I'm glad the manufacturers are going to push out patches, but will the carriers help or hinder the process?
Biggest security update in history coming up: Google patches Android hijack bug Stagefright
For those of you worried about the Stagefright flaw in Android, be reassured, a patch will be coming down the line in the next few days. "My guess is that this is the single largest software update the world has ever seen," said Adrian Ludwig, lead engineer for Android security at Google. "Hundreds of millions of devices are …
COMMENTS
-
-
Thursday 6th August 2015 08:35 GMT twilkins
Indeed - since my old Symbian mobiles back in the day, it has always been the carriers who hold up firmware updates.
As I type this Sony have had a Lollipop 5.1 ROM out for my current Xperia handset for over two weeks. No sign of it on Vodafone UK anytime soon. Time for the networks to stop their crappy customisations and just do it all via apps.
-
-
This post has been deleted by its author
-
Wednesday 5th August 2015 20:50 GMT OliverJ
Re asdf: Incredible!
Just for the record: I made no comment on which of the ecosystems is the most secure. I was simply surprised by the statement that patching hundreds of millions of devices seems to be an "incredible achievement". Last time I checked, iOS was deployed on more than a billion devices world wide, so rolling out an update to hundreds of millions of devices doesn't seem to be an industries first...
-
Wednesday 5th August 2015 21:02 GMT John H Woods
Re: Re asdf: Incredible!
"so rolling out an update to hundreds of millions of devices doesn't seem to be an industries first..." -- OliverJ
I hear what you're saying but It's not the count, it's the diversity. The hundreds of millions of devices which got IOS8 were what, about half a dozen SKUs?
-
-
-
Thursday 6th August 2015 11:44 GMT oneeye
Re: Re asdf: Incredible!
Um.....excuse me,but the last two updates for Apple fixed over 150 vulnerabilities. Over fifty of those were for Safari alone,and because Safari is tied to the os,it always has to be a system update. All software will have exploitable bugs,but Apple treats their users like mushrooms. They keep them in the dark,and feed them bull shit (fertilizer) ! They also treat researchers like crap,and begrudgingly give credit to them,and almost never pay rewards,or bounty.
-
Thursday 6th August 2015 13:06 GMT CFWhitman
Re: Re asdf: Incredible!
The reason why the Stagefright flaw brought about the first movement toward unified patching is because it is the first serious security flaw discovered in the base system. The malware installed on the so-called "swiss cheese" Android is almost entirely Trojans, which users install themselves. The only way to prevent that is to take away installation privileges. I'd rather keep my administrative/installation privileges on my devices. Thanks. Administrative responsibility is not forced on Android users either. Sideloading apps is turned off by default.
This is not to say that Android is great. I'm not a big fan of, come to think of it, any of the more popular phone/tablet operating systems. However, Android is not really the security nightmare that a number of people try to paint it as.
-
-
-
Thursday 6th August 2015 02:52 GMT mathew42
Re: Re asdf: Incredible!
IDC Smartphone OS Market Share suggests iPhones have < 20% market share with a total of ~1.2 billion smartphones shipped each year that is 240 million iPhones. tablets show a similar picture with iPad market share of 25% with 200 million tablets shipped each year that is 40 million iPads. So yes I would guess your figure of greater than a billion is defensible depending on average lifespan of an iPhone.
For Android on the other hand you would need to multiply those numbers by approximately 4.
Lets just be happy that bugs are being fixed.
-
Thursday 6th August 2015 07:14 GMT bri
Oranges, apples, information, lack of
It's funny how fast people resort to calling others ignorant while doing errors on their own.
1) This article is about Stagefright. This component is as device independent as it gets. So "variability", "different SKUs" play a very minor role. Updating some backend for widgets however, that would be a different matter
2) Each model of every vendor comprises of multiple SKUs, often with different innards (to cater for different standards, frequency bands and so on)
3) It is fairly possible that iOS is on more than billion devices as they have longer useful life (maket share in number of sold devices != market share in devices in operation). Coupled with the fact that iOS runs not only on iPhones, but on iPads and iPods as well, billion devices is fairly reasonable. I can still get update for device over three years old.
-
-
-
-
Thursday 6th August 2015 02:27 GMT Anonymous Coward
Re: Incredible!
