Sign in / up

back to article 3-in-4 Android phones, slabs, gizmos menaced by fresh hijack flaws

Google has today issued a bundle of 40 security patches for its Android operating system. A dozen of the fixes correct critical vulnerabilities in versions 4.4.4 of the operating system and above. About 74 per cent of in-use Android devices run Android 4.4.4 or higher. These critical bugs can be potentially exploited by …

COMMENTS

Post your comment
House rules Send corrections
Add to 'My topics' unstar *
  1. I Like Heckling Silver badge

    Who needs a Nexus

    I just picked up the nVidia Shield K1 tablet for a measly £149.99 and it's great... As soon as I turned it on and went to top off the charge there were updates OTA to Marshmallow and security updates. So I've high hopes of further updates... which none of my previous phones or tablets ever got.

    I also picked up a WileyFox Storm last month too... so both of my devices are near enough top end specs for budget money.

    As for the tablet... it's without doubt the best value tablet on the market... which makes me wonder why it never gets mentioned in any roundups, reviews or comparisons... it's like it doesn't exist and yet it blows away the competition and you have to spend more than double the amount to get near it in specs.

    If not for a friend... I wouldn't have even known about it as in all of my searches it was never mentioned once.

    2 2 Reply
    1. Anonymous Coward
      Reply Icon
      Anonymous Coward

      Re: Who needs a Nexus

      thanks for the heads up about he nVidia tab. that's the wife's birthday present sorted!

      1 0 Reply
    2. Anonymous Coward
      Reply Icon
      Anonymous Coward

      Re: Who needs a Nexus

      "Apps can infiltrate Qualcomm's TrustZone kernel, which is supposed to be a secure area away from Android where things like fingerprint readers are controlled."

      If you have to make a "special" secure area for this then the underlying OS is utterly broken for security anyway.

      It doesn't help of course that trying to secure Java on top of Linux is like trying to keep water in a colander with a sieve....

      0 3 Reply
  2. Nate Amsden

    i assume this means

    It will be easier to 'root' your phone ? I tried to root my backup Galaxy Note 3 (which runs Android 5) so I could try to downgrade it to 4.4 (really do not like the UI stuff in 5, and when the Galaxy Note 5 came out that prompted me to buy a 2nd Note 3). After a few attempts I gave up, felt like I was more likely to brick the thing then unlock it.

    I suppose that is one thing I do miss about WebOS, just had to type in a simple command into the UI and it unlocked it, hook a usb cable to your computer and you get full root shell.

    I still have to keep wifi disabled on my main phone almost all the time to prevent AT&T from upgrading it to Android 5.

    1 8 Reply
    1. DryBones
      Reply Icon

      Re: i assume this means

      You might want to look into how to get it up to 6 instead... N is looking good, too.

      0 0 Reply
  3. wsm

    Android Security Bulletin?

    Now it all falls into place.

    2 1 Reply
  4. Anonymous Coward
    Anonymous Coward

    Droid security ?

    I've owned a Sony Z1, and now a Moto Style, and I've never ever had a privacy score of over 60% according to Bitdefender. The only way to make these things secure is to switch them off and remove the battery, possibly with a crowbar.

    I'm quite convinced this can also be used as a measure for Droid security. In my case, about 57%

    Unfortunately, I fear the other manufacturers don't score any better.

    0 0 Reply
  5. terry 15

    So has google's officially abandoned the nexus 4 now? After the first couple of security updates for it (post Marshmallow) was hoping they were going to continue but nothing for ages now...

    0 0 Reply
    1. jason 7
      Reply Icon

      I'd say so. My Dad has mine now.

      0 0 Reply
  6. Robert Helpmann??
    Childcatcher

    Eternal Optomist

    Nexus users will get all of these patches installed automatically over-the-air shortly. If you don't have a Nexus device, you'll have to wait for your carrier and gadget manufacturer to approve the updates and push them out over the air – which make take a while, or not happen at all.

    I would feel smug about this as a Nexus owner, but I know in my heart Google will eventually provide an update that will brick all Nexus devices.

    0 0 Reply
    1. jason 7
      Reply Icon

      Re: Eternal Optomist

      Yeah I remember my life as a Nexus 4 owner wasn't all rainbows and lollipops. One update screwed up the 3G radio. Had to use a radio file from the previous Kit-Kat version to make it work.

      0 0 Reply
  7. Mikel

    >, either get a Nexus and automatic updates, or try not to run any dodgy apps or open any video files from people you don't trust. ®

    Or both. Nothing new then.

    0 0 Reply
  8. adfh
    Alert

    Oh.. and if you have a Nexus...

    ... don't hit "Check for Updates" because apparently that can stop you from getting the update... I SHIT YOU NOT...

    https://productforums.google.com/forum/#!topic/nexus/fOAWe8jMRsQ

    That's right, if you're diligent about installing updates as soon as vulnerabilities are released, just wait for the mothership to deem you worthy, because otherwise you can actually reduce your chances of getting it... unless of course you unlock the Nexus (wiping it) and go and directly download and flash the update yourself, bypassing the OTA mechanism. I confirmed with my carrier that they had nothing to do with the updates, and then found that above gem in the Nexus support forums.

    I understand from the "sometimes updates brick things" point of view, but the idea that it can take almost until the next update is released for the current one to be made available to one's handset sucks. Certainly, having to wait up to four weeks for an update for security bugs that have big implications kinda sucks.

    Don't get me wrong, otherwise happy with my Nexus 5X and the Galaxy Nexus I had before it (which I'd flashed over to Cyanogenmod when Google stopped supporting it, and which was running Kit Kat just fine up until I dropped it in a hospital bog and vowed never to touch (after retrieving it) again). I like that when the phone hits EoL, it can be unlocked and still be useful in some way... Just not big on waiting for security updates.

    0 0 Reply
  9. Trixr
    Flame

    Another month of no OTA for LG G3

    I really like the phone, but the lack of updates is super irritating, not to mention the convoluted regime required to apply an updated ROM.

    End-users aren't capable of this stuff, and I simply don't have the bandwidth to waste an hour or so on an unfamiliar procedure that can potentially brick my phone.

    0 0 Reply

POST COMMENT House rules

Not a member of The Register? Create a new account here.

Forgotten password ?

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like