Safe OTA Firmware Updates in Embedded Systems Using A/B Partitioning 

Delivering firmware updates over the air (OTA) is a fundamental requirement in embedded systems, particularly in connected automotive and industrial systems. Post-deployment bug fixes, security patches, and ongoing feature improvements necessitate a strong OTA mechanism that maintains system dependability even during crucial updates. OTA updates do, however, come with a number of risks. Device malfunction or even permanent failure may result from interruptions brought on by power outages, corrupted images, or failed reboots. 

A/B partitioning is a well-known technique that allows for safe firmware rollouts by preserving a fallback image and lowering the chance of bricking the device. Many development teams use it to allay these worries. 

Understanding A/B Partitioning 

A/B Using a partitioning technique for over-the-air (OTA) firmware updates reduces the possibility of bricking devices during the update process and improves system reliability. With this approach, the system keeps two full firmware partition sets, usually called Slot A and Slot B. While the other slot is inactive and serves as the target for the subsequent update, one slot is always active and running the most recent firmware. 

New firmware updates are deployed by writing them to the backup or inactive slot without interfering with the system that is currently operating. The device restarts in the updated slot following a successful update installation. The system keeps running from the new slot if the boot and runtime checks are successful. However, in the event that the update does not boot properly, the bootloader recognizes the issue and automatically switches back to the previously used and reliable slot, guaranteeing system availability. 

In addition to the root filesystem (rootfs), each slot may also include the kernel image and device tree. The rollback indexes, boot success status, and active slot indicator are kept in a separate metadata region or control structure. By adding a layer of fault tolerance, this architecture increases the safety and resilience of OTA updates in production settings. 

A/B Partitioning for MPUs and MCUs 

Because MPU-based systems have more storage available, the A/B partitioning model is easier to implement. These systems typically run Linux or Android. Multiple rootfs partitions, distinct kernel images, and a shared data partition can all be supported by systems like the i.MX8, TI Sitara, or Qualcomm Snapdragon platforms. The most common bootloaders are U-Boot or GRUB, which can be set up to support A/B logic using boot scripts or environment variables. 

For example, a typical memory layout on an MPU might look like this: 

bash 

CopyEdit 

/dev/mmcblk0p1 -> uboot boot partition   

/dev/mmcblk0p2 -> rootfs_A   

/dev/mmcblk0p3 -> rootfs_B   

/dev/mmcblk0p4 -> data   

A simple boot command in U-Boot could look like this: 

bash 

CopyEdit 

if test  = A; then   

  setenv bootargs root=/dev/mmcblk0p2;   

else   

  setenv bootargs root=/dev/mmcblk0p3;   

fi   

boot 

Flash size and complexity restrictions will be more stringent for MCU-based systems. However, by keeping two firmware regions, usually in internal flash or external SPI NOR flash, the A/B principle can still be used. The bootloader, which is frequently custom-built, jumps to the appropriate firmware bank after checking a status flag. 

For MCUs like STM32 or NXP Kinetis, a flash layout might be: 

rust 

CopyEdit 

0x08000000 - 0x0801FFFF -> Bootloader   

0x08020000 - 0x0805FFFF -> Firmware A   

0x08060000 - 0x0809FFFF -> Firmware B   

0x080A0000 - 0x080A0FFF -> Metadata   

The bootloader reads a metadata structure stored in a reserved flash sector that tells it which slot to boot, and whether the last update was successful. 

Implementing A/B OTA 

Partition planning is the initial stage of putting an A/B OTA mechanism into practice. Each slot requires developers to set aside memory areas of the same size. This could entail changing the device tree's or GPT's partition table for MPUs. For example, in Android, the slot setup must be reflected in the BoardConfig.mk and partition configuration (e.g., super.img in dynamic partitioning). 

The bootloader needs to be set up to choose the appropriate slot during startup after the partitions have been defined. Slot variables that are kept in environment memory or a specific partition can be evaluated by U-Boot scripts. A flash-resident metadata structure containing the active slot, rollback flags, and retry counters is read by the bootloader for MCUs. 

