How the hell do I know if my shit phone is going to get the update? Does it come through Google Play?
It's a Samsung S3
Google's security update to fix the Stagefright vulnerability in millions of Android smartphones is buggy – and a new patch is needed. The Stagefright flaw is named after a component within the Android operating system that, among other things, processes incoming text messages that contain video clips. By sending a vulnerable …
"the answer is to chuck your Phablet, and get a Galaxy 6, thats still in support. Samsung honestly couldn't give a toss about the Galaxy S -- 2/3/4 anymore."
Why would you support this behaviour by buying *another* Samsung? The S6 is getting on a bit now (several months old already, gasp) - it won't be long before it's out of support too.
Regarding the S3 in particular though there were rumours of it getting this as a patch over the air, but I wouldn't hold my breath. CyanogenMod 11's (which is the latest "official" CM KitKat based ROM) latest nightly build has the patches. Probably various other third party ROMs have it too.
You're out of luck. It's an OTA update for...
Galaxy S5, S6, S6 Edge, and Note Edge
HTC One M7, One M8, One M9
LG Electronics G2, G3, G4
Sony Xperia Z2, Xperia Z3, Xperia Z4, Xperia Z3 Compact
Android One platform
So for most custom ROMs are still the way forward.
I've got an old 3G Moto G, and all the people that have upgraded theirs to Lollipop do nothing but complain of short battery life, unexplained crashes, and wi-fi that continually dies, among other problems.
This is in addition to the folks that have found they don't like Lollipop and regret upgrading.
So I'm rather leery and have disabled MotorolaOTA.
"I've got an old 3G Moto G, and all the people that have upgraded theirs to Lollipop do nothing but complain of short battery life, unexplained crashes, and wi-fi that continually dies, among other problems."
Something wrong with my 2013 Moto G then as it works perfectly with 5.0.3 and has never crashed and my Nexus 4 is 5.1.1 which now takes less power from the battery. People with problems complain. People without, don't.
Motorola won't bother updating their 4.4 software, they'll patch their latest 5.1-based software and send OTAs (eventually).
I heard 5.1.1 is much better than 5.0.x so it may be a good excuse to upgrade. A factory reset can fix some of the problems people have experienced with the Lollipop upgrades apparently. There are ways to revert to 4.4 but that might be fiddly.
Reckon pigs will fly before I see an update from my carrier. They just aren't interested. Sold you the phone and taken the cash. Then only interested in upselling services.
It's a friggin disgrace but no idea how we can get the bastards to budge.
What would people do if Dell supplied you a Windows box but never pushed you any Windoes updates ?
IMHO Google should be kicking the crap out of carriers. But they don't much seem to care either. They have assimilated you. Got your data.
And I thought Windows 10 was a mess. Makes M$ look good.
>> What would people do if Dell supplied you a Windows box but never pushed you any Windoes updates ?
Therein lies the problem, who would set up a system where Dell was responsible for giving you updates to a Microsoft product?
The people who thought it would be a great idea for carriers and/or manufacturers to distribute phone OS updates should all be shot.
Phones should all be designed to run stock Android and receive stock updates. Any special hardware on the phone should be supported by separate drivers that could be registered with Google and downloaded/installed separately. And any special bloatware that the carriers require, contractually, should be installed as 3rd party apps.
And I thought Windows 10 was a mess. Makes M$ look good.a
As much as I hate to agree with you... You are on to something with this line of thought.
A better question is why hasn't Google already drawn a line in the sand and said; Ok Samsung has control (as such), of the GUI. But, the underlying Android OS IS OURS, and we'll take care of that bit as needed. Not so much for the sake of an easy upgrade from Gingerbread to Lollipop. As such, but at least where these Security updates are concerned. At this point I'm willing to almost forgive Google this faux pas. in some mischaracterization, that this is still largely a new-ish arena, and they honestly never saw it coming. But, it seems to me more of the same old lip service being paid, and nothings getting done.
A better question is why hasn't Google already drawn a line in the sand and said; Ok Samsung has control (as such), of the GUI. But, the underlying Android OS IS OURS, and we'll take care of that bit as needed
You mean as in actually taking responsibility for anything? That would be the day. It could have started with a decent layered design where what you suggest is actually possible, also because making that Open Source would mean others could push in a fix until the "official" fix emerged, a bit like what happens with a Linux bug.
