unlock and wait for a timeout period. They do this because resellers used to ship bootloader-unlocked versions with "unofficial" mods of sorts, often with customers being none-the-wiser. Not an issue on the 'Mi A' line, for whatever reason.)
> Most Xiaomi devices have a custom UX and additional weirdness.
That's true. Just like Samsung, Huawei, OnePlus, and any other Android manufacturer except Nokia, Xiaomi maintains its own Android ROM, called MIUI[1]. It's not as vanilla as Android One, but at least it also receives monthly security patches.
> Among which is the need to "sign up" online for bootloader unlock and wait for a timeout period. They do this because resellers used to ship bootloader-unlocked versions with "unofficial" mods of sorts, often with customers being none-the-wiser. Not an issue on the 'Mi A' line, for whatever reason.
It's not an issue with Xiaomi Mi A line, because Xiaomi's reputation is not affected as much if there is something wrong with a smartphone that is not running its custom ROM.
Nokia has only recently started allowing to unlock the bootloader of some of the models, and has a similar process[2].
According to Nokia: Unlocking a device means you may lose some of its functionalities, including – but not limit to – telephone, radio, audio, video, payment, encryption and DRM.
Why would that break the ability to make phone calls though? Unless they mean now you have the capability to break it, not that unlocking it may break it
Some options, from less effort to more effort :
iOS ecosystem.Since Apple is a hardware manufacturer foremost, you notice from the start you aren’t the product. Lots of apps, many of high quality.
Librem/Pinephone : Linux phones. While the hardware is still closed source in certain parts, it’s a step up from what we have now. Librem allows you to install any linux variant you choose.
Zerophone : Build your own phone basically, very cheap to build ($50) , and currently in development.
I can attest that my Pixel 3a received the February update as soon as it was released directly from Google, and I have been overall very happy with this phone. Pixel 3a is the cheapest yet (IMHO) best Pixel phone on the market. It is guaranteed to receive OTA updates and security fixes until at least May 2022: https://support.google.com/nexus/answer/4457705?hl=en
If you don't expect to lose sleep over third party apps (such as Tachiyomi for comic reading) then iphones are spectacular. You won't have as much customization but the experience overall really does explain why Apple is so profitable. Otherwise, Samsung for MST payments. You'll still want a wallet/clip, but there's been more than a few times I forgot my wallet and MST saved me from a wasted trip to the market.
I switched from Android to iOS when my last phone (samsung) stopped getting updates. I miss a couple things: a good adblocker, and the Swype keyboard. I setup a pi-hole at home to take care of ads when I am there, but the iOS swype-equivalent keyboard is nowhere near as good as the real Swype keyboard on android.
Can you name one smartphone device with open internals? I'd love to buy one, but I don't think they exist. From Replicant's recommendations [1]:
If compromising on privacy/security is not an option, or anything serious is at stake (e.g. political activism or journalism in a sensitive area), it is advised to avoid using a telephony-enabled device at all.
My impression from the smartphone market is that phone platforms have become less open, not more, over the last ten years. The PinePhone isn't generally available yet, and the Librem 5 current iterations don't have working audio calls.
Openness isn't binary. One significant step is support for the mainline Linux kernel. Another significant step is free information about the hardware on a high-level, such as PCB schematics and documentation about the used chips. Here are some projects that I'm aware of:
That solution is also rather terrible. We need a better solution than "vote with our wallets", I'm not prepared to give disproportionate voting power to those with disproportionally more money. Because money does not make one more right, more qualified and most definitely not more likely to make a decision that is fair to everybody.
"Voting with your wallet" only leads to good outcomes if the incentives are right. I mean it's money, the VAST majority of it is spent not for the greater good but for small, inefficient egotistical purposes.
At least there is the mitigation that it isn't exploitable unless the device is scanning for new devices to pair with, at least by my reading of the reports I've seen.
Phones are not usually in that state unless the BT settings screen is open. Otherwise it would drain excess battery in normal use.
Consider this: if I remember correctly somebody on HN was saying that in these days the average time from releasing a patch and exploit found in the wild is 4 days.
Consider that the patches hit the open source code a lot before they are deployed.
Consider that beside Google, any other Android phone manufacturer take around a month before releasing the patches even on current models.
If your OS is open sourced, the question is: how long does it take from the time the patch is discussed in open places (ex: mailing list or bug trackers for patch approval) and when the patch is deployed?
Where can I buy a $200 apple phone? And how do I develop software for it without buying a $1000 macbook? Oh, and I have to pay $100/year for the privilege of being able to develop software for my own hardware, right?
