Android users rejoice! Security updates will be coming out faster
August 5, 2015, is the date that (hopefully) marks the beginning of one of the biggest positive changes in the Android ecosystem.
Adrian Ludwig, Google’s lead engineer for Android Security, has announced yesterday at Black Hat USA 2015 that Google will be pushing out in the next few days an update that will fix the infamous Stagefright flaw recently discovered by Zimperium researchers, as well as another one, discovered by Trend Micro researchers, which can make Android devices totally unresponsive.
The big news is not the patch itself, but the fact that Samsung, LG, HTC, Motorola and many other manufacturers will also be pushing out the patch, too, and very soon.
The Android ecosystem has long been plagued by the fact that it took other OEMs months and years to develop patches based on those regularly pushed out by Google.
“For the past three years, we have been notifying Android manufacturers every month through bulletins of security issues so that they can keep their users secure. Nexus devices have always been among the first Android devices to receive platform and security updates,” Ludwig shared in a post, and added that from this week on, Nexus devices will receive regular OTA updates each month focused on security, in addition to the usual platform updates.
“The first security update of this kind began rolling out today, Wednesday August 5th, to Nexus 4, Nexus 5, Nexus 6, Nexus 7, Nexus 9, Nexus 10, and Nexus Player,” he noted. “At the same time, the fixes will be released to the public via the Android Open Source Project. Nexus devices will continue to receive major updates for at least two years and security patches for the longer of three years from initial availability or 18 months from last sale of the device via the Google Store.”
Also yesterday, Samsung has announced that it will implement a new Android security update process that fast tracks the security patches over the air when security vulnerabilities are uncovered. The updates will be pushed out once per month, and the first one, fixing Stagefright, has already been pushed out.
“Samsung has recently fast tracked security updates to its Galaxy devices with the recent Android Stagefright issues working with the carriers and partners,” the company said.
LG has also announced a similar initiative.
Users can check whether their device is vulnerable to Stagefright by using this app by Lookout.
“If you are affected, we provide the run-down on how to mitigate your risk of being attacked,” Lookout notes. “You’ll also be able to check back in when you receive your security patch to confirm it contained the fix for Stagefright.”