Mozilla has always aimed to make Firefox available to as many people as possible, including those on older Android devices. For years, we’ve supported versions of Android going all the ...
Makes sense. It sucks for those who cannot afford newer phones or cannot install an alternative image. But if security is the issue at all, then using such old and unsupported Android shouldn’t be used at all. Is anyone actually angry at dropping support for old Android versions. Especially as old as Lollipop, for which its support dropped 7 years ago.
Phones don’t develop security bugs over time. The bugs were there from the beginning. They just often take years to become known. So you have to assume new phones are insecure (just in unknown ways) as much as the old ones were. Maybe even worse.
I still have Android 7 and 8 phones that I use a little, plus an Android 2.3 music player. What crap the hardware compatibility story turned out to be compared with x86 PC hardware.
So what you are saying that no new security bugs will be introduced over the lifetime of the operating system and its integrated software? Software gets updated and they will introduce new security issues over time.
The bugs were there from the beginning. They just often take years to become known.
Doesn’t this apply for every software?
So you have to assume new phones are insecure (just in unknown ways) as much as the old ones were. Maybe even worse.
No, because the old bugs are (hopefully) eliminated. New security mechanisms are integrated, that should help preventing from issues. So the assumption should be that the newer operating system, with the newer installed software is more secure. That should be the assumption at least, especially because the old phones don’t get security updates anymore.
Remember unsupported software is the most unsecure software, especially when we talk about operating systems with unpatched vulnerabilities. Just because you don’t know about an existing vulnerability (because development and fixing for it has stopped), does not mean that hackers will stop hacking it.
I meant over the lifetime after its first launch, they will updated. You said all bugs are there since day one, which is not true, because software gets updated until end of life. And then unknown bugs at that time are not patched and new vulnerabilities are discovered after they stop getting patches. Why am I even explaining this? Its really basic.
But I see you think that old operating systems (which is extremely rich and complicated and error prone) which do no longer get patches and are used by millions, are perfect software and nobody will try to hack them…
I meant over the lifetime after its first launch, they will updated.
that’s right, but after the phone does not get any more updates, it does not get more features either and so the number of bugs does not change anymore. the bugs exploitable in my 6 years old phone were exploitable much earlier.
But I see you think that old operating systems (which is extremely rich and complicated and error prone) which do no longer get patches and are used by millions, are perfect software and nobody will try to hack them…
I do not. the bugs are there, but when the maintenance stops there are no new bugs anymore, they were there for a while
Sure, no new bugs will be programmed into it after support has stopped, but that was not the original discussion about. But that does not mean the software is perfect, especially not a complex operating system that also allows to visit the web and install new applications. There are countless unknown (and known) security issues waiting to be exploited. A 5 year or unsupported older operating system is a time bomb.
The original discussion was “its okay to use unsupported old Android, because all unpatched bugs after its support are there since day one”. And that new (supported) phones and operating systems are less secure because of that. That was the argumentation I am going against.
Makes sense. It sucks for those who cannot afford newer phones or cannot install an alternative image. But if security is the issue at all, then using such old and unsupported Android shouldn’t be used at all. Is anyone actually angry at dropping support for old Android versions. Especially as old as Lollipop, for which its support dropped 7 years ago.
Phones don’t develop security bugs over time. The bugs were there from the beginning. They just often take years to become known. So you have to assume new phones are insecure (just in unknown ways) as much as the old ones were. Maybe even worse.
I still have Android 7 and 8 phones that I use a little, plus an Android 2.3 music player. What crap the hardware compatibility story turned out to be compared with x86 PC hardware.
I really do not agree with you here.
So what you are saying that no new security bugs will be introduced over the lifetime of the operating system and its integrated software? Software gets updated and they will introduce new security issues over time.
Doesn’t this apply for every software?
No, because the old bugs are (hopefully) eliminated. New security mechanisms are integrated, that should help preventing from issues. So the assumption should be that the newer operating system, with the newer installed software is more secure. That should be the assumption at least, especially because the old phones don’t get security updates anymore.
Remember unsupported software is the most unsecure software, especially when we talk about operating systems with unpatched vulnerabilities. Just because you don’t know about an existing vulnerability (because development and fixing for it has stopped), does not mean that hackers will stop hacking it.
well the software of those phones certainly did not get updated, so no, no new security bugs are introduced for them
I meant over the lifetime after its first launch, they will updated. You said all bugs are there since day one, which is not true, because software gets updated until end of life. And then unknown bugs at that time are not patched and new vulnerabilities are discovered after they stop getting patches. Why am I even explaining this? Its really basic.
But I see you think that old operating systems (which is extremely rich and complicated and error prone) which do no longer get patches and are used by millions, are perfect software and nobody will try to hack them…
I’m a different person
that’s right, but after the phone does not get any more updates, it does not get more features either and so the number of bugs does not change anymore. the bugs exploitable in my 6 years old phone were exploitable much earlier.
I do not. the bugs are there, but when the maintenance stops there are no new bugs anymore, they were there for a while
Sure, no new bugs will be programmed into it after support has stopped, but that was not the original discussion about. But that does not mean the software is perfect, especially not a complex operating system that also allows to visit the web and install new applications. There are countless unknown (and known) security issues waiting to be exploited. A 5 year or unsupported older operating system is a time bomb.
The original discussion was “its okay to use unsupported old Android, because all unpatched bugs after its support are there since day one”. And that new (supported) phones and operating systems are less secure because of that. That was the argumentation I am going against.