The device writes the updated firmware to the inactive slot upon receiving an update. This procedure typically entails using cryptographic hashes or signatures to validate the image both before and after flashing. The bootloader metadata is updated to point to the new slot after the image has been written and validated. The system boots into the updated firmware upon reboot. A flag is set to indicate that the update was successful if the system boots up successfully and verifies functionality (for example, by using application-level heartbeat). 

The bootloader recognizes the failure and goes back to the previous slot if the system fails during boot or if the application does not indicate readiness within a predetermined amount of time. The device won't be permanently disabled by an update thanks to this rollback mechanism. 

Use Cases 

This design is effective in many fields. A/B OTA lowers the chance of bricking in automotive ECUs like infotainment units, digital clusters, and gateways while field updates are being performed. It is possible to stage updates in the background while the car is not moving and switch them on during the subsequent boot cycle. Downtime can result in substantial financial loss in industrial IoT systems, such as those that regulate manufacturing machinery. These systems can be updated without being taken offline thanks to A/B partitioning, which also provides a built-in backup in case something goes wrong. 

This model is also advantageous for consumer electronics like smart TVs, routers, and smart speakers. A failed update could result in expensive support costs because these devices are frequently updated over home networks without the user's involvement. Because rollback capability is frequently necessary to preserve clinical integrity, medical devices that are subject to stringent safety regulations also benefit. 

Pros and Cons of A/B Partitioning 

Pros  The benefits of A/B OTA partitioning are obvious. It reduces downtime and increases the reliability of software updates. The system can recover and continue to function even if an update fails. This makes it possible for safe, automated updates, which increases user and consumer confidence and aids in adhering to safety and security regulations. 

Cons  However, there are also some disadvantages. To store two software copies, more flash memory is needed. Systems and products with limited storage may find this challenging. Additionally, the bootloader gets more complicated, particularly when rollback protection and secure boot are used. Additionally, an OEM must put in more work to test and maintain two software versions. 

Conclusion 

A/B partitioning has been an effective, fail-safe method for providing over-the-air (OTA) firmware updates, particularly in mission-critical embedded systems where uptime, reliability, and data integrity are paramount. 

Though initial implementation might call for careful planning of bootloader logic, memory structure, and partition setup, the long-term benefit in system robustness and failure recovery far exceeds the initial complexity. 

Explore how Silicon Signals enables robust OTA implementation in your industry 

At Silicon Signals, we develop and implement scalable, secure, and adaptable OTA update solutions for embedded platforms—ranging from bare-metal MCUs to Linux-based MPUs for applications in automotive, industrial automation, consumer electronics, and IoT devices. 

Our high-performance OTA stack supporting A/B partitioning out-of-the-box facilitates: 

Smooth background updates 

Auto-rollback on failure 

Zero device downtime 

Future-proof firmware deployment strategies 

If you're looking to implement a reliable OTA strategy for your embedded device, Silicon Signals is your trusted partner in firmware delivery excellence. 

Visit us at siliconsignals.io  Mail us at: [email protected]  Follow us on LinkedIn 

I flashed Evo X (android 15) on ximi redmi 5 plus!!11!1 it's laggier than my mind in maths class but whatever. It is absolutely better than outdated miui.

Google tranquiliza a los usuarios al asegurar que AOSP seguirá siendo de código abierto en su evolución privada

Después de casi dos décadas de participación pública en el desarrollo del sistema operativo Android a través del Android Open Source Project (AOSP), Google ha optado por una estrategia más interna en todos los desarrollos relacionados con Android, lo que efectivamente hace que este proceso sea privado. La compañía sostiene que este cambio no implicará que el sistema operativo se convierta en un…

Linux: un sistema operativo potente y gratuito

Linux: El sistema operativo que usas sin saberlo Desde la llegada de los sistemas operativos, las computadoras se volvieron más accesibles para el público general. Con Windows y sus interfaces gráficas, su uso se masificó hasta el punto en que hoy casi todo el mundo tiene un ordenador en casa. Pero hay un sistema operativo que probablemente usas todos los días sin siquiera notarlo: Linux. A…

View On WordPress

Android Open-Source Project

Discover the AOSP (Android Open Source Project), the bedrock of Android's open-source architecture, devoid of proprietary elements. Uncover its integral components that fuel a rich and varied ecosystem, nurturing creativity and personalization. AOSP's openness and continuous development guarantee a stable and flexible foundation essential for propelling Android's future innovations and accommodating user-initiated modifications.