Buy a $400 device and hold onto it for a few years. The android device needs to be replaced every 2 years and subjects you to misery for the last half of its life.
The old iPhone is going to work as well as, if not better than, a new android device - Apple tends to be about 5 years ahead of Qualcomm in performance, and they actually service their devices. My mom is using my iPhone 6S from 2015 that feels about as snappy as my 2018 XR. And that feels snappier than a pixel 4.
Very few people are software developers so the Mac req to develop is a non-issue.
My phone is older than that, and it's working perfectly fine. It's still getting updates, too. No idea what you're talking about or where you're getting your information from, but it's clearly wrong and biased. Makes sense I suppose, when you've spent so much money to buy into the apple ecosystem you just can't help but defend it.
Not disingenuous at all. Apple themselves removed the VLC app from the App Store[1] because the GPL is not compatible with their terms and conditions. Apple will also reject applications if they're made aware that they're GPL.
Right, but the terms of the licence that VPL itself adopted forbids VPL from making its own software available in the App Store, given the known restrictions.
How do I send this software to my friends without spending a ridiculous amount of money? I don't have a mac, so I presumably would have to spend (at least) $1k to buy one first. That's already $1k more than I ever spent on developing for android.
And then, to actually develop software, I would have to work on this mac operating system. I don't know who came up with their keybindings and shortcuts, but it's an absolute inconsistent mess when compared to any other OS. Whenever I have to touch a mac to assist a coworker it's utterly frustrating.
> The industry forces us to throw away perfectly fine hardware after just 3 years or so.
Possibly because of things like this; when a vulnerability isn't going to get patched, churn (with new hardware running newest OS) protects the ecosystem against mass-compromise.
We can bemoan the lack of patches, but who's paying for the patches?
When you can make a ridiculous profit on a flagship phone and sell it for $500-700 (say, a OnePlus, for a good example), but they sell it for $800-1400 (Samsung, Apple, et al), then what am I paying for? It's supposed to be for better support and a smoother experience when things go wrong.
You know who has historically stabbed me in the back the least? OnePlus. I'm not going to say it has been perfect, but for a phone I spent $550 on, they've screwed me far less times than other alternatives would have.
So, we are paying for the patches to be delivered on a meaningful schedule for more than 3 years. I seem to be getting it what I paid for, and you don't.
There is something massively wrong with this picture.
I agree with you that it is a shame that perfectly working hardware is left highly insecure after just 3 years (that is actually worse for some other manufacturers).
The worst part is that people keep using the phones because are not tech savvy or grossly underway the risk and they do not feel that they need to spend money on a new phone.
You can shorten 3 years to 1.5 for typical Android vendors (i.e., Samsung) and maybe extend it to 4 or 5 years for Apple. There is a marked difference in the two ecosystems' approach to support for older hardware.
My OnePlus 3 phone just got its last security patch and is now out of support from the manufacturer.
I use bluetooth constantly for my smartwatch and headphones.
I think it's time for custom firmware just because of this.
Goodby banking apps and Google Pay, because apparently a newer but unofficial OS is more insecure [1].
I bet it's not particularly true that most bluetooth headphones support wired analog audio. It may have been a few years ago, not now that the most prominent use case is phones.
The problem is, that it's hard to find an otherwise good phone with a jack. Want good photos, lots of storage, fast cpu, and a good screen? You need a flagship phone. Want security updates for stuff like this now? You're either stuck with Pixel phones or Samsung galaxy S? ones (or iphones)... pixel doesnt have one anymore, galaxy s20 is rumored it wont have one, and iphones don't have one.
I was wanting a phone with a headphone jack but the only one that fit my needs was an LG handset that cost $900 and wasn't supported by ATT. The Galaxy Note crisis and general dissatisfaction with a previous Galaxy ruled out any of Samsung's phones for me. On the other hand the OnePlus 7 Pro was only $499 with everything else I needed in a phone - except a headphone jack.
Maybe I hadn't looked hard enough. But my thought at the time was for my needs I'd have to spend $400 more for a headphone jack on a phone I might not be able to use with my carrier.
I ended up getting the 7 Pro and use a dual headphone/charging adapter. I hate it and wonder what the market has come to if they feel we should put up with this. But that's the tradeoff I chose.
My dream phone is one without the rounded corners or curved screen, an SD card slot, a decent camera (at least Pixel XL quality) and a headphone jack.
I should also mention it's a miserable feeling to think that a standard as hideously broken as Bluetooth is here to stay because it's won out the short distance wireless connection space and there's no going back and retrofitting the billions of smartphones that will be forever fitted with Bluetooth until they're thrown out.
