back to article Don't be an April Fool: Update your Android mobes, gizmos to – hopefully – pick up critical security fixes

Google has released the April edition of its monthly Android security updates, including fixes for three remote-code execution vulnerabilities in the mobile OS. This month's batch – now out for Google-branded devices, at least: other Android device manufacturers and carriers push out updates on on their own – includes one …

  1. Andrew Commons

    Pixel only

    I think anything other than the Pixel series is now on its own. The 3 year security update window has closed on all other 'Google' branded phones.

    1. dajames Silver badge

      Re: Pixel only

      The 3 year security update window ...

      ... should be much larger. A cut off for feature updates, new Android versions, etc., after three years seems reasonable, but security is more important than that. The window should be at least five years, and maybe as much as ten.

      1. Andrew Commons

        Re: Pixel only

        I would certainly agree that it should be much longer than 3 years but the reality is that the majority of android phones out there are unpatched at the operating system level because the manufacturers and telcos don't bother with the updates.

        Nothing incredibly bad has happened because of this. The stagefright vulnerability was a non event. The action is in the Apps.

        That could all change overnight of course but until that happens there will be no pressure to change things and the 3 years of updates matches the replacement cycle of the majority of phone users.

        1. Anonymous Coward
          Anonymous Coward

          Re: Pixel only

          "but the reality is that the majority of android phones out there are unpatched at the operating system level"

          Want to cite any of those claims? And please don't trot out that full version adoption number list that Google provide (and idiot "tech" writers continually push out), as patches are available every month for all recent versions of Android, so you really don't need to be running the latest OS to run the latest patches.

  2. Anonymous Coward
    Anonymous Coward

    All done

    3 phones (pixel 2, pixel 3 and an essential ) and a tablet (Huawei Mediapad m5) all running this month's patch. When I say all done, it just happened, I didn't need to do anything, so question why this is even news, given that apple don't get the same fix by fix breakdown every time they release a patch..

    1. Korev Silver badge

      Re: All done

      What would actually be newsworthy would be if non-Google Android phones got patched when they're more than a month or two old.

      1. Belperite

        Re: All done

        Pixel 3 all updated here this morning. Samsung are pretty good with keeping phones up to date these days (normally about a month or so's delay after Google emits the patches).

        1. Charlie Clark Silver badge

          Re: All done

          Samsung are pretty good with keeping phones up to date these days

          Ah, but for how long do they support their devices? Used to be 18 months and then you were on your own.

      2. fandom

        Re: All done

        They are patched if they are "Android One" phones

        1. Tony W

          Re: All done

          My Motorola One, bought direct from manufacturer, running Android One, gets patched around a month late on average. That's a lot better than most, but why the delay?

  3. Anonymous Coward
    Anonymous Coward

    still waiting on my samsung update from a couple of years ago

    Shame you can't bypass the companies that take your money and then ignore you.

    If only Google had made android abusers provide the source for all their drivers

  4. mark l 2 Silver badge

    My phone has not seen an update from the manufacturer since September 2018, so doubt i will ever see anything from them regarding these fixes.

    There is nothing wrong with the hardware, just the software is out of date

    There are some custom ROMS available which might get these patches, but I have found that certain functions on the custom ROMs don't work due to closed source drivers in the original manufacturers Android build. Such as video recording from apps other than the stock camera app, waking the device up with the alarm clock and other niggles.

    1. Colin Ritman
      FAIL

      You can't decide AFTER you bought a phone that you cared about support, it's something you need to consider BEFORE you buy. Google provide a very comprehensive list of devices that are signed up for regular patching. You bought something else, how is it anyone's fault but yours???

      https://androidenterprisepartners.withgoogle.com/devices/?_ga=2.125959051.785171320.1554194720-578566436.1554194720#!?AER

      1. Andrew Commons

        I cared about support...

        Nexus 5X, latest available at the time of purchase. Support ended at the end of last year. Only Pixel getting security updates now. Nexus 5X still works so I'm now three months worth of critical updates out of date and that will just keep on going up.

        1. chasil

          I care about 3rd-party support.

          The first thing that I did when I got my Nexus 6 three years ago was wipe stock.

          After running Lineage with gapps for years, I finally made the jump to the MicroG reroll of Lineage.

          I feel far safer.

      2. DCdave

        @Colin Ritman

        None of which helps if the manufacturer just can't be bothered to support a device any more, like happened with my previous phone that came with a promise of two years monthly security updates and any letter upgrades within that time (essentially what AndroidOne now promises). After a year the monthly updates became irregular and the letter update was pushed and pushed until beyond the two years and then quietly dropped.