OliverJ you must be a fanboi, I haven't heard such an ignorant comment since the last time one of our Australian politicians opened their mouth. I mean really? Consider the following:
iOS is one unmodified OS, made to run on one device controlled by one company! Even further the idiot taxing company rarely patches its OS, it forces a new version down, and immediately obsoletes a number of it own devices due to usually poor performance.
Compare this to Android, multiple versions generally buggerised around with by carriers, running on a vast variety of hardware manufactured by large number of OEMs. The fact that Google as managed to get the major players in this market to coordinate regular PATCH updates is a massive feat! I'd love to see Apple achieve that!
Stick to the Kiddies Pool
All Best
-
Thursday 6th August 2015 09:28 GMT Anonymous Coward
Re: Incredible!
OliverJ you must be a fanboi, I haven't heard such an ignorant comment since the last time one of our Australian politicians opened their mouth
Well, the ad hominem was almost enough to discard your post, but you managed to actually make it worst in the very next paragraph.
Compare this to Android, multiple versions generally buggerised around with by carriers, running on a vast variety of hardware manufactured by large number of OEMs. The fact that Google as managed to get the major players in this market to coordinate regular PATCH updates is a massive feat! I'd love to see Apple achieve that!
You may want to lose that chip on your shoulder fast and learn to read between the lines of a press release, certainly when it comes to Google: until you know that every version of Android is going to be patched instead of only the latest few, and statement on planned obsolescence only displays your biases, not reality.
It is as unrealistic to expect Google to patch all the way back to Android v3, for instance, as it is to expect Apple to go all the way back to iOS 7 and patch things. In that respect, economics and practically do not really differ between platforms.
What IS different is that there are multiple barriers between a Google update and an end user receiving it because of the fragmentation of the Android market, something that Apple doesn't have to work around. Between Google and you is the manufacturer as well as the telco, each doing their own thing and consequently each having to update that "thing" before they can give you the patch. It would be cool if there was a manufacturer somewhere which could give you "raw" Android - a sort of Debian of Androids - and be allowed on air without the carrier messing things up too.
Stick with the facts, and learn the basics of reasoned debate. It may help you when you grow up.
-
Friday 7th August 2015 08:02 GMT Anonymous Coward
Re: Incredible!
Note to self: find whatever auto-correct mechanism has risen from the dead and drive a wooden stake through its heart, then give it a couple of silver bullets for good measure and drown it in Holy water. Sorry about that, the post would have made more sense if certain words hadn't been "corrected" by an auto-mistake with what is clearly a limited vocabulary.
-
-
Thursday 6th August 2015 23:55 GMT OliverJ
@Coward: Incredible!
At least I'm not hiding, Mr. A.C., which of course in your case seems to be a sensible approach, as you started your posting in rather bad form with pointless invectives. Usually I find that doing so doesn't improve the quality of one's argument. But I digress.
Please note that I made no comment on the complexity of this rollout, which is indeed a challenge, as you rightly pointed out. But if you read the quote attributed to Adrian Ludwig, you will see that this wasn't his point, either. It was simply the number of devices patched which he found "incredible".
Obviously, my remark was half in jest, but I was indeed a little bit baffled by the naivety of this statement.
You are really reading to much into this, lighten up! You're taking this way too serious. I mean, "ignorant", "fanboi", "kiddies pool" - really?
-
-
-
Wednesday 5th August 2015 21:00 GMT Anonymous Coward
YAGNI is all fine and good, but...
"you-ain't-gonna-need-it" can be a useful corrective to over-designing a system, but given the stark prior examples of Windows and the *nixes discovering the need for automated post-sale patching (and the reputation damage[*] Windows took in the process) it seems delusional for the Android makers and Google to sleepwalk into this development.
[*] a.k.a. looking like a smouldering turd
-
Wednesday 5th August 2015 21:45 GMT Mark 85
The weak link...
...is the carrier. Will they move these out to the devices? Or claim they don't have the bandwidth? Will they use these as part of the data limit cap? Or give the update a free ride? I suspect that there probably won't be as many devices updated as speculated due to carrier interference.
-
-
Thursday 6th August 2015 09:53 GMT Anonymous Coward
Re: Am I being exceptionally slow again?
If you only rooted the stock OS and left the stock recovery in place, you should still receive OTAs, although they usually remove root access, so you'll need to root again after.