I solved the camera problem by buying a good dslr. Sure I don't always have it on me and then have to do with my substandard phone but the pictures I do take with the dslr are the ones worth printing and will be the ones I'll still look at when I'm old. The phone camera is more for updates and showing friends and family funny but disposable stuff.
It's a compromise i'd prefer not to be forced to make but it's the best solution atm imo.
Xiaomi Note series have FM radio, 3.5mm jack, infrared (make do remote control), 4 lenses (macro, telephoto, and wide angle), and comes at around €225 for 128GB/6GB one. There is no android security update recently, and the current is Nov 2019. But they regularly send security updates unlike other Chinese brands.
I've been looking to get the new galaxy a51 when it comes out in a week or so as a good mid-range phone, and they've removed the jack on the new a-series phones as well.
Pretty soon it will just be one or off brands and the occasional weird model that have them (if it's not already to that point).
samsung s10e is the only phone that checks all those boxes and its also the only "small" phone too. I always said I would never buy a phone without a headphone jack or a notch but i made an exception for the s10e since its a punch hole and spent really take away much screen space.
but the way things are going I can't see a phone like this ever being made again. so ill be using this for the foreseeable future and will probably have to start using a custom rom in a few years
Recently the wire of my regular ear buds gave up (as they do) and, since I had gotten some BT ones, I decided to use them. They're Jabra Elite Sport, which got good reviews from what I can recall.
They're dropping out like crazy. It's seldom to get an entire minute of music without a small dropout. The area around the bus stop at work is particularly bad, with sound drops every few seconds until I get away from that area.
I upgraded the firmware and it got a bit better, but still pretty poor. If I hold the phone in my hands and keep still it's usually ok, but as soon as it goes into my pocket, all bets are off.
I don't miss the cable tangle, but I miss being able to enjoy music.
Crazy. I paid $25CAD for cheap Chinese-brand behind-the-ears headset (Suicen AX-698) and dropouts are very rare for me. Happens occasionally - usually when I'm on the road and a truck goes by - I assume some of those have very chatty RF devices. But still, generally very rare. When I'm at the gym working out they never cut for me.
Frustrating reality of modern purchasing - buying the "expensive" one often gives you something not substantially better than the cheap Chinese junk.
That said, I’m happy with my AirPods and Beats, which are on the expensive side. The custom Bluetooth chip is certainly more seamless than regular Bluetooth.
>They're Jabra Elite Sport, which got good reviews from what I can recall.
>They're dropping out like crazy. It's seldom to get an entire minute of music without a small dropout. The area around the bus stop at work is particularly bad, with sound drops every few seconds until I get away from that area.
I would suggest reaching out to Jabra, as the symptoms suggest a faulty pair. Furthermore, these buds came with an extended 3-year warranty, albeit it was for failure as a direct result of perspiration.
I use mine the with an iPhone, and also tested them with an older Android phone with Bluetooth 4.0. The firmware is on release 5.6.0 (6th November 2019). Although, my pair doesn't suffer from the same issues as yours. However, I have had some issues with the battery life e.g. Jabra Sport app and real world usage does not tally and the battery life of the buds also deteriorates by 10% or more, by just sitting in the charging case, if not used daily.
I am probably adding to the pile of fanboyist Apple blah blah but I honestly think my AirPods are the single best tech purchase I have made in the last 5 years. They took away so much hassle and work exactly like I would expect.
AirPods are one fine product for daily casual use. Obviously they aren't going to meet an audiophiles demand at $150 but AirPods Pro might even be enough in that case.
My AirPods drop out at the rate of once a month or something. When it happens it's a quick fix and they have been nothing but convenient otherwise.
Would never use wired headphones again unless I am trying to analyze a Beethoven piece.
I seriously doubt the audio quality of AirPods Pro are any good from an audiophile perspective. I have no way to test without buying them but I have heard both the new macbook pro 16 laptop speakers and the Sony WH-1000XM3 noise cancelling headphones described an incredible sounding by the same people who say Airpods Pro sound amazing. I happen to own both and.... the MBP sounds like my grammas alarm clock radio at best (I'd give it a 2.5/10) and the Sonys are maybe a 7/10. They are decent but way too boomy and the Q in the EQ controls provided in the app don't provide enough granularity to fix it. I feel like we've really devalued certain words in the past decade or so. Everyone speaks like they work for marketing now.
> I feel like we've really devalued certain words in the past decade or so.
For sure.
> Everyone speaks like they work for marketing now.
Maybe we're so inundated that we've internalized it? A semi-related thing I've noticed: when people talk about movies now, it's never "oh I liked it, it was neat" or "it was sappy." Everybody talks about the cinematography this, the character arcs that, did you see that tracking shot??
It's weird to see the "inside baseball" aspects of movies/music/storytelling/etc creep into random conversations.
Hm, I just cant get used how airpods look like while people are wearing them. Like they would stick cigarettes into their ears. Anyway, I prefer over the ear headsets, they just sound better (currently at Sennheiser Momentum, sometimes on cable, sonetimes on BT).
Because in general, BT headphones are great and I understand that people love them. But Airpods are not among the better ones in my experience. They drop out more than my other BT headphones, and the fact that they have no volume control is just unbelievably stupid to me.
My wired buds pop out if I do anything more than sit still while listening with them. Any other activity I'm bound to accidentally karate chop the cord out of my ears. Or they catch on something. It's quite a bad experience.
I didn't think BT headphones were worth anything until I tried them. They are surprisingly liberating for someone active like me.
For the same price I’d recommend buying he latest $30 ones every year for the next 4-5 years. You’ll get better battery life, eventually Bluetooth 5.2 with lowest latency (sends directly instead of rebroadcasting to the other ear), and probably at least one Bluetooth revision beyond that adding true stereo support during microphone use.
If we’re talking AirPods Pro you could buy new $30 ones each year for the next 8 years, but atm nothing out there seems to compete with transparency mode while still having the fit of a silicon tip and no sealed in feeling/internal pressure noises.
For me I'm not going to spend a lot on any until the latencies are good enough for gaming, along with stereo while using the mic, and will stick to the cheaper ones until then.
Have the same-ish, and it's pretty interesting. I think the BT communication is from phone to the right earbud, then something else (likely on 2.4GHz too) from right to left earbud.
When I switch on the office lights, enter the lift, open the fridge door (light again) and similar things, the left drops out briefly (on the order of 100ms).
Yeah, when I walk through the theft detector at one of my regular grocery stores, my left earbud falls out as I pass through the magnetic field produced by the detector.
It makes some analog radio noises when they fade out and back in, so clearly something entirely different from BT.
The right earbud plays music as normal through it all.
Maybe try a different set. My AirPods haven't dropped connection a single time I've used them. They connect immediately, and to drop the cliche, just work.
Well yeah I've been thinking about it. But shelling out for some with decent sound only to find that they also suck would really be a bummer, so I'm tempted to just go back to wired.
When I lived in Moscow, there was a bit just outside of my metro station, a radius about 10 metres, where my bluetooth headphones would just stop working. Absolutely bizarre.
The problem is bluetooth is in year 26 or so of alpha testing and wires are extremely reliable. For example, HTC appears to be unable to ship a working bluetooth stack.
Thanks for the heads-up that these have a firmware update available. I bought them because reviews suggested they were the best earbuds available other than AirPods and I've had all the same problems you describe, it's awful.
I don't miss it as well, though that's because I refuse to buy anything that doesn't expose analog out. The 3.5 jack is certainly not the best engineered piece of hardware and is prone to failure, but that should be rather a motivation to produce a better one than an excuse to remove it.
BT latency is annoying enough when listening to media. I'm used to pressing the pause button and having the audio stop promptly, with no perceptible delay. The video desync (if applicable) can also be very annoying.
That's odd, I have literally never experienced that before. What kind of setup are you using? I just tried it now, thinking maybe I just never really paid attention to any play/pause delay when listening to music or watching videos. Nope, it's pretty much instant as far as I can tell. I'm using the AirPods Pro and had Gen 1 AirPods before that -- can't recall ever having that problem in the past 3 years.
Not GP. It really depends on the device in my experience. My Denon system has seconds of lag over Bluetooth, enough to even make the volume slider on the phone annoying to use. On the other hand, my wireless headphones from Sony have as far as I can tell zero discernable lag. Both used from the same Android phone.
Could be the codec they are using. AptX LL is the best for latency as far as I know, but not all headphones support it, and you have to go into developer options to change it.
The Denon system might be using LDAC which is higher quality, but sacrificing latency.
Latency is why I'll never "upgrade." I have a pair of Bluetooth earbuds in my gym bag but my backpack has wired earbuds because sometimes I produce music on my laptop. Doing so with Bluetooth latency might not be impossible but it'll be the closest thing to it.
And since I don't wanna carry two pairs of headphones around my phone needs to have a headphone jack.
I do play (fast) games and don't perceive any latency. However, the number of devices I can connect to my dongle is two; when I add a third, the audio starts to crack.
Serious question: do people play mobile games where a slight latency would matter at all? Or are you talking about the overall immersion that goes missing?
As someone who only ocassionally uses audio from my phone, the big problem is airplane movies.