To read more on AOSP.

Airspace Operations and Safety Program (AOSP)

The Airspace Operations and Safety Program (AOSP) enables safe, sustainable, and efficient aviation transportation operations to benefit the flying public and ensure the global competitiveness of the U.S. aviation industry. We are transforming the future of aviation into a digital, federated, and service-oriented architecture that fosters the growth of safe airspace for all users. By […] from NASA https://ift.tt/853Opq6

03/26/25

So, about Linux. Do you have a phone that uses Linux? Is there one out there that can access tumblr and be reasonably usable? I'm just sick of Apple and Google's BS and want an opinion from someone in the know.

technically: android is built on linux

less pedantically: i personally have a google pixel with stock android because it's the least bloated and i don't trust most other manufacturers to not put dumb bullshit on my phone.

if you want a linux phone then i've heard good things about the pinephone. here are the operating systems it supports: https://pine64.org/documentation/PinePhone/Software/Releases/. note that a lot of the OSes don't have full support for all of the device features like bluetooth, and there won't be android app support out of the box. you'll have to use something like waydroid and idk how good the compatibility is.

if you want something closer to the normal android experience, grapheneOS might be up your alley. caveat: there is very limited device support; they basically only have official support for google pixel devices: https://grapheneos.org/faq#device-support. google play is disabled by default but you can enable the sandboxed version of it to install tumblr.

if you see other custom ROMs or AOSP-based OSes, you should do some research to make sure you're comfortable with the developers and the security for them. grapheneOS is generally well regarded and most other projects don't have anywhere near the level of focus on security. (less pussyfooted answer: i wouldn't use them.)

SELinux in AOSP: A Guide to Securing Embedded Android Systems

Introduction 

Security-Enhanced Linux (SELinux) is a core security mechanism in the Android Open Source Project (AOSP) that enforces robust access control. Unlike traditional Discretionary Access Control (DAC), which relies on user-based permissions, SELinux uses Mandatory Access Control (MAC) to restrict system interactions based on predefined policies. Android integrated SELinux starting from version 4.3. It runs in either permissive mode, which logs violations, or enforcing mode, which blocks unauthorized actions. 

Understanding SELinux policies, labels, and domains is essential for embedded developers working on middleware, HAL, and system daemons in order to secure Android devices. Sensitive system components are protected, unauthorized access is limited, and privilege escalation is avoided with proper SELinux configuration. This blog discusses best practices for creating security policies, how SELinux functions within AOSP, and a real-world example of using SELinux on a binderized HAL. Developers can strengthen embedded systems against exploits and security breaches by becoming proficient with SELinux. 

What is SELinux? 

With mandatory access control (MAC) policies that limit programs' capabilities beyond conventional discretionary access controls (DAC), SELinux is a security architecture built into the Linux kernel. It guarantees that an application's activities stay contained within predetermined bounds even in the event that it is compromised. 

Core Concepts of SELinux 

Labels: Every process and object (like files, directories, and ports) in the system is assigned a security label. A key component of SELinux's decision-making process is these labels. 

Type Enforcement (TE): The main SELinux mechanism is Type Enforcement (TE), in which policies specify how types (labels) linked to objects and processes can communicate. A process named httpd_t (Apache), for example, can be made to only access files with the label httpd_sys_content_t. 

Roles and Users: To manage permissions more precisely, SELinux defines roles and users. Nonetheless, type enforcement continues to be the main focus in many implementations. 

SELinux in AOSP 

SELinux integration with Android 

Google strengthened Android's security by integrating SELinux into the platform starting with version 4.3. SELinux functions in two ways in AOSP: 

Permissive Mode: Violators are recorded but not stopped; SELinux rules are not enforced. 

Enforcing Mode: SELinux rules are put into effect, and infractions are recorded and prevented. For strong security, Android devices try to run in enforcing mode. 

