Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Document that older Android versions have unmitigatable security risks on our supported platforms page #11828

Open
Hixie opened this issue Mar 1, 2024 · 6 comments
Open

Document that older Android versions have unmitigatable security risks on our supported platforms page #11828

Hixie opened this issue Mar 1, 2024 · 6 comments
Assignees
@ash2moon
Labels
dev.integration Relates to platform integration e1-hours Effort: < 8 hrs p2-medium Necessary but not urgent concern. Resolve when possible. t.sec.general Relates to Flutter app security target.Android Target apps on the Android Platform

Comments

@Hixie
Copy link
Contributor

Hixie commented Mar 1, 2024

Subcomponent of flutter/flutter#63559.

We should update our public documentation to mention that versions of Android older than Android 9 (aka Pie, SDK level 28) leave applications vulnerable to the StrandHogg attack, and then link to https://developer.android.com/privacy-and-security/risks/strandhogg.
@Hixie Hixie mentioned this issue Mar 1, 2024
Closed
@Hixie
Copy link
Contributor Author

Hixie commented Mar 1, 2024

cc @mariamhas

@flutter-triage-bot
Copy link

This issue is assigned to @reidbaker and @mariamhas but has had no recent status updates. Please consider unassigning this issue if it is not going to be addressed in the near future. This allows people to have a clearer picture of what work is actually planned. Thanks!

@mariamhas mariamhas removed their assignment Oct 9, 2024
@flutter-triage-bot
Copy link

This issue is assigned to @reidbaker but has had no recent status updates. Please consider unassigning this issue if it is not going to be addressed in the near future. This allows people to have a clearer picture of what work is actually planned. Thanks!

@reidbaker reidbaker assigned ash2moon and unassigned reidbaker Feb 14, 2025
@reidbaker
Copy link
Contributor

This will be a flutter/website change.

@antfitch antfitch transferred this issue from flutter/flutter Mar 17, 2025
@antfitch
Copy link
Contributor

antfitch commented Mar 17, 2025
edited
Loading

Transferred this to the website. Maybe we add a note here:
https://docs.flutter.dev/get-started/install/linux/android

@sfshaza2 what do you think? This seems like an Android issue, not a Flutter issue. But it also seems like a pretty serious issue.

@ash2moon ash2moon mentioned this issue Mar 18, 2025
Closed
4 tasks
@parlough parlough added p2-medium Necessary but not urgent concern. Resolve when possible. e1-hours Effort: < 8 hrs t.sec.general Relates to Flutter app security target.Android Target apps on the Android Platform dev.integration Relates to platform integration labels Mar 18, 2025
@ash2moon
Copy link

@antfitch I added this PR #11829 to add a new page for vulnerabilities.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@ash2moon ash2moon

Labels
dev.integration Relates to platform integration e1-hours Effort: < 8 hrs p2-medium Necessary but not urgent concern. Resolve when possible. t.sec.general Relates to Flutter app security target.Android Target apps on the Android Platform
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Add index of platform vulnerabilities that Flutter developers should be aware of ash2moon/website
6 participants
@Hixie @reidbaker @parlough @antfitch @mariamhas @ash2moon