back to article Android gets larger-than-usual patch bundle as researchers get to work

As a further sign that researchers are getting serious about finding holes in Android operating systems, Google has released one of its biggest ever monthly patch bundles, with 39 flaws fixed. "The most severe of these issues is a Critical security vulnerability that could enable remote code execution on an affected device …

  1. Anonymous Coward
    Gimp

    Android gets larger-than-usual patch bundle

    Yet I don't see my bloody phone doing a patch Tuesday. To be honest I'd be glad for a patch Qn. Obviously I am talking about an ancient unsupported mobe - Sammy G S6!

    1. Charlie Clark Silver badge

      Re: Android gets larger-than-usual patch bundle

      Take the matter to your local consumer protection or trading standards body. Manufacturers will only get serious about patching if customers and/or regulators force them to.

      1. Anonymous Coward
        Anonymous Coward

        Re: Android gets larger-than-usual patch bundle

        No, even better, don't buy their products again.

        Money speaks far more than toothless regulators.

        1. Anonymous Coward
          Anonymous Coward

          Re: Android gets larger-than-usual patch bundle

          Agreed. I'll never buy anything from Samsung again. At least Apple provide updates for their overpriced garbage.

        2. Charlie Clark Silver badge

          Re: Android gets larger-than-usual patch bundle

          Money speaks far more than toothless regulators.

          If it can be convincingly argued that security bugs are defects then manufacturers have a statutory obligation to provide improvements. Not to do so would be lead them open to both civil and criminal suits. The test case in the Netherlands is the one to watch.

          In the meantime just root and mod the damn thing: Samsung makes this pretty easy.

          1. Charles 9

            Re: Android gets larger-than-usual patch bundle

            "In the meantime just root and mod the damn thing: Samsung makes this pretty easy."

            But rooting breaks some apps and the number is increasing.

    2. mickm

      Re: Android gets larger-than-usual patch bundle

      My GS 6 (Vodafone) has an Android security patch level of 1st March 2016.

  2. JeffyPoooh
    Pint

    Original Nexus 7 tablet is crap...

    Some sort of 'unfixable' flash memory management bug, according to all the available info. Makes the $300, three year old, gadget nearly unusable. Due to their software screw up.

    Google 'Nexus' as a brand name... Puh! Gag. Puke.

    1. Tromos

      Re: Original Nexus 7 tablet is crap...

      I find the oft-repeated statement in all Reg articles about Android updates that Nexus users get updates especially irritating is it is patently not the case for early Nexus 7 tablets. Those who bought Samsung and similar bought into a clear history of updates for a few months if lucky. The only reason I got a Nexus was for the longevity and while it went longer than most non-Nexus models it has now been consigned to the scrap-heap and the Nexus brand joins my select blacklist.

      1. John Brown (no body) Silver badge

        Re: Original Nexus 7 tablet is crap...

        "The only reason I got a Nexus was for the longevity and while it went longer than most non-Nexus models it has now been consigned to the scrap-heap and the Nexus brand joins my select blacklist."

        Is this something we have come to expect thanks to Microsoft and it's rolling patches/updates for 10+ years on Windows versions? Does any other devices' software get supported for much more than three years? Or OS for that matter?

        I'm not saying it's right that what is technically a build flaw from new should not be fixed even many years afterwards if at all possible, or discounting the fact that most other Android phone in particular are lucky to get update for as long as a year, but have we had our expectations raised by MS (Yes, I do feel dirty for saying this - need a shower now)

        Maybe software/firmware should be supported for the "lifetime" of the product where said lifetime is equal to the same rules governing physical hardware and design flaws or "built in" faults. In the EU at least that would mean items like TVs and Phones being supported for up to 5 years. I'd think security fixes at least ought to be covered since they are inherent flaws in the device from new.

        1. Dan 55 Silver badge

          Re: Original Nexus 7 tablet is crap...

          CyanogenOS phones seem to be regularly patched, although at the moment my Storm is at 1st January 2016. Hopefully that means another patch is around the corner, not that that's the end of that.