Advantages of SELinux in Android 

Privilege escalation is mitigated: SELinux restricts an application's behavior even if it acquires unauthorized privileges, avoiding more widespread system compromises. 

Protection Against Malware: By limiting applications' access to private information or system components, SELinux policies can lessen the possible impact of malware. 

Enhanced Multi-User Security: SELinux makes sure that user data is kept separate and safe from other users and applications by implementing stringent access controls. 

Implementing SELinux in AOSP 

Configuring the Linux kernel for SELinux: Make sure the kernel is compiled with SELinux support. This entails turning on particular security module configuration options. 

Filesystem Labeling: Give filesystem objects the proper security labels. This can be accomplished by setting default labels in filesystem images or by using tools such as restorecon. 

Compilation of Policies: Using tools like checkpolicy, create SELinux policies that are specific to the needs of your system. 

Policy Loading: Use tools like load_policy or incorporate the compiled policies into the system's initialization procedure to load them into the kernel. 

Writing SELinux Policies 

IVI (In-Vehicle Infotainment), ADAS (Advanced Driver Assistance Systems), and telematics are among the vital services that Android Automotive OS (AAOS) manages in automotive embedded systems. SELinux policies are necessary to enforce stringent access controls across all system components, especially middleware services, Binderized HALs, and system daemons, in order to ensure security in such a system. In order to make sure that only authorized system components can access and alter vehicle data, we'll map SELinux policy writing to a real-world automotive example below using a binderized HAL. 

Determine Types and Domains 

Consider a Vehicle HAL (VHAL) in an automotive system, which gives users access to information about the vehicle, including its speed, fuel level, engine status, and door lock condition. The telematics module, navigation app, and IVI system are among the system elements with which the Vehicle HAL service communicates. 

The hal_vehicle_t domain is where the Vehicle HAL daemon operates. 

vehicle_data_t is the label for vehicle data files. 

The ivi_system_t domain is where the IVI system operates. 

The telematics_t domain is where the Telematics service functions. 

By defining these domains, unauthorized applications are prevented from accessing vital vehicle parameters and controlled access between various system components is ensured. 

Tools and Resources 

SELinux Notebook: An open-source resource that provides comprehensive insights into SELinux concepts and implementations. GitHub - SELinuxProject/selinux-notebook 

NSA's SELinux Implementation Report: An in-depth report detailing the implementation of SELinux as a Linux Security Module. Implementing SELinux as a Linux Security Module 

Conclusion 

With SELinux included in AOSP, developers can implement strict access controls, isolate processes, and keep sensitive information safe. 

Whether you're building embedded Android systems, HAL layers, or automotive and IoT device middleware, SELinux offers a secure framework to ensure system integrity. 

For any solution related to SELinux implementation, HAL hardening, or embedded Android security, connect with Silicon Signals at www.siliconsignals.io or email us at [email protected].  👉 Do follow us on LinkedIn to stay updated on embedded tech insights and innovations. 

it might be like. joever. android is only being developed internally now. the source code is still public but its not accepting any outside help. you wont be able to see any of the development process or whatever, only what google wants to show publically.

while still being technically possible to keep up forks like grapheneOS or lineage/divest, this will absolutely slow things down and make it harder as instead of being able to work in parallel with AOSP they will have to wait for google to properly release each version, which happens for many other components of android already.

