Earlier today, we saw that Sprint decided to hit the EVO family of devices with a much needed update for the security updates depicted in what we like to call PoC#1 (proof of concept #1), which was presented by XDA Recognized Developer TrevE. This security vulnerability basically allowed open access to sensitive device information thanks to a service built into the device of an apk called htclogger. As of the latest patch rolled out by HTC, this issue has finally been put to bed. It was confirmed that HTC has indeed removed said apk from the system thus effectively taking care of the original concern regarding consumer’s sensitive data being at stake. This was a good move by HTC and considering that the amount of bureaucracy and legal hoops that they must have gone through (let alone the amount of Quality Assurance and Final Testing by both HTC and the carriers), it was a remarkable thing that they were able to get a patch out in such a short period of time.
On the other hand, as with most processes that involve more than just one entity, there is always a bottleneck, something that will almost 100% guarantee that the update will not get to you at the same time as others. In this case, we have Sprint to blame for that and the reason is rather simple. Just think about the massive amount of data that needs to be moved and pushed to the millions of customers across their network, even if it is only 5 MB, as it was the case with the latest patch, when you multiply this by the number of users who will need this, the capacity of the network becomes a concern. They need to maintain service also for those millions of customers and if they were to push out the update to everyone all at once, you’d likely experience service interruptions. Sprint’s (and really most carrier’s) technique to avoid this is to push the OTA updates in waves.
Now that we laid down the groundwork for the point, lets cut right down to the chase. The roll-out to customers via OTA updates is a rather unnecessary step in this whole process. Why? I don’t know about you, but my EVO 3D is fitted with a wonderful tiny radio chip that allows me to connect via Wifi and I also have a quizillion other ways to get to the internet. See where I am going? What is the point of rolling something like this via OTA? I have personally followed HTC’s website for a very long time and as far as I can remember, they have always offered updates via direct downloads in their site. I understand that not everyone will know how to run a RUU or to even flash a zip as not every Android owner knows what he/she has in their hands, but allowing the end user to apply the patch directly from the manufacturer’s site would have the following impacts: