NEW YORK: Google, LG, and Samsung have provided PCWorld and Greenbot with statements about device security updates. The Stagefright vulnerability really, uh, gave Android users a fright these last few weeks. But frankly, there’s nothing funny about having your digital life ruined by a simple text message. Google knows this, and it’s been doing some major damage control since the vulnerability was discovered. It’s also made some changes to its Nexus device update cycle in an effort to re-instill some confidence in the Android platform.
Adrian Ludwig, Android’s lead security engineer, and Venkat Rapaka, the director of Nexus product management, laid out Google’s new Nexus update policy in a blog post:
Nexus devices have always been among the first Android devices to receive platform and security updates. From this week on, Nexus devices will receive regular OTA updates each month focused on security, in addition to the usual platform updates. The first security update of this kind began rolling out today, Wednesday August 5th, to Nexus 4, Nexus 5, Nexus 6, Nexus 7, Nexus 9, Nexus 10, and Nexus Player. This security update contains fixes for issues in bulletins provided to partners through July 2015, including fixes for the libStageFright issues. At the same time, the fixes will be released to the public via the Android Open Source Project. Nexus devices will continue to receive major updates for at least two years and security patches for the longer of three years from initial availability or 18 months from last sale of the device via the Google Store.
This is great news for Android users. If you’re using a Nexus device, you’ll have support from Google to keep you protected from the bad stuff that’s making the rounds out there—every four weeks, at least.
But what about the massive majority of Android users not using stock Android devices? The people using Samsungs, LGs, Motorola’s, HTCs, Sonys, and a whole host of other brands’ phones and tablets? Most of those Android users are still at the mercy of the carriers that deliver their software updates. Verizon, T-Mobile, and AT&T are lagging on updating Android devices with the latest security patches. Sprint is the only carrier that’s pushed out an update to patch the Stagefright exploit—that’s maddening!
