back to article KRACK whacked, media playback holes packed, other bugs go splat in Android patch pact

Google has released its November security update for Android, addressing a bag of security holes. You should install them as soon as they are available for your phone, tablet and other gadgets. Depending on your mobile carrier and device manufacturer, they may arrive immediately, soon, late or never. Among the holes covered …

  1. Dr Mantis Toboggan
    Thumb Up

    Patched already

    Updated itself over night...

  2. Kevin McMurtrie Silver badge
    Mushroom

    Easy upgrade

    We can get the security patch by purchasing a new phone next year.

    1. Joe Werner

      Re: Easy upgrade

      ... more like every six months. No matter the price point (well, almost). And installing a mod doesn't help - these are not backported patches but completely new OS versions, not so much resource hungry but rather resource addicted. I don't like dumping stuff that is still working! (the hardware is!)

    2. Anonymous Coward
      Anonymous Coward

      Re: Easy upgrade

      Nope, if getting patches promptly is high on your list of requirements, you have been able to purchase android phones that deliver this for years. Unfortunately too many cretins are blinded by other features and patches are an afterthought.

      Monthly patching doesn't come cheap, expecting a sub £200 phone to deliver it is laughable, the only problem is some popular brands of premium phone don't either, but that is the consumers fault for continuing to buy them

      1. Danny 14 Silver badge

        Re: Easy upgrade

        or just root your phone and install firmware that is both patched and bloat free.

        1. Anonymous Coward
          Anonymous Coward

          Re: Easy upgrade

          "or just root your phone and install firmware that is both patched and bloat free."

          There is a Windows Mobile upgrade we can use?

          1. Chris King Silver badge

            Re: Easy upgrade

            Windows Mobile was patched at the last Patch Tuesday, along with Windows 10.

            It may be "dead man walking", but at least it's still getting patches. For now.

      2. big_D Silver badge

        Re: Easy upgrade

        Having used most of the premium brands of phone, I can say that only the Google Nexus / Pixel lines get patches regularly, promptly and current.

        Our Samsung S6/7/8 phones are patched, at best, to August 2017...

        1. Chris King Silver badge

          Re: Easy upgrade

          Same goes for other devices. I've got a Sony Android TV and the latest update (taken last week) only brought this up to the August 2017 patch level.

      3. Dan 55 Silver badge

        Re: Easy upgrade

        Unfortunately too many cretins are blinded by other features and patches are an afterthought.

        Other features like removable battery, SD card, dual SIM, and reasonable after-sales service or a phone which is a reasonable price and doesn't click like Flipper or have a screen which burns?

        You're pontificating as if Nexus or Pixel were perfect.

        Google has stopped updating some Nexus models and others are due to be EOL'd shortly. So much for the updates, they could have at least tried to support devices like Apple does.

        1. CrazyOldCatMan Silver badge

          Re: Easy upgrade

          Google has stopped updating some Nexus models

          Like my old Nexus 7 (2013). They stopped patching/upgrading that more than two years ago. Mind you, it was pretty unusable before that because of the extreme flash memory slowdown bug..

      4. Anonymous Coward
        FAIL

        Re: Easy upgrade

        "Monthly patching doesn't come cheap, expecting a sub £200 phone to deliver it is laughable, "

        My PC cost less than that and has been getting patches for several years.

        My more expensive phone never got them 6 months after release.

  3. inmypjs Silver badge

    I will never buy another adrioid device which doesn't ...

    have good lineageOS support so I can get firmware updates weekly instead of on the 25th of never.

    Huawei bragged about how great they were going to be with firmware updates, last update for the honor 5x I have was 14 months ago - bastards - lesson learnt.

    1. Kevin McMurtrie Silver badge

      Re: I will never buy another adrioid device which doesn't ...

      Ah, I had the 2015 Moto X Pure. A minimal OS phone that promised rapid updates, except that software and hardware support was immediately terminated. No VoLTE and no warranty service. ZTE also went the extra mile by also promising parallel Cyanogen development but instead disabled bootloader unlocking and published non-functional kernel code.

      Some companies like class action lawsuits more than repeat customers, I guess.

    2. Timmy B Silver badge

      Re: I will never buy another adrioid device which doesn't ...

      "Huawei bragged about how great they were going to be with firmware updates"

      My other half has been stung by this. Never going near them again. Oneplus are the polar opposite. I get an update nearly every month. Running my OP3 for well over a year now - on android 8 with September security.

      1. Anonymous Coward
        Anonymous Coward

        Re: I will never buy another adrioid device which doesn't ...

        Is the Oneplus the phone that's been sending all your data back to China?

  4. LazLong

    Close to driving me back to iOS.

    Lack of support by Android hardware companies is close to driving me back to iOS. At least with an iPhone I'm fairly certain I'll get two years of security updates.

    1. Lysenko

      Re: Close to driving me back to iOS.

      Wileyfox is still kicking out monthly updates for two year old phones (possibly longer - two years is just all I can vouch for personally).

      1. Warm Braw Silver badge

        Re: Close to driving me back to iOS.

        Are they still including Yandex Zen?