Playing the movie is going to use enough battery that I'd like to be plugged in. The dongles are easy to lose. I don't have a set of bluetooth headphones that I use regularly, so I got a pair at the airport, but i need to remember to charge them, and they also don't last for the whole movie. Also, everybody using bluetooth probably contributes to the janky streaming in flight.
The removal is fine if you generally buy high-end equipment. However, my phone still has one because I have a cheap phone and I don't know what I'd do without the headphone jack. I can use wireless earbuds (which are admittedly nice) for most of the day, but they die and I like having a physical connection. This is especially true of, say, long flights. I also like having a backup pair, but backup pairs of bluetooth earbuds are very pricey.
I quickly realized the value of the headphone jack the last time I had to turn my device to Airplane mode and realized I couldn't listen to any music on the plane using my wireless earbuds.
Fortunately, my aging GS8+ still has a headphone jack, and I had a pair of analog headphones in my travel bag.
Nope Bluetooth is ok during a flight.. from the FAA:
> Passengers will eventually be able to read e-books, play games, and watch videos on their devices during all phases of flight, with very limited exceptions. Electronic items, books and magazines, must be held or put in the seat back pocket during the actual takeoff and landing roll. Cell phones should be in airplane mode or with cellular service disabled – i.e., no signal bars displayed—and cannot be used for voice communications based on FCC regulations that prohibit any airborne calls using cell phones. If your air carrier provides Wi-Fi service during flight, you may use those services. You can also continue to use short-range Bluetooth accessories, like wireless keyboards.
https://www.faa.gov/news/press_releases/news_story.cfm?newsI...
Airplane mode has two reasons. One reason is because at one point your cell radio risked doing unpleasant things to cellular ground stations, and another reason being that the FAA wanted you to pay attention to your safety demonstration.
Bluetooth was allowed on planes quite some years ago.
Another reason to turn on airplane mode – or at least disable mobile – is that your phone will keep searching for a network tower when it's out of reach, which will drain battery quite a bit faster.
I thought I’d be using the adapter but my Apple headphones that come with an iphone are collecting dust for like two years now since I got AirPods. Not going back, couldn’t care less about headphone jack. Now I wish charging port was gone too now just to push the industry even further.
Phones already support wireless charging. Why remove wired charging because you don't use it? It is harder to use a phone while it is on a wireless charger vs use a wired charger.
There are enough external peripherals (external microphones, HDMI output, etc.) that are useful that I hope they don't get rid of the lightning port for quite a while.
When did the "music industry" start formally steering commercial audio PHY standards?
Characteristic impedance alone is all over the map, Apple apparently couldn't align its 3.5mm jack pinout with the rest of de facto industry, and form factor is just one of many inherent market differentiators.
My fuzzy recollection is that the "analog hole" stuff was mostly pushed by Hollywood with respect to getting around encryption on DVD and streaming video (as opposed to music, where similar encryption schemes were foiled in the market by CD and MP3 already being good enough, if not outright superior to the "modern" formats), and that with the advent of HD content they eventually settled for analog outputs being limited to SD resolution.
Wait until they find out that audio can be reproduced with little or no generational loss, because there is always an analog signal (since that's the point of audio).
I think phones are also relatively hardened so the attack surfaces are not super convenient.
Bluetooth: get in reach of an attacker (and from another comment: have your device searching for bluetooth devices)
Web-stuff: if a patched browser doesn't help you are still relatively safe browsing all the non-infecting websites in the world.
file-stuff: you have to be stupid enough to open files, on your phone, from phishy mails (unless you are targeted they are always suspiciously generic, even when spreading from a hacked acquaintance )
I guess if there was a vulnerability where you could remotely gain full control over a phone without any action on the phone side you'd indeed have phone botnets. Looks like there are no such vulnerabilities.
Take what I write with a grain of salt, I'm actually just a noob trying to make sense of this, too.
The stagefright stuff was never fixed for most people I'd bet, it's just odd that no one's just decided to try to take over a billion phones. 90% of them don't seem to get monthly patches in a timely manner/at all, or are so old there's no patch anyway.
Gotta say, having worked with the Android Bluetooth stack, I'd be surprised if there weren't lots of serious issues like this. The handling of pointers in there is often both clever and not helpful.
Which priviliges is that? Can it access user data? Snoop on input/output?
> For some devices, the Bluetooth MAC address can be deduced from the WiFi MAC address
So if wifi is off, I'm safe?
I have bluetooth on all the time, because it automatically pairs with my car for cellular and audio, and turning it on and off would be a hassle. I rarely, however, use wifi unless I have to download a very big amount of data, which is almost never.
