Google splats more bad Android security bugs with patches your mobe will probably never see Another month, another patching cycle for Android. Google's mobile OS has picked up seven critical patches, ten classed as high priority, and a pair of moderately important fixes. In short, playing back a booby-trapped video or receiving a message with malware hidden in it could lead to malicious code running on a vulnerable …
Sorry, that's bollocks.
The patches are released for 5.1 and 6.0 and most of my devices already have them, the others are (if last months updates are anything to go by), are due in a couple of weeks.
I know it's really fashionable to bash Google and Android. Remember when they got bashed for not releasing security updates often enough? Now they do, it's time to twist the argument.
How many Android users have you ever come across that have ever had any malware or nasties on their device? Me, I see loads of devices, and have NEVER come across a single issue. I also see Windows PC's and it's rare to come across one that's clean...
Lets stop pretending Android is the new Windows, when it comes to vulnerabilities, it's not.... It has LESS CVE's than iOS.... (which only today had several critical lockscreen bypass bugs... Someone want to tell the FBI???)
> The patches are released for 5.1 and 6.0 and most of my devices already have them
My Moto G (1st gen) got 5.1 ages ago, and hasn't had an update since (not even 5.1.1).
It's still working fine as a phone. It would be a real shame either to bin it, or have to jump through the rooting / modding hoops.
Yeah, it's so easy to spot the infected ones, coughing and wheezing, some of them can barely stand. But whenever I see an Android phone it exudes healthiness!
Don't forget "LESS CVE's than iOS". Because counting them is a great way to judge a platforms security. What's that? Windows has less than Linux? Well, obviously it's not significant then, I was talking about mobile OSs....
So I got a Samsung.
a S5, precisely a SM-G906S, flagship edition, korean release only, top of the cream S5s ever released.
And I have Android 5.1. The 2 latest updates have been updates to 5.1. last one mid february.
I have NOT been able to find a changelog. Or even details on what has been patched.
I DO have a changelog number, but even a less than casual google search has been unable to give me any details on WHAT exactly was patched.
So...a comment about "still not as bad as.." is about as usefull as a comment on "Me, I see loads of devices, and have NEVER come across a single issue"... notably because YOU possibly don't really know what's happening and what's hot on the scene. mostly because there is a 99.9% chance that you are a luser like the rest of us.
On a positive note, you have my model number, and have been informed that I use the latest publicly available firmware. Can you tell me if I am at risk from the CVE's ? no ? me neither...
These things are possible but appear to be discovered by lab technicians with no reported incidents in the real world. Just how worried should we be?
Well, I have a Nexus 6, just patched with the new build, so I'm ok, Jack, but since these things seem to be theoretical, does it really matter?
Just asking...
Most are pretty unlikely since they rely on side-loading a malicious application, or receiving dodgy MMS messages (unlikely due to the expense that would be incurred by the sender). Only a couple appear to be exploitable by browser misdirection to a malware site or MITM attacks.
What is interesting is that quite a few of these are Linux Kernel issues and binary device driver issues which aren't in the strictest sense Android itself and could apply to any device running the same Linux kernel or device drivers.
Unless you're going to take on the task of rooting it etc. to install something else, telling your non-techie friends "buy this model because you can install something better on it" is going to get you a glazed over look in return. That's like telling them to buy a particular model of car because it makes replacing the struts an easier DIY project.
And if do perform that service for them, you will become their tech support for life. Good luck with that.
Yeah it's a great 'eco system' aint' it? I've had my phone a year. Okay so it's an S3 Neo but that isn't 'ancient'. It's running Kitkat 4.4.2. According to this 4.4.4 was released 18 months ago.
So I do a check for updates 'You are running the latest version'..
Great.
I guess I could through the faff of manually updating but I shouldn't have to.
...and this is exactly why I ditched my old (but just about still working) Samsung phone and got a Nexus. Samsung appear to lost all interest in their devices within 6 months of their release, which coincides with roughly how long it takes them to vomit up their updated software that's already out of date by the time they graciously release it.
Strangely enough my Samsung S4 started getting monthly security updates in October I was fairly happy about that (though they never listed what the update addressed)
Though that was because EE sent me an S4 that was a standard UK model without all their crap on it, friends with 'official' EE S4 phones never got a thing and only received 2 updates last year.
If you look at Sammobile it's amazing the difference between carriers when it comes to updates (when I say amazing I actually man shit BTW)
I swapped to a Nexus 5X in December and am happy about receiving monthly security updates, though I would be happier if EE could actually give me the WiFi calling that they promised the 5X back in September
In the EU it's still within the period (two years) of statutory guarantee so you are within your rights to sue Samsung. Contact you local consumer rights body for more information.
In general, most handset manufacturers have a shocking record when it comes to providing updates. We need more legal cases like that launched recently in the Netherlands.
We'll only find our rights are respected if we are prepared to assert them.
So we complain that Android does not get automatic updates but we complain that Windows 10 DOES !
I want updates but want to choose which, when and if to update at my choice whichever OS i use.
Running CM on my 2012 Motorola Razr MAX Android Marshmallow Nightly build 29/02/2016. only 3 google apps. camera, chrome, keyboard.
windows 7 (no telemerty or get win10 now) but all other updates and security patches
OSX Snow leopard (out of support but hardware wont take a newer OS)
iOS ( 7 ) old iPad 2 so don't want it to be SLOOOOOW and don't need fitness or health apps etc and as they are all or nothing ill stay where i am thanks.
My parents iPad 2 seems just fine to me running iOS 9. I can't do a side by side comparison with all the intervening versions but there's no problem with its performance from my perspective.
When a new iOS version is released, you typically hear complaints "my old device xx got slower!" but a month or so later when the .1 version is released you hear "my old device xx is faster" so I think they probably don't get a lot of testing on older versions when developing a new iOS release. That's not surprising - you'd expect Apple employees, developers and the public interested enough to beta test to be likely to have newer hardware. After release when it gets installed on them Apple will investigate the specific complaints and resolve them in the updates.
So the solution is to probably hold off on updating a bit if you have older hardware, and hit the .1 release or even .2 if you want to be sure.
Bought a Nexus 5X a few months back - used to have an Samsung SIII - last full update was 1st Feb. It isn't seeing these new updates just yet. 30 quid up front plus agreeing to sign up for another two years with O2 (O2 is the only network that has decent coverage out where we live).
I wish people would just stop moaning all the time. It's depressing - software is complex, especially multi-threaded, real-time stuff. It will always have holes regardless of who made it - the whole iOS/Android/Windows/Linux/whatever is just navel gazing. Get a life (and a tin-foil hat), guys (and you are almost exclusively guys). It really isn't that important.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