If you've replaced the ROM or recovery (i.e. CyanogenMod), you'd need to revert to stock (you did make a backup?). If not, it's a complete wipe to flash the factory images: https://developers.google.com/android/nexus/images
-
Thursday 6th August 2015 12:26 GMT druck
Re: Am I being exceptionally slow again?
I rooted my Galaxy S5 just so backup software could access the SD card, but that has saved me from the Lollipop 5.0 update which has blighted my wife's Note 3. So do unroot it and hope the security patch is delivered rather than an uwanted upgrade, or I do risk waiting god knows how long until O2 has made Lollipop 5.1 available?
-
Thursday 6th August 2015 01:50 GMT Anonymous Coward
The first time mass Android patching will ever be tested
If there are any glitches in the process, Google, Samsung and/or LG will have some egg on their face and negative publicity to deal with. Even if the carrier is ultimately responsible.
With a multiple step process for the patch to go from Google to OEM to carrier to user, with the potential for each to add their own fixes or "enhancements" along the way, this could get very interesting. If I owned an Android phone I sure wouldn't be willing to install this the day my phone notified me. I'd be searching the internet for evidence few people with the same phone on the same carrier had successfully done so before proceeding given that Stagefright isn't actively being exploited.
-
Thursday 6th August 2015 12:00 GMT oneeye
Re: The first time mass Android patching will ever be tested
Hi,
I have reads a few accounts that Stagefright was already in the wild,actively being exploited. There is a stagefright wiki page already,if you can believe it? Here is a quote from that page:
stagefright,in the wild
In July 2015, Evgeny Legerov, a Moscow-based security researcher, announced that he found two similar heap overflow zero-day vulnerabilities in the Stagefright library, claiming that the library has been already exploited for a while.
Also Trend Micro security found two NEW exploitations of stagefright. See their blog,and the Verge ha a good piece too.
-
-
Thursday 6th August 2015 02:42 GMT VeganVegan
Puzzled
Granted, the manufacturer, the phone co., they all add cruft to / modify the base Android setup, but am I being too naive to think that Android was properly designed, so that users can get Android software (not the added on crap) directly from Google?
I mean, even Microsoft manages to update various components of Windows, despite a zillion sku's, and add-on crapware.
I suspect that the answer is: No. Android was shoved together and sent out the door, with little thought for the long term.
-
Thursday 6th August 2015 04:41 GMT tacitust
Re: Puzzled
Microsoft doesn't ship the source code for Windows to its OEMs. Android phone manufacturers get the entire source code base for Android to do with what they will (with the exception of some of the device drivers). That's a huge difference, and explains why it's a lot harder to maintain a unified update system for Android.
-
Thursday 6th August 2015 10:01 GMT Anonymous Coward
Re: Puzzled
The other problem to carry on from what tacitust has said is the way in which manufactures add their cruft. Instead of releasing themes/their apps as standard APKs, they give them dependencies in the underlying OS. If they didn't do this, you could run Samsung's TouchWiz on a HTC for e.g. and they don't want that - they want you to buy their hardware so tie the APKs to the OS image.
If their apps were standard APKs, Google could update the OS under them and they wouldn't care. But because Google have no clue what each device's APKs depend on, that's out of the question and it is down to the manufacturer to do the OTA release.
-
-
-
-
-
Friday 7th August 2015 12:16 GMT Charles 9
Re: just standard OTA (Over The Air) updates
"So do I need to have my mobile data turned on to have any chance of getting this, or will it arrive via wifi?
I hardly ever need to use mobile data as almost everywhere I go has wifi available."
Depends on how your device was built. Many WiFi-only tablets do a periodic phone home over the Internet to perform OTA updates. Your device may do this if on a WiFI connection even if it has mobile data.
-
Friday 7th August 2015 14:14 GMT F0rdPrefect
Re: just standard OTA (Over The Air) updates
"Depends on how your device was built. Many WiFi-only tablets do a periodic phone home over the Internet to perform OTA updates. Your device may do this if on a WiFI connection even if it has mobile data."
It is a Moto G 2nd gen. but I have no idea if it has been updated since I bought it. And as I bought it SIM free I'm not sure who would push the update.
-
-
-
-
-
-
-
Friday 7th August 2015 12:20 GMT Anonymous Coward
Re: Will this reach my Acer Iconia B1-A71 (bought March 2013)?