    2. Anonymous Coward
      Anonymous Coward

      Re: Original Nexus 7 tablet is crap...

      Google Nexus 7 2013 doesn't have this issue.. Running very nicely here, that's 3 years old.

      If you mean the 5 year old original Nexus, then why should I trust the opinion of someone that can't do simple maths...

      1. simbloke
        FAIL

        Re: Original Nexus 7 tablet is crap...

        Errr, the original Nexus 7 tablet is from 2012, which is still only 4 years ago.

        But you were right about not trusting people who can't do simple maths.

      2. Miffo

        Re: Original Nexus 7 tablet is crap...

        It's not really an opinion that the original Nexus 7's have an issue that can't be fixed - I spent some time trying to fix mine before having to give up.

        My opinion is that it's worth taking that hit as I've been generally happy with the 4 other Nexus devices that I've had. Hopefully a one-off.

  3. gollux
    Mushroom

    Hooray!

    Never has so much effort been put forth for so little return... It's wonderful if your Android device provider is keeping things current, for everyone else, not so much.

    1. eldel

      Re: Hooray!

      Whilst I rarely have anything positive to say about LG (mainly because of the bizarre swapping behaviour that android seems to have on this platform as opposed to the S6s in the household) they are at least pretty good about patch OTA updates. I got the March update on the 21st and Android 6 before that. Not exactly Nexus levels obviously - but waaaay better than Samsung.

      1. Adam 52 Silver badge

        Re: Hooray!

        Hmm. The LG I'm using right now (on 3) is still on Android 5.0.

  4. Anonymous Coward
    Anonymous Coward

    Irritating

    As a software "pro" it is irritating that security still is seen as an optional extra.

    Couldn't a company like Google to the security testing BEFORE they release things, rather than pay people to find the vulnerabilities afterwards? Sounds like closing the stable door after the horse has bolted, to use an exhausted cliche.

    Sounds like they are somewhat at the mercy of 3rd party suppliers (Qualcomm was mentioned), but couldn't they enforce the same level of quality on them as on themselves?

    Nobody has ever asked me to check security of the code we've been writing for the last 30+ years, most companies don't care or can't afford to do it, but the people who provide the platforms/OS should care.

    1. Anonymous Coward
      WTF?

      Re: Irritating

      "Nobody has ever asked me to check security of the code we've been writing for the last 30+ years,"

      So good chance your software is full of holes then?

      1. Anonymous Coward
        Anonymous Coward

        Re: Irritating

        Yes, very good chance!

  5. Anonymous Coward
    Anonymous Coward

    >As a software "pro" it is irritating

    You're clearly not a pro then. All software goes out the door with bugs still present. You may think you've found them all but you haven't. Professionals know that they won't have found the bugs but will have a degree of confidence that they have done their best within time and budget constraints to find them, and have sufficient processes and procedures to react to bugs found in the field, and promptly release patches.

    1. Anonymous Coward
      Anonymous Coward

      Of course, we all know that. My only point being, really, that if they performed the same level of testing before release, then would they not find the same bugs?

      1. Brewster's Angle Grinder Silver badge

        "...if they performed the same level of testing..."

        What do you mean "same level of testing"? These bugs are being reported by independent third parties not affiliated with Google. The devs and QA folk at Google have performed testing to the limits of resources available. Then the outsiders (or even insiders) stumble onto something.

        1. Charles 9

          Put it this way. Sometimes, the only difference between finding a bug and not finding a bug is a different set of eyes. In which case, no amount of internal testing will find it, plus there are time and budgetary constraints.

  6. Anonymous Coward
    Anonymous Coward

    Patches rolled out to me already to our Nexus devices

    But then I bought my hardware wisely.

    My xperia should be getting it within a few weeks if last month's was anything to go by.

  7. phuzz Silver badge

    Cyanogenmod

    It'll be interesting to see how long it takes for these bugs to be fixed in the Cyanogenmod nightly releases.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like