The stupidest part is that, according to the thread, OEMs are allowed to provide binary only patches before the embargo ends, making the whole thing nonsensical since it's trivial to figure out the vulnerabilities from the binaries.

Fun fact: Google actually owns the most commonly used tool, BinDiff ;)

▲

nroets 6 days ago | parent [-]

Unless the OEMs bundle numerous changes with the security patch(es).

(I'm not saying it happens. I just theorise how the policy could have been envisaged)

	▲	numpad0 6 days ago \| parent \| next [-]
		In the good old days, there were exploits patched years prior by some OEMs that were never upstreamed even to Google. New rooting apps come out and... just doesn't work. I don't know if that still happens, though.
	▲	groggler 5 days ago \| parent \| prev [-]
		Not really.. numerous changes are still not a total redesign of whichever subsystem was affected so it's pretty obvious where some small security relevant changes are. A stupid embargo was always enough to ruin security by code analysis for white hats but never enough to stop attacks by code analysis for black hats.