Silly vendor, if that kind of attitude were to pervade other areas of the consumer world (appliances, cars, etc.) there would be a heated argument in the legislatures. There's a reasonable expectation of a device being fit for purpose for some extended duration which is usually somewhat longer than the warranty. After all, a 2-year-old Galaxy S4 is still quite useable. As is an Asus Google Nexus 7 tablet (the 2013 version that recently got the Lollipop update).
Some are of the opinion if you're not ready to support the device somewhat longer than you anticipated because it is that darn good, you shouldn't be selling it on the market. IOW, Planned Obsolescence = UNFAIR (not to mention wasteful).
-
-
-
-
Saturday 8th August 2015 14:47 GMT James 100
Re: Call me cynical
I would like to think this would mean Google pushing out updates to their own parts directly, bypassing both handset manufacturers and telcos, in the same way Windows Update pulls in new patches straight from MS without consulting Dell first. With proper demarcation - regulatory/technical approval of the baseband bit, the manufacturer providing some Linux device drivers and maybe some apps to run on top - that wouldn't be too difficult.
I went for a SIM-free Nexus for exactly this reason last time; maybe it's time the other handset brands got better update support too?
-
Thursday 6th October 2016 09:56 GMT Charles 9
Re: Call me cynical
"I went for a SIM-free Nexus for exactly this reason last time; maybe it's time the other handset brands got better update support too?"
Why should they? Why do you think the term "Planned Obsolescence" exists? Unless it's blocked by law, phone manufacturers have no interest in updating all but the newest devices (and only to avoid defect/fitness of purpose suits).
-
-
-
Thursday 6th August 2015 20:50 GMT Mikedx
Lg arent updating rooted devices
Since LG think we are leasing our devices from them and we dont own the device, they refuse to update rooted devices. Incredibly poor attitude from the company that gave us the woman who had her hands cut off by the machinery in their factory.
So if you are uaing an LG device and have rooted your device for any reason you have to stay vulnerable
-
-
Tuesday 17th November 2015 07:06 GMT Anonymous Coward
Re: Lg arent updating rooted devices
By LG's logic, you DON'T own the device. And like it or not, the software's not yours, either, due to copyright. So by their logic, they can dictate terms. That's the ultimate aim of big business selling non-perishable goods: to remove the sale model and change it to a rent/lease model so they never lose control of their goods.
-
-
-
Friday 21st August 2015 00:07 GMT Simon Lynch
SO when then?
My Nexus 5 broke in the summer (not sure, but think software not hardware), so I schelped off to a shop to get something else. Found out they had nothing recent in stock (small town in NW Spain), so got what seemed to the least worst solution on offer - an LG G2. It's still today on 4.4.2 of Android and I am very happy I just got back a Nexus 5 in working order. I am not even happy to give it to someone else... never mind the drawer full of half-dead/dying/dead androids I have already....
I understand why Google did what they did to get into the market, but they ended up with a Microsoft situation MINUS control. If they don't bring out another sensible Nexus I will have to go to Apple (and believe me that is really not something I want to do) or be really dumb and take a Ubuntu phone (big fan of desktop, but first generation anything is sh1t).
So, Google, please fix the downstream process with partners...
-
Thursday 6th October 2016 13:34 GMT Charles 9
Re: SO when then?
"So, Google, please fix the downstream process with partners..."
How can they when the partners don't want to cooperate? They're the ones that LIKE the status quo, even if it's at Google's expense.
That's why Google's only solution to avoid potential litigation is to go the Apple route and take full control of the OS, thus why Andromeda is set up the way it is.
-
-
Thursday 6th October 2016 09:48 GMT Anonymous Coward
Software Update for Motorola
Hi
Thanks for sharing this article with us. Nice Post.
A good number of Moto users have reported the random reboot / restart issue in their Moto, and the critical thing is that it can occur at any time. This is surely not an application issue, as this thing happens at any time even if the Moto is placed idle. But now, we can’t be certain, as sometimes even when the application is closed it keeps on running at the back end and it might be making such types of issues.
We are servicing How to Software Updation for all moto mobile devices.
Regards
Moto Service
motorolaservicecenterchennai.co.in/mobile-software-update-for-motorola.html