[guardian-dev] Popularity of Gingerbread

Chris Ballinger chrisballinger at gmail.com
Wed Aug 3 16:41:44 EDT 2016


Isn't it a security risk to support users on vulnerable versions of
Android? If users need the protection of Tor or other tools, then
supporting users on a vulnerable OS could do more harm than good by giving
people a false sense of security. For example, isn't there a RCE for
pre-4.4 WebView that could be exploited by malicious exit nodes when
visiting HTTP sites?

On Mon, Aug 1, 2016 at 11:47 AM, Hans-Christoph Steiner <
hans at guardianproject.info> wrote:

>
>
> Michael Rogers:
> > On 01/08/16 16:50, Nathan of Guardian wrote:
> >> Three years ago in Thailand, I bought a $50USD 6 inch wifi only tablet
> >> device running 4.0 ICS. I also bought a $100USD smartphone running
> >> 2.3.6, which seemed to be the last of its kind.
> >>
> >> We do still see support requests for Orbot users still running 2.3.x
> >> from time to time, and are working at adding support back in to SDK 10
> >> and pre-PIE devices. Supporting SDK 8/9/10 is more of a gesture towards
> >> leaving no user behind, than a practical necessity.
> >>
> >> Another way to look at it is, if you have limited resources and need to
> >> balance building a storage, network and battery efficient app, versus
> >> supporting old APIs/OSes, I would say that the former is a better use of
> >> time and skills.
> >
> > I'll take that advice, thanks Nathan!
> >
> > Cheers,
> > Michael
>
> To second what Nathan said, for Briar, I'd recommend setting at least
> android-16 as the minimum.  Its a fair amount more effort to support the
> older versions.
>
> .hc
>
> --
> PGP fingerprint: EE66 20C7 136B 0D2C 456C  0A4D E9E2 8DEA 00AA 5556
> https://pgp.mit.edu/pks/lookup?op=vindex&search=0xE9E28DEA00AA5556
> _______________________________________________
> List info: https://lists.mayfirst.org/mailman/listinfo/guardian-dev
> To unsubscribe, email:  guardian-dev-unsubscribe at lists.mayfirst.org
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.mayfirst.org/pipermail/guardian-dev/attachments/20160803/3dd22693/attachment.html>


More information about the guardian-dev mailing list