Print 38 comment(s) - last by flyingpants1.. on Jun 17 at 5:17 AM

OnePlus and Cyanogen are working to patch the OpenSSL vulnerabilities

The OnePlus One looks to be an ambitious smartphone project. The smartphone boasts impressive specs including a 2.5GHz Snapdragon 801 processor paired with 3GB of RAM, a 5.5” 1080p display, 13MP rear camera, all while running CyanogenMod 11S. Most impressively, the OnePlus One costs just $299 for the 16GB model while the 64GB model will set you back only $349.
Unfortunately, it appears that OnePlus has run into a few snags with its worldwide launch of the One (it was originally supposed to debut in mid-May). According to Android Community, the Cyanongen and OnePlus are working to fix a few OpenSSL vulnerabilities before it ships the One.

OnePlus One
OnePlus One
Ciwrl, a member of the Cyanongen/CyanogenMod team, took to reddit to explain the delays, stating:
As you may be aware, a handful of new issues with OpenSSL were made public on June 5th. We decided to include the correction for those vulnerabilities, in the factory release of the One
A new release means the whole firmware needs to be re-certified (including QA time), but we believe the security benefits outweigh the delay. So yes, there was a new build issued at fairly last minute, but it wasn't due to missing set deadlines or expectations.
Show stopping issues this late in the game are definitely disappointing, but OnePlus still has time to get things sorted out and get the One into the hands of customers. There are competitors that offer comparable specs (like the HTC One (M8) and Samsung Galaxy S5), those that offer even more impressive screens (like the LG G3), and yet-to-be released models that will surely be top-sellers when they hit the market (we’re looking at you, iPhone 6) — but none will be able to meet the off-contract price point of the OnePlus One.

Sources: Android Community, reddit

Comments     Threshold

This article is over a month old, voting and posting comments is disabled

RE: That's pretty neat
By bug77 on 6/11/2014 10:39:31 AM , Rating: 2
There are SOOOO many options.

Not if you want to stick with Android, unfortunately.
For Android there's only Cyanogenmod (aka some things will work, some won't, but kiss your warranty and battery life good bye anyway) or buying another phone (aka show the manufacturers that not supporting their devices actually works).

PS I knew you couldn't let this one pass without posting :-D

RE: That's pretty neat
By retrospooty on 6/11/2014 10:55:51 AM , Rating: 2
"PS I knew you couldn't let this one pass without posting :-D"

I am a creature of habit ;). FWIW, I agree. If you are all 3 of the below...

1. Want to buy only low end cheap phones.
2. Want OS/ROM upgrades for 2+ years.
3. Are not willing to take control and put on a custom ROM

Then Android is not the right choice for you. But a serious question, what does support that? Apple is out, as they have no low end cheap models. Even the 5C is Mid--high as far as price. What would you choose that suits your needs?

RE: That's pretty neat
By bug77 on 6/11/2014 11:19:27 AM , Rating: 3
From a technical point of view, you are right. I don't consider a $200 phone low-end (going to get a Moto G 4G shortly) when it packs a quad-core CPU, an 1280x720 screen and 1GB RAM, but this is not that important.

The thing is, these cheap, low-end phones outsell flagships 10:1 if not more. And they are most frequently bought by the least tech savvy users, those that want "a phone that makes phone calls". By not providing fixes to them, manufacturers ensure a perpetual and huge attack vector for anyone willing to dig up vulnerabilities discovered in the past year or so. This is why I think _any_ smartphone should come with some guaranteed level of support.
If you want, you can think about how antivirus makers have come to the conclusion that they need to provide a free version of their product: if they were protecting only the paying customers and let the rest of the internet be taken over by threats, they still weren't providing a good experience to their paying customers. This is a (not entirely) similar situation in my mind.

And you're again right when you say nobody provides this level of service (Cyanogenmod does, only they can't fix device drivers). But I still think someone should. And I'm going to keep blasting manufacturers for that until they do ;-)

RE: That's pretty neat
By retrospooty on 6/11/2014 11:27:53 AM , Rating: 2
"And you're again right when you say nobody provides this level of service "

OK, I see what you are saying. Moro G is a good otion at that. My guess is now that KK is around and supports lower end specs, and is fast at it, we will see better support. But still as we both mentioned, no-one does that today, not a single vendor.

RE: That's pretty neat
By Reclaimer77 on 6/11/2014 11:42:00 AM , Rating: 1
Dude is your phone even running 4.1.1? I highly doubt it. So what are you worried about? Your phone is already patched for Heartbleed and will get patched for future exploits.

I'm so tired of this, really. Why can't you people EVER come out and list what device you own?! Just come out with it, WHAT PHONE DID YOU BUY??

On the off-chance you own an HTC phone, I found this:

“Privacy and security are important to HTC and we are committed to helping safeguard our customers’ devices and data,” said HTC. “We are currently working to implement the security patch issued by Google this week to the small number of older devices that are on Android 4.1.1.”

I'm sorry but the age of people buying an Android phone and being "left out" of updates is a holdover idea from years ago. Even HTC, traditionally one of the worst, is patching old ass 4.1.1 for Heartbleed!

RE: That's pretty neat
By bug77 on 6/11/2014 11:53:04 AM , Rating: 2
HTC Desire S.

And while HTC may be acting on this one (but I suspect only because Google has actually provided the necessary patch), I will say that I never got a patch for this:
They said they were working on a fix, but they never delivered. And there was one more issue like that or two that HTC never patched either.
Which is why everyone messing with Android has lost a customer. Several actually, because my whole family expects me to tell them which phone to get.

RE: That's pretty neat
By Reclaimer77 on 6/11/2014 11:59:07 AM , Rating: 2
(but I suspect only because Google has actually provided the necessary patch)

Uhhh of course? That's like complaining that Dell doesn't patch Windows...

HTC Desire S.

That's like a four year old phone..just wow.

RE: That's pretty neat
By retrospooty on 6/11/2014 12:04:48 PM , Rating: 2
Wow... I just looked it up. Feb 2011. That is nearly 3 1/2 years old.

Bug, seriously upgrade. Just do it. March your ass to the nearest wireless store and bust out the credit card... right now.

RE: That's pretty neat
By Reclaimer77 on 6/11/2014 12:09:28 PM , Rating: 2

And this time, I hate saying this, but just don't buy an HTC. Too unstable atm, who knows if they'll even be around in another 4 years.

Why even keep a phone that long? I don't get it. When that 2 year contract is up, you need to jump on those upgrade offers (usually free).

RE: That's pretty neat
By bug77 on 6/11/2014 1:55:55 PM , Rating: 2
I'm not in the US and don't buy phones on contract. Thus, I picked up this nasty habit of keeping a phone for as long as it does its job.

RE: That's pretty neat
By bug77 on 6/11/2014 1:20:34 PM , Rating: 2
Just placed an order for a couple Moto G 4Gs on Amazon.
But seriously, the Desire S does all that I need and it doesn't even have data (unless I hook it up to WiFi and that's usually at home).
It's just that the battery starts to fail (easily fixed, since it's user replaceable) and that it tends to loose signal in the middle of some calls (not easily fixable, once it even told me there was no SIM installed). But the feeling of metal is something I'm going to miss. A metal body on a mid-range device is something you don't even imagine these days.

"We’re Apple. We don’t wear suits. We don’t even own suits." -- Apple CEO Steve Jobs

Copyright 2016 DailyTech LLC. - RSS Feed | Advertise | About Us | Ethics | FAQ | Terms, Conditions & Privacy Information | Kristopher Kubicki