はじめに 　みなさん初めまして、本田技研工業デジタルプラットフォーム開発部のTera-Cです。ソフトウェアエンジニアを10年程度経験してから自動車業界に転職して8年、Hondaでの業務歴は2年の若手?です。 　我々の部署ではAWSを活用して、Hondaの車やアプリに向けたWebサービスやサーバーの開発をしています。仕事を進めるうちに得られたAWSに関連する知見や事例、SaaSの活用情報などを発信していきます。 　今回はそのような技術的なお話の前に、ソフトウェアエンジニアが自動車会社に転職してきて感じた違いや、困ったこと、良かったことなどを「4選」、お伝えします。 はじめに 1. ソフトウェアの仕事の経験がある人が少ない 2. ソフトウェア開発のインフラが整っていない 3. 能力が高い人が多い 4. 労働組合の正体が分かる まとめ 1. ソフトウェアの仕事の経験がある人が少ない 　我々は自動車会社なので当たり前のことではあるのですが・・・SIerやソフトウェアベンダーなど、ソフトウェアの会社というのは人事、総務、経理、法務、営業、広報、もちろん開発や品質保証もですが、すべての組織がソフトウェアと関わる仕事をしている、と言ってよいと思います。自動車会社はソフトウェアではなく、自動車と関わる仕事をしているわけです。 　なので自動車会社でソフトウェアの仕事をする時には、非常に手間がかかります。 　自動車のマーケティングはできるけど、自動車と接続するiPhoneアプリのエンゲージメントを向上させるためのマーケティングはしたことがない。 　アメリカで組立てた自動車をインドに輸出することはできるけど、インドの開発拠点でAWSのオレゴンリージョンのEC2で運用してるGitLabからビルドイメージをダウンロードする時の輸出手続きはわからない。 　これらは自動車会社にとっては普通なわけです。でも、自動車会社でソフトウェアを開発しようとすると、ものすごい足かせとなります。 　長年のソフトウェア領域における自動車会社の努力によって、少しずつ組織の力は向上してきています。とはいえ、Hondaは自動車を売る会社でソフトウェアを売る会社ではないし、とても大きな組織です。なかなか難しいことはご想像できると思います。 　逆に言うと、自動車会社のソフトウェアエンジニアは大量で広範囲に及ぶ仕事があります（笑） 2. ソフトウェア開発のインフラが整っていない 　ソフトウェアエンジニアと言っても、いろんな種類があると思います。わたしはセキュリティ対策ソフトウェアのパッケージベンダーのエンジニアでした。自動車業界に比べると事業規模は小さく、仕事の内容は上流から下流まで全部やるのが普通でした。 　プログラミングやビルドもしなければならないため、最高レベルのスペックのデスクトップPCと、VMware、もしくはAWSやAzureなどのクラウド、豊富なコンピューターリソースを自由に使えることが多かったです。 　自動車業界に転職して、仕事で使うのはノートパソコンだけになりました。 最新のソフトウェアやプログラミング技術は好きなのですが、仕事で使う必要がないので、いらないでしょ？ということのようです。 　最初に飛び込んだ自動車会社ではAndroidを使った次世代のカーナビを内製開発するミッションを担当することになったので、かなりの問題がありました。 　ノートパソコンでAndroidをビルドすることはかなりのストレスです。自動車会社でデスクトップパソコンはどうやって調達すればよいのでしょうか。Raspberry Piとか、カーナビの試作基盤も欲しいですよね。サーバーや仮想環境はどこにあるのでしょうか。 　ネットワークにも問題があります。AOSPをcloneするにはプロキシを越えなければなりません。プロキシを超えたら超えたで、こんどは通信帯域を圧迫する問題があります。 　ソフトウェア企業ではふつうに存在していたインフラは自動車会社には存在せず、その構築にはお金がかかり、お金を使うためにはソフトウェアについてあまり詳しくない他部署の社員の説得や承認が必要でした。 3. 能力が高い人が多い 　同僚、後輩、先輩、上司、ともに仕事を進める以上、無意識でその人の能力を評価してしまってることはありませんか？あまりよくない癖だとは思うのですが、わたしはそうしてしまうことが結構あります。 　記憶力が良い、とか、論理を組み立てるのが速い、とか、なにかを整理して説明することが上手いとか、「能力が高い」と判断する要素というのは無数にあります。ただ、その能力と言うのはテストの点数のように表示されるものではないので、あくまで自分の主観に頼った評価になります。 主観に頼っているので、どうしても自分びいきになる。 それなのに、能力が高いと感じられる人が多くいる。 ということは、能力が高い人が多いんだ！ ・・・わたしの能力が低い、という可能性ももちろんあります。 　ともあれ、一緒に仕事をしていて、さまざまな場面でそのように感じることがあるのは事実です。そして、それはソフトウェアベンダーで働いていた時よりも多いのです。 自分のキャリアが進んで視点が変わったのはあると思います。また、年齢を重ねて自分の中にもっていた自信やプライドのようなものが丸くなってきたこともあるでしょう。 　それと同じように、日本における自動車会社は、新卒・中途採用のマーケットで、優秀な従業員を採用し続けているというのも事実でしょう。 　自動車会社でソフトウェアの仕事を進めるときには困ることはたくさんあります。しかし、進め方の説明をしたり、不足する知識や技術を補うと、とたんに仕事がスムーズに進み始める。そこには自動車会社の従業員の底力、を感じます。 4. 労働組合の正体が分かる 　日本には労働組合がない企業の方が多いのではないかと思います。春になると「春闘」といって、ベアが何％とか、ボーナスは5か月分だとかいうニュースが流れますが、自動車会社に入るまでは他人事でした。 　自動車会社では、管理職でなければ入社と同時に労働組合に加入します。月にいくらか組合費を支払います。 　通常の業務をするうえで組合の活動と言うものを意識することはないのですが、組合で何か決めたいことがある場合などは会議に呼ばれて、意見などを求められることがあります。月に1回��るかないかでしょうか。 　そういう活動を取りまとめる係が各部署単位で設定されたりするので、係になった人はもう一段階仕事が増えたりします。 　自分の代わりに労働組合が、給与やボーナスの基礎値のようなものを上げてくれたり、その交渉をしてくれたりする。組合費以上のメリットはあると思います。選挙の際には労働組合関連の市議、県議、国会議員の��援などを求められますが、それもまた経費ですね。 まとめ 　というわけで、ソフトウェアエンジニアがHondaに転職して感じたこと4選でした。 ソフトウェアに関わる仕事の経験がある人が少ない ソフトウェア開発のインフラが整っていない 能力が高い人が多い 労働組合の正体が分かる 　最近の自動車はさまざまなソフトウェアを部品として活用していて、Software Defined Vehicleという言葉も一般的になってきました。自動車会社のソフトウェアエンジニアとして、少しずつソフトウェアのことが分かる人を増やしていこうとしています。 　感じたことはまだまだあるので、また別の機会があればお伝えします。 　最後までお付き合いいただきありがとうございました。 Tera-C 本田技研工業株式会社、デジタルプラットフォーム開発部。Honda歴は2年。セキュリティ対策ソフトウェアのエンジニアが自動車業界へ飛び込んで、カーナビとかクラウドPFとか、いろんなものを開発してきました。Hondaとソフトウェアに関する記事を投稿していきます。