      3. Dan Melluish

        I specifically chose my new phone because it was on that list. It's been at least 5 months since I last received an update :( I've contacted the manufacturer about it and just got the standard line of "if you press 'check update' and nothing is found then you are all up to date and don't need to worry".

        I guess I could contact Google about it but what would they really do about it (apart from remove my particular phone model from the list)?

        It's a Huawei by the way.

        1. Andrew Commons

          @Dan Melluish

          You should probably look at this: https://support.google.com/pixelphone/answer/4457705?hl=en

          Nexus support died in November but I think they did ship a December update but it has been quiet since then. Pixel is now the supported device but only for three years from the release of the model.

          All other manufacturers have their own policies that are independent of Googles policies.

          I think the list you looked at was misleading.

          1. Dan Melluish

            @Andrew Commons

            I totally agree, I don't trust that list at all any more! When I got the phone it was a relatively new programme and Google were making all the right noises. Oreo phones were promised 3 years of support, 90 day security patching and 1 major letter version upgrade. If it sounds too good to be true and all that...

            The phone is working fine so I have no complaints on that front. I probably thought it was a better buy than some of the competing models because of what appeared to be a clear update policy verified by Google...that's annoying.

            1. Anonymous Coward
              Anonymous Coward

              Again, where did you buy your phone from. if it's from Vodaphone, EE or any other UK network, then your problem is with them. The Android Enterprise program is a collaboration with hardware manufactures, and they are keeping their end of the bargain,.

              1. Dan Melluish

                SIM free UK model for me.

        2. ibmalone Silver badge

          My phone is also on that list (was unaware of its existence when I chose the phone) and coming up to 18 months. After monthly updates there was a three or four month period from the end of last year when it didn't get patched, but they seem to have started up again, seems there was some difficulty with the upgrade to Pie and they didn't roll it out to British models until it was sorted out. Will be interesting to see what happens at the 18 month mark.

        3. Anonymous Coward
          Anonymous Coward

          OK, lets call you out on this. Got a model number? Lets see a screenshot.. Did you buy it from a network? In which case, your beef is with your network for not releasing the update...

      4. ThatOne Silver badge
        Stop

        > https://androidenterprisepartners.withgoogle.com/devices/?_ga=2.125959051.785171320.1554194720-578566436.1554194720#!?AER

        I don't know if that's a joke, but that list only shows three (3!) tablets, two of which are just different sizes of the same model. Choices, choices...

        Now I don't know the total number of android tablet models sold right now but I think it's a lot more than 3, so essentially according to that list almost no tablet will get any updates. Cool.

        I thought with Project Treble patching would get easier/possible, but apparently that was just marketing talk too.

    2. Ramis101

      My phone (HTC One X+) has only ever received ONE update in all the time i have had it (pushed by O2) & that was roughly 4yrs ago. Just checked and it says its "up to date"..... Hmmm.

      I've fitted more batteries to it than its had updates!

  5. Adair

    I bought my Xperia XZ in December 2017. Since then Sony have provided at least six 'System updates', the latest just a few days ago, so at least some manufacturers make an effort to look after their customers.

    1. Andrew Commons

      You want to check their update policy. I've seen some suggestions that it is 2 years from device release but you seem to have gone past that point.

      http://www.xperiablog.net/2018/02/01/sony-mobile-official-android-upgrade-policy-firmware/

  6. Anonymous Coward
    Anonymous Coward

    Since retiring a Nokia 830, i've been using a Oneplus 2 loaded with LineageOS - daily updates if you want them, personally I update monthly but about a week behind the latest release, if that makes sense....

    Thought I was going to have a harder time 'transitioning' than I did, I still miss the quality of the Nokia camera plus a few other minor niggles, otherwise a de-googled Android phone seems fine to me.

  7. Stork Silver badge

    Where is AndroidOne in this?

    I got a Nokia 5.1 last, partly for being AndroidOne; last update was March but there is nothing new today.

  8. Anonymous Coward
    Anonymous Coward

    I knew there were several reasons I chose iOS

    I knew there were several reasons I chose iOS…

    (Sits back to watch the downvotes…)

    1. Gene Cash Silver badge

      Re: I knew there were several reasons I chose iOS

      Eh, Android sucks galaxies through a millipore filter, but Apple is even worse. Updates aren't an issue because they have total control over their hardware. Which causes problems of its own.

      Several developers have quit working on important apps (e.g. PYKL3 Radar) due to Google Play treating them like shit. I removed my apps from Play myself for the same reason.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019