Android's latest patches once again remind us: It's Nexus or bust if you want decent security

It's Nexus or bust - full stop!

Google are wasting their time

They might as well just patch the Nexus and not bother releasing the patches to any other manufacture. Everyone knows that the combined clusterfuck of manufacturers and carriers will never get these patches to end user devices.

My Samsung S7 Edge has been getting Google security patches every single month without fail since I had it, just like my Nexus device did. So not really an accurate headline.

Anyone know how good Cyanogen is at keeping up with Nexus?

Tempted to try that on my Android 5.0 Asus Zenfone after reading this!

fwiw my S5 is still getting updates, which surprises me (even though it shouldn't).

Yawn

Scare stories, FUD and clickbait beware.. you really have become the tech press laughing stock. The daily mail of blogging (you can't really call what you write journalism, blogging is more accurate)

"Getting a bad text or visiting an evil webpage could be enough to slip spyware onto your device"

Untrue

"these kinds of low-level flaws were used to blow apart Android's full-disk encryption system last month."

Untrue

"A malicious app on a Qualcomm-powered phone or tablet could exploit these to gain kernel-level access – completely hijacking the device"

Unture

Meh

Time for another OS... or a fork of Android...

For those that care Cyanogenmod is still good for security updates, even for Kitkat on an ancient 1st generation Galaxy Tab - if you don't mind slow and heavy!

This is why reviews need information about third party ROM support

Forget the camera, this is why it is essential to hold manufacturers to account otherwise they will never change. If you reward failure, there is no incentive to succeed.

Never mind 'it's fast, waterproof, etc' the review should read 'It's a fast and functional phone but MegaCorp's support policy means it'll be a £500 doorstop inside 18 months. 2/10'

Time to see where the latest Marshmallow Cyanongen builds for my 2012 phone are up to, because Motorola certainly haven't been patching it for years. It's not even on the list of devices for updates.

About the only thing it doesn't do is 4G outside the US, and it's a bit unhappy running Pokemon Go. Frankly I can live with that, and uninstalled it.

How do I know if my Huawei device has been updated with any security fixes ?

So what do the phone networks have to do with code patches that Google don't have to deliver as mobile data? The last one I got came via the free Wi-Fi in the pub

Perhaps Google should re-architect Android so that it is a set of applications that run on top of an OS. The OS would, obviously, contain device specific code, so it would be up to the hardware vendor to maintain that bit. The Android bit would be just algorithms adhering to open standards. Google could update that on any device whenever they pleased.

But a Mongolian clusterfuck is just so much easier for all the developers concerned.

Fix the headphone volume mis-feature and I'll buy Nexus again

Google intentionally limits the headphone volume (apparently due to a lawsuit). It is a big problem because if you use an aux connector it requires that everything be turned up to 11 and it still isn't loud enough.

Please make this easy to override without rooting the phone.

Over Simplification

PS: Yeah, yeah, BlackBerry's Priv and DETK50 Androids get patches at the same time as Nexuses. We know. Good for them.

Your a git Iain and that is not correct. You paint everything in a "Google is the best" light when these problems have been around since the inception of Android (yes Googles fault). All vendors receive the updates at the same time, however Blackberry has put in place a policy to release patches on the same day they are publicly available. Maybe you should quite being a biased moron and write something like:

"Blackberry has a chance to shake up the market as they are the only other vendor besides Google themselves that will have security patches available as soon as they are publically released. That is, if users (and moron tech writers) are smart enough to see that something needs to change in Android security."

Remote code execution in Wifi driver!?

Oh man that's a tasty one...

Too bad the cell networks are irrevocably broken

I still get near-daily spam calls from numbers that cannot exist (like yesterday, I got a phone call from the telephone number "1", or sometimes I'll receive calls from my own number) and the carriers are powerless to do anything about it since the protocols themselves are crap when it comes to security and allow impersonation by allowing a adevice to inject whatever phone number and EMEI / MSISDN / IMSI ID it wants into the packet header without the tower even checking.

For a while, I was able to use an inexpensive SDR to authenticate against the tower using the phone number (555) 867-5309 and make and receive phone calls with that number.

Oneplus 3 here...

Patched upto 1st July.