Android Security Bulletin(source.android.com)
source.android.com
Android Security Bulletin
https://source.android.com/security/bulletin/2016-07-01.html
25 comments
Sigh. I have a well functioning Nexus 4. According to https://support.google.com/nexus/answer/4457705 this device is no longer supported. I wondered why I wasn't seeing update prompts as often as my partner. Time to grit my teeth and install CyanogenMod I guess. Planned obsolescence depresses me.
You have no idea how lucky you are to have received ~3.5yrs of updates on an Android phone. Sadly that's the exception, not the norm. (The oldest iPhone still receiving updates is the 4S, which predates the Nexus 4 by a full year)
I use Fake Nexus ROM to stay up to date. Not ideal, but if you want the latest security patches, you don't have any other choice.
http://forum.xda-developers.com/nexus-4/development/fake-nex...
http://forum.xda-developers.com/nexus-4/development/fake-nex...
Could someone explain why we still have monolithic "firmwares" on our phones instead of PC style OS which could be updated directly from Google? That wouldn't preclude OEMs and carriers adding their crapware (and drivers), but it sure would make the landscape bit more secure.
Since there really isn't any good technical reason for that not to be the case, it is painfully obvious that Google doesn't care enough to actually fix the problem and the OEMs and carriers have no incentive to provide updates, so most of them don't.
Media server remote code execution. No way!
For those interested in an old talk about rooting phones via media server & MMS watch this great talk.
https://youtu.be/71YP65UANP0
For those interested in an old talk about rooting phones via media server & MMS watch this great talk.
https://youtu.be/71YP65UANP0
https://copperhead.co/android/ Try it out!
"Partners were notified about the issues described"
I left Android a year or so from the aftermath of the "Stage Fright" incident. I was very disappointed when my fairly new Android handset didn't get any updates to that problem.
It will be interesting to see if the Android ecosystem has learned anything since then. (Other than it is a good way to sell new handsets.)
I left Android a year or so from the aftermath of the "Stage Fright" incident. I was very disappointed when my fairly new Android handset didn't get any updates to that problem.
It will be interesting to see if the Android ecosystem has learned anything since then. (Other than it is a good way to sell new handsets.)
No they have not, OEMs and Handset manufactures rather sell new devices than provide updates, just like they used to do with Symbian and similar proprietary handsets.
http://www.androidauthority.com/android-7-0-update-679175/
http://www.androidauthority.com/android-7-0-update-679175/
Blackberry has released Android security updates every month.
Blackberry also only has one Android phone. Let's wait and see how they handle things when they have more models to support.
I'm also concerned that Blackberry phones (Android or otherwise) aren't long for this world. The Priv has hardly been a success and Blackberry OS appears to be on life support.
I'm also concerned that Blackberry phones (Android or otherwise) aren't long for this world. The Priv has hardly been a success and Blackberry OS appears to be on life support.
They actually have 2 with 1 more to be released later in 2016 with a PK.
Do they still matter at all?
If you want an Android phone, as secure as a Nexus, then yes.
I hardly see them anywhere on sale here in Europe.
This can be turned into a nice 'name and shame'. If someone could document currently shipping devices that are still vulnerable. Then everyone can tweet/blog/complain the hell out of it until OEMs and carriers start taking some responsibility.
In general, you can really only count on having supported Nexus devices patched in a timely fashion. This is the reason that my employer only allows corporate access from Android phones when they are Nexuses.
> If someone could document currently shipping devices that are still vulnerable
Chances are at this point in time: every single device.
> Security patch levels of July 05, 2016 or later address all applicable issues in this bulletin
My Nexus 6P is on the July 05 patch level. So is my 3 year old Nexus 7.
Unfortunately, most OEMs lag far behind what Nexus users are accustomed to.
My Nexus 6P is on the July 05 patch level. So is my 3 year old Nexus 7.
Unfortunately, most OEMs lag far behind what Nexus users are accustomed to.
I have been using the BlackBerry Priv since it's release. One of the best things they have going for them is how quickly they apply the android security patches once they are available.
I think they have released every security patch on the day of the public disclosure since the Priv released. This blog post shows the release dates up until March atleast, and they've hit the Nexus release dates on all of them.
http://blogs.blackberry.com/2016/03/beating-expectations-and...
EDIT:
The beta branch for the Priv already applies 5th August security patch. Usually the official release is not that far (a week or so AFAIK).
http://m.gsmarena.com/latest_priv_marshmallow_beta_brings_au...
I think they have released every security patch on the day of the public disclosure since the Priv released. This blog post shows the release dates up until March atleast, and they've hit the Nexus release dates on all of them.
http://blogs.blackberry.com/2016/03/beating-expectations-and...
EDIT:
The beta branch for the Priv already applies 5th August security patch. Usually the official release is not that far (a week or so AFAIK).
http://m.gsmarena.com/latest_priv_marshmallow_beta_brings_au...
Samsung follows the carriers where as I think they have the power that apple has to force carriers to do their bidding. My S6 edge is a few months behind android patch level but I know for a fact that the exact same model in other countries is on patch 1st July patch level. Its the same damn phone.
Some people complain that old models are obsolete but what about the same newish model getting the latest security patch in one country and not in another.
Can confirm. My friend's unlocked S6 is at July patch level.
What is the incentive for carriers to limit updates ?
To save cost on bandwidth ? (...)
Another related/unrelated rhetorical question, should I prepare to buy another Nexus when my Nexus 5 is no longer supported ? (which should be soonish)
Another related/unrelated rhetorical question, should I prepare to buy another Nexus when my Nexus 5 is no longer supported ? (which should be soonish)
They usually provide their own customizations also they are very keen in exchanging devices for a contract renewal for those customers on contracts.
[deleted]