23
Leave a Reply

avatar
23 Comment threads
0 Thread replies
0 Followers
 
Most reacted comment
Hottest comment thread
0 Comment authors
aloseRocketfin2varnell_hillBubiBalboaMagicKing577 Recent comment authors

This site uses Akismet to reduce spam. Learn how your comment data is processed.

  Subscribe  
newest oldest most voted
Notify of
yourSAS
Guest
yourSAS

>In the worst cases, Nohl says, Android phone manufacturers intentionally misrepresented when the device had last been patched. “Sometimes these guys just change the date without installing any patches. Probably for marketing reasons, they just set the patch level to almost an arbitrary date, whatever looks best.”

WTF!

franz_bonaparta_jr
Guest
franz_bonaparta_jr

Android is a joke

Oilers974
Guest
Oilers974

So what does this mean

Claimed patch level: 2018-03-01 (certified)

S8+ not rooted bell

42 patched

12 inconclusive

HeatFan786
Guest
HeatFan786

My unlocked Snapdragon US Galaxy S9+ is running the Feb 2018 patch. Brand new phone running two month old patches. Doesn’t surprise me Samsung is behind.

professorTracksuit
Guest
professorTracksuit

Open source your OS they said. What could go wrong? Never trust an OEM. Looks like they’re doing the same thing all over again with Fuchsia.

AlexH1337
Guest
AlexH1337

Samsung is extremely transparent when it comes to this. They are the **only large** Android OEM next to Google that actually provides guaranteed 2 major OS upgrades and 3 years of Security updates to the S and Note lines even if they’re slow. Because they implement a lot of wildly different code at times, some patches are labelled “not applicable to Samsung devices”. They maintain a website here: https://security.samsungmobile.com/securityUpdate.smsb that outlines each included patch, patches that do not apply, and those that were already included even before the update. Regardless, a Galaxy S8+ on the March Security update shows 0… Read more »

MagicKing577
Guest
MagicKing577

Hmm that was interesting.

BubiBalboa
Guest
BubiBalboa

~~All hail, LineageOS!~~

E: Apparently not quite. 🙁

varnell_hill
Guest
varnell_hill

Hmm. I know we’re waiting for the full report, but I can’t help but wonder if they found a gap in updates on any Pixel devices?

Rocketfin2
Guest
Rocketfin2

Weird that Motorola is in the 3-4 category, my g5+ only had one according to the app

al0kz
Guest
al0kz

No mention of blackberry? Or does that fall within TCL?

WeirdCode
Guest
WeirdCode

So r/android now turns to iPhone.

??? Zoop!

slinky317
Guest
slinky317

If you care about updates, buy Pixel.

If you buy another manufacturer, you are taking a gamble with updates.

SirVeza
Guest
SirVeza

> “We found several vendors that didn’t install a single patch but changed the patch date forward by several months,” Nohl says. “That’s deliberate deception, and it’s not very common.”

That is such a crap move. However, I always wondered if manufacturers ever did this and now there’s proof that does indeed happen.

> In an effort to solve that missing patch transparency problem, SRL Labs is also releasing an update to its Android app SnoopSnitch that will let users check their phone’s code for the actual state of its security updates

[Link to the app](https://play.google.com/store/apps/details?id=de.srlabs.snoopsnitch)

dustarma
Guest
dustarma

My Moto G5+ running the Jan 1st security update seems to be missing patches regarding “Elevation of privilege vulnerabilities in libziparchive” and a Remote code execution vulnerability in framesequence

Everything else is either patched or was tested inconclusively by the app.

**EDIT**

I updated to the march 1st security update that recently came out and it fixes all of the March 1st bugs plus 3 of the 4 ones that were missing from previous updates.

[Moto G5+]comment image)

cgknight1
Guest
cgknight1

I see TCL on that list – I wonder how this applies to their blackberry branded devices?

altimax98
Guest
altimax98

Don’t fool yourselves. This is Google’s problem as they refuse to handle and hold their OEMs to proper standards and actually enforcing requirements. Google should establish update requirement timelines, security patch requirements, and other standards that *must* be followed or the OEM loses CTS compliance for a period of time.

Until Google takes security of devices running Android as seriously as they do their own devices security, problems like this will continue to crop up.

GumOnYourTire
Guest
GumOnYourTire

> Their testing found that other than Google’s own flagship phones like the Pixel and Pixel 2, even top-tier phone vendors sometimes claimed to have patches installed that they actually lacked.

.#TeamPixel

jawz101
Guest
jawz101

I wish this app was actively maintained. It seemed like they actually had a way to test exploits on your device to see if they were patched.

https://github.com/AndroidVTS/android-vts

ladyanita22
Guest
ladyanita22

> While phones with processors from Samsung had very few silently skipped patches, ones that used chips from the Taiwanese firm MediaTek lacked a whopping 9.7 patches on average.

For those saying this is not chipmaker’s fault.

konrad-iturbe
Guest
konrad-iturbe

>While phones with processors from Samsung had very few silently skipped patches, ones that used chips from the Taiwanese firm MediaTek lacked a whopping 9.7 patches on average.

This is why so many people avoid MediaTek based phones.

Also my Mi A1, an Android One (from Xiaomi) phone has 1 security patch missing.

w1x0r
Guest
w1x0r

This is more than you think common with custom roms. Implementing security updates is not easy job, it has to be tested.

alose
Guest
alose

I guess all the more reason to run LineageOS.