        Not that I want to single them out - updates are a cost for all manufacturers that can be offset by taking the opportunity to deliver new bloat and dubious intrusions under the guise of fixing bugs.

      2. Lamont Cranston
        Unhappy

        Re: Wileyfox

        I got my daughter a Wileyfox that was promptly bricked by the first update it installed. Replaced it, same thing happened. Wileyfox's oh-so-helpful suggestion was that I send it back to Amazon for a refund. Shame, really, as it was a nice phone when it worked, but I won't be buying from them again.

      3. pakman

        Re: Close to driving me back to iOS.

        Hm, I have an original Wileyfox Swift, and although things looked promising after they switched from CyanogenOS to Nougat, it is now stuck on the 1 May 2017 security patch level. I'll be contacting them in a few days if there is no sign of the KRACK-related security updates from them.

        On the other hand, I also have a Sony Xperia running SailfishOS. That one was patched for KRACK (and BlueBorne) over a week ago.

        1. TechDrone

          Re: Close to driving me back to iOS.

          I also have a Swift and latest update is 1 Sept for security patch and it's on Android 7.1.2. Kernel 3.10.49 dated 14 Sept '17. I'm sure you know to check Settings > About Phone > System Updates to make it check.

          Fox support just seem to to be totally useless tho - send it back seems to be their only response, but won't even give a rough guess as to how long they'll take to even look at it never mind fix it. And I'm guessing there'll be a charge too.

        2. pakman
          Happy

          Re: Close to driving me back to iOS.

          Just for the record, I contacted Wileyfox and they were very helpful in getting me sorted out. My Wileyfox Swift now has November's update applied, which includes the patch for KRACK

    2. Anonymous Coward
      Anonymous Coward

      Re: Close to driving me back to iOS.

      Are you a cretin? Pixel and nexus get monthly security updates from Google, so clearly this is not a Android problem, it's a Samsung (or whatever you own) problem. Actually no, scrub that, iOS deserves you, fill your boots...

      1. Anonymous Coward
        Anonymous Coward

        Re: Close to driving me back to iOS.

        "so clearly this is not a Android problem, it's a Samsung"

        No it was an Android fuck up that it relied on 3rd parties to roll up patches, repackage them with their own carrier software and them push them out. If they had not made it to be such a PoS design, this would not be an issue.

        MS rolled out patches regardless of make of phone.

        1. RyokuMas Silver badge
          Trollface

          Re: Close to driving me back to iOS.

          "MS rolled out patches regardless of make of phone"

          Oh, but rolling out updates without allowing the user to choose whether or not is bad - just look at any thread about Windows 10 updates...

        2. Anonymous Coward
          Anonymous Coward

          Re: Close to driving me back to iOS.

          Microsoft pretty much owned the only companies making windows phones...

          There are thousands of android devices, and clearly Google aren't going to support them... Its your job not to buy something with questionable support.

      2. leexgx

        Re: Close to driving me back to iOS.

        ""Fandroids with Nexus and Pixel devices will be able to get the November Android update directly from Google. ®""

        well there the thing only the Nexus 6P and 5X will get these security updates (not sure if the samsung S5 i have will get it) all there other phones are now ignored (need to unlock and flash your own if they are still working) the Nexus 6 and 5 Might get the update as they only went EOL last month (October 2017) but they dont have to

        https://support.google.com/nexus/answer/4457705 (this page should be persistent for all future google phones so probably should bookmark it)

  5. Anonymous Coward
    Anonymous Coward

    "Pixel and nexus get monthly security updates from Google, so clearly this is not a Android problem, it's a Samsung (or whatever you own) problem"

    No it's a Google problem. Wtf have OS updates got to do with your device manufacturers? They should be responsible for patching baseband firmware only. That's how it works on Windows Phone.

  6. Pen-y-gors Silver badge

    Nexus?

    Fandroids with Nexus and Pixel devices will be able to get the November Android update directly from Google.

    Oh yes? I don't think any updates for my early Nexus 7 have been available for a couple of years.

  7. Temmokan

    As for "never"... Samsung did absolutely nothing when BlueBorne was revealed... and I am sure they will ignore KRACK, too.

    A truly Zen approach, methinks. or perhaps, Samsung simply thinks that all unhappy owners of affected devices will just buy new ones. That simple.

  8. Hans 1 Silver badge
    Mushroom

    Update your firmware ASAP to avoid being hacked

    Sure, but where is it Samsung, LG, Archos, Logicom ?

    YOU BAAAAAAAAASTARDS [Fawlty* style]

    * For our non-Brit friends: https://www.youtube.com/watch?v=glD17Lyh8EE

  9. peterm3
    FAIL

    My Samsung S5 has appropriately snough 1 April 2017 as the Android security level. Just searched for updates, nothing.

  10. Anonymous Coward
    Anonymous Coward

    You should install them as soon as they are available for your phone...

    Providing you're still alive. Perhaps your great grandkids could do it.

    Mine's the garden with a wall around it.

  11. David Pearce

    They cannot blame hardware capability either. Just like PCs, smartphone specs have hardly grown in two years. My Oppo is 8 core + 2GB RAM, 16GB flash. Many new phones are similar spec. Now 29 months old and no update since 4.4.4 almost two years ago

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019