Google himma , wanda ke shirin bayyana bayanai game da raunin da ke cikin na'urorin Android daga masana'antun OEM daban-daban. Ƙudurin zai sa ya zama mai haske ga masu amfani game da lahani na musamman ga firmware tare da gyare-gyare daga masana'antun ɓangare na uku.
Har ya zuwa yanzu, rahotannin rashin ƙarfi na hukuma (Bidiyon Tsaro na Android) sun nuna batutuwa ne kawai a cikin ainihin lambar da aka bayar a ma'ajiyar AOSP, amma ba su yi la'akari da batutuwan da suka shafi gyare-gyare daga OEMs ba. Tuni Matsalolin sun shafi masana'antun kamar ZTE, Meizu, Vivo, OPPO, Digitime, Transsion da Huawei.
Daga cikin matsalolin da aka gano:
- A cikin na'urorin Digitime, maimakon duba ƙarin izini don samun damar API ɗin sabis na sabuntawar OTA kalmar sirri mai lamba wanda ke bawa maharin damar shigar da fakitin apk cikin nutsuwa da canza izinin aikace-aikace.
- A madadin browser sananne tare da wasu OEMs mai sarrafa kalmar sirri a cikin nau'in lambar JavaScript wanda ke gudana a cikin mahallin kowane shafi. Wurin da maharin ke sarrafa shi zai iya samun cikakkiyar dama ga ma'ajiyar kalmar sirri ta mai amfani, wacce aka rufaffen ta ta amfani da madaidaicin DES algorithm da maɓalli mai lamba.
- Aikace-aikacen UI na tsarin akan na'urorin Meizu ƙarin lambar daga cibiyar sadarwar ba tare da ɓoyewa da tabbatar da haɗin kai ba. Ta hanyar sa ido kan zirga-zirgar HTTP na wanda aka azabtar, maharin zai iya gudanar da lambar sa a cikin mahallin aikace-aikacen.
- Vivo na'urorin suna da duba hanyar UidPermission na ajin PackageManagerService don ba da ƙarin izini ga wasu aikace-aikace, koda kuwa ba a kayyade waɗannan izini a cikin bayanan bayanan ba. A cikin sigar ɗaya, hanyar ta ba da kowane izini ga aikace-aikace tare da mai ganowa com.google.uid.shared. A wata sigar, an duba sunayen fakitin akan jeri don ba da izini.
source: budenet.ru