> Hi, the Bluetooth daemon is a process on the Android system that runs in the background (daemon) that is responsible for managing the Bluetooth controller and handling of various Bluetooth related protocols, such as HCI, L2CAP and GATT. As it has to process attacker-controlled input it is susceptible to attacks. In addition, it has to run with high privileges (not as ‘root’ like on Linux) to support features like:
– file transfer => read files
– share Internet connection => configure network and VPN
– Human Interaction Devices => emulate keyboard and mouse
No, the connection packets can still be sniffed from the air once your device connects to your car. Then the attacker knows your mac address and can initiate the exploit.
> As soon as we are confident that patches have reached the end users, we will publish a technical report on this vulnerability including a description of the exploit as well as Proof of Concept code.
It is likely to be a long time to never for most Android phones to receive patches for this :-(
It's exactly this type of reason that I'm excited for the Librem 5 and PinePhone. I don't use many apps, and I value security updates, so using a community supported phone based on standard Linux sounds a lot more appealing to me than getting another Android phone. My current phone is an Android One device and so should still be getting updates, so hopefully I can stay reasonably secure until those phones are usable as replacements.
I hate to say it, but it seems like only a large-scale worm outbreak that gets media coverage would be enough to fix the utterly broken Android patching landscape. From the description, this appears wormable (especially in crowds and possibly in vehicles). And unlike other wormable vulnerabilities that go through a service (like Google or even the phone company), this is just two phones with no intermediary to protect devices.
> only the Bluetooth MAC address of the target devices has to be known
Android has a feature of "Bluetooth scanning" to improve device location (similar to Wifi scanning). I'm not sure, but even if Bluetooth is disabled in the menu, this might still activate Bluetooth occasionally and perhaps reveal the Bluetooth MAC to the (nearby) world?
It says "Bluetooth scanning —
Let apps use Bluetooth for more accurate location detection, even when Bluetooth is off."
I doubt it makes the device discoverable though.
> Keep your device non-discoverable. Most are only discoverable if you enter the Bluetooth scanning menu. Nevertheless, some older phones might be discoverable permanently.
Does this mean your MAC address isn't visible while on, non-discoverable and connected to a BT device?
Are you sure? I know they keep some WiFi on, but I didn't think there was much location value in bluetooth signals because most bluetooth devices people use are portable (headphones, cars, etc.)
Judging by the three commits added by the android-9.0.0_r53 tag in the platform/system/bt android subcomponent, the vulns seem to be UAF + OOB write. All vulnerabilities thus belong into the class of vulnerabilities that safe Rust eliminates.
It's an 8-bit counter... just allocate a fixed 256 entries and be done with it. That reads like code written by people without any embedded/low-level experience.
Keeping code simple and without unnecessary abstraction is a far more valuable skill than $safe-language-trend-of-the-day.
As someone who both writes C and Rust I don't think the two contradict each other. Rust is very nice to write stable, fast and well tested libraries in that can interface with C code in.
Learning Rust and with its concepts improved my C code. Even if Rust would vanish over night I wouldn't regret learning it.
It's a valuable skill for sure, but there apparently isn't enough people with this skill on the market, which is why $safe-language-trend-of-the-day is being developed and gains momentum.
> there apparently isn't enough people with this skill on the market
Judging by the number of memory vulnerabilities found each year in mainstream operating systems (which are developed by some of the best programmers around), there aren't any people on the market with this skill. This is very likely because all programmers are human beings.
Manually managing memory isn't difficult, it has been proven to be practically impossible. I wouldn't care if it were Linus claiming otherwise, it's ignoring incredible amounts of evidence to the contrary and is much like flat-earther.
How long must a language be around and prove it’s staying power before people will stop brushing it aside with the “$safe-language-trend-of-the-day“ quip? 1 year? 2 years? 5 years? 50?
How many people must use it? 1k? 10k? 100k?
It’s pointless to argue with someone who throws Rust into that category at this point because it means nothing. It’s a slight to allow them to feel ok, that eventually this language too will pass, and so it will be ignored.
People who know how to do that are expensive, and they still make mistakes. Rust enables junior-level JavaScript programmers to write kernel/bare-metal level code without fear of making these kinds of errors. If you've spent a career programming in C and you're complaining about Rust, you're right. Rust isn't for you, it's for your replacement.
"Rust enables junior-level JavaScript programmers to write kernel/bare-metal level code without fear of making these kinds of errors. If you've spent a career programming in C and you're complaining about Rust, you're right. Rust isn't for you, it's for your replacement."
That's a pretty silly thing to say.