【魚拓】ソフトウェアエンジニアがHondaに転職して感じたこと4選 - Honda Tech Blog

Massive Backdoor Infection Hits 1.3 Million Android-Based Streaming Devices

A newly discovered malware infection has raised alarm bells by affecting an estimated 1.3 million Android streaming devices running an open-source version across almost 200 countries. The malware, dubbed "Android.Vo1d," has successfully backdoored these Android-based boxes by inserting malicious code into their system storage areas, allowing for potential updates with additional malware via command-and-control servers at any time.

Scope and Impact

Security firm Doctor Web reported the widespread infection on Thursday, highlighting the extensive reach of the Android.Vo1d malware. The affected devices are operating systems based on the Android Open Source Project (AOSP), a version overseen by Google but distinct from the proprietary Android TV used by licensed device manufacturers. Google representatives have confirmed that the infected devices are not running the official Android TV OS, emphasizing that these are "off-brand devices" without Play Protect certification. This certification process involves extensive testing to ensure quality and user safety. Confirm your TV is running Android TV OS by using the guide posted here.

Unknown Infection Vector

Despite their thorough understanding of the malware and its widespread impact, researchers at Doctor Web are still uncertain about the exact attack vector leading to these infections. They have proposed several possibilities: - An intermediate malware exploiting operating system vulnerabilities to gain root privileges - The use of unofficial firmware versions with built-in root access - Outdated and vulnerable Android versions susceptible to remote code execution exploits - Potential supply chain compromises, where devices may have been infected before reaching end-users

Affected Devices and Variants

The infection has been found on several TV box models, including: TV box model Declared firmware version R4 Android 7.1.2; R4 Build/NHG47K TV BOX Android 12.1; TV BOX Build/NHG47K KJ-SMART4KVIP Android 10.1; KJ-SMART4KVIP Build/NHG47K Researchers have identified dozens of Android.Vo1d variants, each using different code and planting malware in slightly different storage areas. However, all variants achieve the same result: connecting to attacker-controlled servers and installing components that can deploy additional malware on command.

