Google himma , a cikin tsarin da aka tsara don bayyana bayanai game da raunin da ke cikin Android-na'urori daga OEM daban-daban. Wannan shiri zai sa ya zama mai haske ga masu amfani su koyi game da raunin da ya shafi firmware da masana'antun wasu kamfanoni suka gyara.
Zuwa yanzu, babu rahotannin rashin lafiyar da aka bayar a hukumance (Android Wasikun Tsaro) sun nuna matsaloli ne kawai a cikin babban lambar da aka gabatar wa ma'ajiyar AOSP, amma ba su yi la'akari da batutuwan da suka shafi gyare-gyare daga OEM ba. Matsalolin sun shafi masana'antun kamar ZTE, Meizu, Vivo, OPPO, Digitime, Transsion da Huawei.
Daga cikin matsalolin da aka gano:
- A cikin na'urorin Digitime, maimakon duba ƙarin izini don samun damar API ɗin sabis na sabuntawar OTA kalmar sirri mai lamba wanda ke bawa maharin damar shigar da fakitin apk cikin nutsuwa da canza izinin aikace-aikace.
- A madadin browser sananne tare da wasu OEMs mai sarrafa kalmar sirri a cikin nau'in lambar JavaScript wanda ke gudana a cikin mahallin kowane shafi. Wurin da maharin ke sarrafa shi zai iya samun cikakkiyar dama ga ma'ajiyar kalmar sirri ta mai amfani, wacce aka rufaffen ta ta amfani da madaidaicin DES algorithm da maɓalli mai lamba.
- Aikace-aikacen UI na tsarin akan na'urorin Meizu ƙarin lambar daga cibiyar sadarwar ba tare da ɓoyewa da tabbatar da haɗin kai ba. Ta hanyar sa ido kan zirga-zirgar HTTP na wanda aka azabtar, maharin zai iya gudanar da lambar sa a cikin mahallin aikace-aikacen.
- Vivo na'urorin suna da duba hanyar UidPermission na ajin PackageManagerService don ba da ƙarin izini ga wasu aikace-aikace, koda kuwa ba a kayyade waɗannan izini a cikin bayanan bayanan ba. A cikin sigar ɗaya, hanyar ta ba da kowane izini ga aikace-aikace tare da mai ganowa com.google.uid.shared. A wata sigar, an duba sunayen fakitin akan jeri don ba da izini.
source: budenet.ru