Writing code that doesn't crash isn't the hardest thing about writing low-level code. Sure, it's a problem, even an important problem, but there's a ton of other knowledge that no JS developer would have.
Unless by "write" you mean write 2 lines per day with lots of searching in-between that has to be thrown away in the end.
The way I see it it: With C/C++, you have to to have a team of 5 senior devs, and they have to cross-check each other work all the time. With Rust, you could have 1 senior Rust dev, and 4 junior devs, and they would arrive in a better place anyway, just by the virtue of compiler doing 90% of the boring checks and tutoring.
You can't build a quality project only with juniors supervised by a senior no matter what technology you use. This is such a common programming fallacy, it's surprising to see it here.
Good programmers are expensive. The notion that better tools are going to change that is naive.
Rust is good. Use it for things. But the idea that it can let people who don't know what they're doing write secure code is dangerous. For example, what does Rust do about Spectre? Does your junior-level JavaScript programmer know how to address that? What about other timing attacks, or knowing which crypto to use in which context?
> Rust enables junior-level JavaScript programmers to write kernel/bare-metal level code without fear of making these kinds of errors
I've used Rust for a while, and this isn't really true. At the lowest level you still have to build good abstractions with judicious use of `unsafe`. It also comes across as incredibly hostile, you're not doing Rust any favors with this.
Can't see how that can be.
Only a small minority of programmers can code low level systems. Only those that truly enjoy it, go through the pains necessary to have adequate grasp of it.
> If you've spent a career programming in C and you're complaining about Rust, you're right. Rust isn't for you, it's for your replacement.
LOL, I wish. I've been told I was going to be replaced every 5 years for the last 20 years of my career. I fucking wish they did so I could finally retire but I keep being given money and cool problems so I stay waiting for this fangled replacement who will come and take my job.
If by "write kernel/bare-metal level code" you mean blinking an LED, sure. Writing low level doesn't have to do anything with C or any language for that matter. It requires a deep understanding of the architecture that you're writing code for. Junior JS devs don't have enough experience or the skills to do that.
I appreciate this comment, because it demonstrates a solid approach to simplify the code.
That said, regarding:
> safe-language-trend-of-the-day.
I agree that rust advocacy can sometimes be a bit misguided and over-enthusiastic - however how often is an out of bounds write not a bug (or a too clever by far hack)?
We've had pretty efficient ways to deal with this in c like languages for a long time (eg Pascal, Ada).
(c-like in the sense of being relatively low-overhead, close to the hardware wrt memory layout etc).
> It's an 8-bit counter... just allocate a fixed 256 entries and be done with it. That reads like code written by people without any embedded/low-level experience.
I guess you are talking about the first commit I linked. The problem here seems to be that some events of the kind HCI_READ_RMT_EXT_FEATURES_COMP_EVT can be shorter than the assumed 13 bytes. The code contains no check for that and if the events are shorter, it would read data from after the allocation. It would use that data to index inside arrays, etc.
Now, if you just allocate a buffer of 256 entries but don't do anything else, it wouldn't read data from outside the allocation, yes, but it would still read uninitialized data, as nothing would be written after the end of the valid data. That uninitialized data could e.g. come from previous freed allocations. This would hardly be an improvement. You'd have to allocate and zero-initialize it, and then you'd still have the problem whether zero is invalid data or part of the allocation... Even if code would figure that out, it would be extremely smelly code and I'd never merge it in any projects I maintain.
The approach done by the patch to just check the length is much much better. The length is sent as part of the event.
> Keeping code simple and without unnecessary abstraction is a far more valuable skill than $safe-language-trend-of-the-day.
This code almost directly maps to the bluetooth host controller interface which is part of the published Bluetooth standard. So you can't change the core concepts of it. There are a few abstraction layers which copy the data for some reason from a new/delete managed hidl_vec to a malloc/free managed array (check hciEventReceived function in hci/src/hci_layer_android.cc). Yes, I'd say that some of those layers are indeed unnecessary. But those abstraction layers are not where the vulnerability occurs. It occurs in the code that parses the message, and the bug is that the code does not check the length of the input data. This is a classic bug that can occur in C/C++ codebases.
Safe Rust prevents OOB writes/reads by performing bounds checks when you index into a slice.
The issue with languages like C is that verifying that code is safe is extremely hard, even harder than writing it in the first place. This codebase seems to have not been written by Google but by Broadcom, so Google would have to verify whether what Broadcom wrote is actually safe. With Rust, such verification is easy. If your code makes little use of unsafe, and most code doesn't actually have to, it's easy to verify its safety (at least for the classes of bugs that Rust eliminates). Due to the strong typing, other types of bugs are made harder to write as well.