Infection Characteristics

The Android.Vo1d trojan modifies several system files and creates new ones to ensure persistence on infected devices. Key changes include: - Modification of the install-recovery.sh script - Alteration of the daemonsu file - Creation of new files: vo1d, wd, debuggerd, and debuggerd_real These modifications allow the malware to anchor itself in the system and auto-launch during device reboots. The trojan's main functionality is split between two components: vo1d (Android.Vo1d.1) and wd (Android.Vo1d.3), which work together to maintain the infection and execute commands from the control servers.

Geographic Distribution

Geographic Distribution of the Android.Vo1d infections The infection has spread globally, with the highest number of cases detected in: - Brazil - Morocco - Pakistan - Saudi Arabia - Russia - Argentina - Ecuador - Tunisia - Malaysia - Algeria - Indonesia

Detection and Mitigation

Identifying infected devices can be challenging for less experienced users. Doctor Web recommends using their antivirus software for Android, which can detect all Vo1d variants and disinfect devices with root access. More technically inclined users can check for indicators of compromise provided by the security firm. The incident also highlights the risks associated with using non-certified Android devices and emphasizes the importance of regular security updates and proper device vetting. As the investigation continues, it serves as a stark reminder of the ongoing challenges in securing the diverse ecosystem of Android-based devices in the market. Read the full article

If Chromuim isn't Chrome to you, then would you say that the AOSP isn't Android? Or, that some of the OSes built upon it aren't Android, such as, say, Amazon's Fire OS or whatever facebook would call the OS running on their Portal and Quest devices, even though they all run Android at their core, much like how Chrome is Chromium at heart?

I don't think that's a fair comparison to make. chromium is simply the engine chrome is based on; chrome is chromium, but chromium isn't chrome

my computers? all 3 run linux mint.

my phone? flip phone running no-BS AOSP.

my "smart" watch? casio with a honest to god 7 segment display.

big tech can keep their damn grubby fingers off my electronics.

God I hate how normalized not being in control of your own devices has become. My phone updates in the middle of the night without asking me shit or getting my consent for anything and its like "Oh hi I'm your new AI, please enjoy this forced overlay that you can't exit out of until you go through my tutorial"

"Great fuck you, I would like to uninstall you" "Oh I'm sorry you can't uninstall me! I'm a core system application and if you uninstall me your phone won't function correctly despite the fact that I did not exist yesterday and your phone worked fine" "....." "You can disable parts of my functionality but I will always be here and I will pop up notifications asking you to re-enable me unless you figure out how to disable those too! Then I will still show up in a different color at the top of your settings application telling you that you need to 'fix" a 'problem' with your phone, that problem being that I am disabled. Does that help?"

Like, you know what I can do on my desktop? "sudo pacman -Rdd linux" , this will just fucking remove the entire linux kernel. Fundamentally breaking my computer until I boot up a live disk and chroot in and reinstall it or whatever, and the computer will go "Are you sure (y/n)" or whatever and i'm like "y" and it will just go "Ok you got it boss"

But its mine, I get to do what I want with it. I control the computer, the computer does not control me. I refuse to cede control to my phone or anything else. The thing is a lot of people will joke that like "Oh I love just letting the machine tell me what to do, I don't know what I'm doing, it knows best" or whatever but the thing you have to realize is that when you say that you are abstracting away that "the phone" or whatever is not some value neutral logic driven robot like from sci-fi, it is a collection of the the capitalistic and fascistic desires of the tech oligarch fuckwits that are burning the world to the ground right now. You aren't submitting to the phone, you are submitting to Musk, Bezos, Nadella, Pichai, Cook and all those other evil bastards.

Fuck them, fuck their little AI toys, and fuck this.

Estamos pertos do fim do Android aberto que conhecemos? 😱 - Suporte dos Pixel no AOSP é encerrado