Google has started distributing a patch for the Android mobile phone OS. It seems like this is an early try, to see how well the infrastructure works to distribute and install updates. The system update is announced by a simple, short message: “A system update is available” and the user can update at that time or later. The new software is downloaded quickly, within a few minutes, and then installed with no hitches whatsoever. The patch fixes the highly publicized security problem with Android’s Web browser and makes a few other minor changes.

The ones who discovered the problem, researchers Charlie Miller, Mark Daniel and Jake Honoroff of the Independent Security Evaluators, called it a serious flaw, but Google replied that its severity is mitigated by Android’s design, one which restricts each program to its own area. Obviously, Google has now appealed for something that is called “responsible disclosure”. Company representatives asked for a grace period to fix the problems (security vulnerabilities mostly) before they’re made public. This way, an attacker will have less chances of exploiting the vulnerabilities.

It’s an old problem and there’s a lot of tension between companies that want to fix their products and security researchers who want to get the word out, and that’s because attackers are also trying to find the vulnerabilities. If the company doesn’t get the chance to fix the problem and that bug is made public, attackers have a chance at exploiting users’ phones, even if they haven’t previously managed to find the error.