Just in general, you can never take for granted the length of the data you're referencing via a pointer unless you absolutely control the whole input path and it's amazing to see that happening in code written at this level
This is userspace code, it's a legit point to criticise use of a memory-unsafe language here. It's 2020 after all, 24 years after "Smashing the stack for fun and profit" and 24 years into the golden age of C exploits while safer practical systems languages have existed. And also a legit point to promote Rust, even if it's a little too new for this codebase.
The transition in perception of UNIX and C from being buggy, inconsistent, foot-gun-laden corporate messes to being treated like the immutable ancient ways has certainly been a trip.
Sure but until someone demonstrates at least a basic PoC using Rust to replace some Android C code, suggesting that it can is just speculation at best.
I'm certain that you cannot simply drop-replace an Android OS component with a Fuschia component.
My point is, of course Rust is a memory safe language, and of course it would theoretically prevent overflow exploits, but throwing in "you should've used Rust" when this news is announced isn't helping anything. I am certain that Android devs are at least aware of Rust and it's benefits.
> I am certain that Android devs are at least aware of Rust and it's benefits.
There is still not a single Android ROM component that's written in Rust. Cuttlefish uses crosvm which is Rust based, but it's a VM for Android testing rather than a ROM component. So they aren't even ready yet to experiment with shipping small components in Rust. Same goes for Chrome btw, it currently has a "no Rust allowed" policy, which is IMO very sad.
So yeah I think it's worthwhile to talk about why AOSP doesn't have Rust components yet, especially as patching is sadly not available (yet) for most deployed devices. Large fleets of devices will have the bug for eternity. Therefore, prevention of vulnerabilities becomes even more important, which Rust helps doing. Your program won't be free of them, but as I pointed out above, these bluetooth vulns fall into the class that safe Rust eliminates.
I've said nowhere that all of Android should be written in Rust. I've only said that had this specific component been written in Rust, the issues wouldn't have shown up. Of course the code base is old and predates Rust.
But I think this vulnerability serves as an important lesson about which language to choose for new projects in the embedded area. Thus I'm very glad that Google uses Rust for its new OpenSK security key firmware. I hope that future versions of Android will adopt Rust, at least in newly written components. Some Google developed Android related projects are already using Rust, like Cuttlefish which uses crosvm.
Since Android includes a deeply integrated Java implementation that they've put a lot of work into, which includes an AOT compiler, why wouldn't they write services like this one in Java?
A day or two ago there was an embedded software developer here claiming that low-level C developers "know what they're doing", so any languages with built-in safety features impose unnecessary safety restrictions, and that since any software can have bugs, there is no reason to use anything but C. Once that kind of stubborn attitude dies out, maybe we'll stop seeing people leave comments saying "This could have been prevented if they had used language X".
I think it's extremely silly that every time buffer length vulnerabilities get discovered, people start immediately jumping how rewriting everything in rust would have stopped it.
Yes, that's not wrong, but a sane (ptr, len) "slice"/"buffer" type would have prevented this in any language, not just rust. These things happen not because C and C++ lack sophisticated ownership semantics, but because without such a type, passing a pointer and hoping the buffer is always big enough is just easier than doing the right thing.
If this was something funky like a cross-thread race-condition dangling-pointer double-free, you'd have a great point. Only Rust's unique safety model can prevent that. But with things like this, as much as I love Rust and it's community, I sometimes feel like many rust fans are much more interested in being smug than making real-world progress towards safer software today.
The point is that the sane, correct choice is also the easy, default choice in Rust. We've been able to implement (ptr,len) buffer types in C for as long as we've had C, but uint8_t* is both baked into many APIs, and the path of least resistance.
We've spent decades pushing the limits of security improvements we can get through asking people to please try harder and do better with C, but we still see a high rate of high-impact errors like this.
Rust's safety model isn't the only valuable thing about Rust. Another big valuable part of Rust is that instead of giving the programmer a box of unsafe tools and a post-it reminding them to be careful, Rust provides sane, safe default tools that have been built based on what we've learned from the past several decades.
The argument isn't "Only Rust can save you", but that Rust is a good choice that both meets the same performance requirements, and avoids these problems by default.
If you've got a better solution to persuade C and C++ developers to consistently and reliably always wrap their use of pointers from other APIs into (ptr,len) buffer types, I'd love to hear it!
With comments like this, I sometimes feel like many developers are much more interested in smugly dismissing a group that's made significant real-world progress in making it easy to do the right thing than they are in actually helping real developers to reliably make safer software today.
The situation on the phone market is so miserable.
The industry forces us to throw away perfectly fine hardware after just 3 years or so.