950 MILLION people can but dream..
I disagree that this is a new area. It's been a long and painful lesson in the Windows world. If you look at the architectural design for Symbian and in addition its Trusted Platform, they foresaw exactly these scenarios. That's why they used the micro-kernel model, strong Hardware Abstraction Layer and user space modules for everything above. That brought them other issues, but security-wise it's a great model.
One thing people tend to forget is the baseband radio stack. Each revision of this has to be certified before it can be pushed. This is a regulatory requirement. Unfortunately, Android appears to be a pretty monolithic system. Google's trying to pull more stuff from the base into Google Play Services, but I suspect that's more driven by wished for strong-ownership/lock-in more than security or ease of upgrade. It also doesn't help that OEMs get new releases by way of one big code dump in AOSP and then have to reintegrate from scratch.
As you point out, Android must be more layered and modular so the HAL/drivers from Qualcomm et al, the baseband stack and the kernel/base system and user-land bits are properly independent and can be independently updated/patched. We've known and done this for many years.
Oh, dear. Didn't anyone tell you that ATT went out of business several years ago?
Perhaps there were a few bits left in the pipeline and maybe a couple of customer reps that didn't know they were "remaindered".
Sorry about your problems. However, you are important to us. Please stay on the line.
This post has been deleted by its author
It's all very well Google promising to push out monthly security updates, but the design of the current Android platform ensures that frequent updates will become a major PITA and something I'm sure users will grow weary of pretty quickly.
The problem is that the Android platform takes over 20 minutes - tested on a quad-core Nexus 5 (2013) - to apply even the smallest update. Every application on the device (and I haven't installed many myself, maybe only a dozen, but the number of apps on the device still runs to about 120) has to be (re-)"optimised" - thanks to ART - every time the system is updated. And optimisation is a very, very slow process (I actually wonder if it's only running on a single core, it's _that_ frickin' slow).
1MB update? Boom, 20+ fudging minutes to apply the update.
10MB update? Another 20+ fudging minutes to apply.
200MB update? You get the picture. The size of the update doesn't matter, it's always going to be dwarfed by the colossal time it takes for ART to get it's shit together.
It's a horribly flawed process that is going to become a major burden for users if small security updates are pushed out frequently. I can see myself skipping updates just to avoid the inconvenience of the slow update process (although at least they're unlikely to be as bad as Twitter, who seem able/willing to publish new builds of their app on an almost daily basis with no hint of a changelog - it does make you wonder how crap their developers are).
Okay, I'll bite. Why does the optimization process run equally as long here whether I select ART or Dalvik for the Runtime. I'm with you on the beastly run time as dual-core or quad-core matters not a bit, and clock speed does shorten it here. [Broken tablets are common here (nuero-degeneration), just killed another today, so I experience the painful update cycle regularly.]
We should all be quite familiar with any setup like this anyway. IT, multiple vendors, equals at last twice as many fingers pointed per vendor, seemingly a geometric expansion in extreme cases.
Whether it is ART or Dalvik or whatever, it is an important point. The update process for me just took 20 minutes and at least 1/4 of the battery to spin through 141 apps. Further, if your device is encrypted then you need to enter your pass code in the middle of it, so you can't just run it unattended overnight. If it truly is optimising apps then they need to move it to a lazy load model and only optimise on first launch, and have a background process completing the job. Sometimes I wonder if they forget it is also a phone.
Samsung just pushed out an ~90MB update to my S5 Mini. I have contacted them to ask what the update fixes, but now have to deal with the fact (if they reply with any actual detail) that if they think they've fixed Stagefright...no they haven't? Marvellous.
(be nice if we were properly informed in the beginning as to what the update updates)
hehe - thank your lucky stars that you're *getting* updates - I haven't seen any updates from Verizon on my Note3 since April and that was the 5.0 upgrade...
Makes me feel like singing:
Rarripop, Rarripop, oh what a Rarripop.. bedew dew dew POP!*
*yeah yeah - coat *there*, door *there*... got it!
Ya'll have a great day!
Samsung replied. Couldn't tell me what the upgrade actually contained and, worse yet, couldn't tell me about whether or not any vulnerabilities had been addressed.
Useful. I have no choice but to assume that my phone is vulnerable to everything that can affect standard Android 4.4.2.
Samsung SIIx T989D, 4+ years old. - 2nd battery which is going to get replaced this month as I'm under the 60% value, yes I'm hard as hell on my phone.
Running Telsa 9.1.x Lollipop -
The /cache rebuild after an update was horrendously slow the first few times (on CM11 with CyMOD recovery) with the standard format, I've found that the f2fs TWRP wipe and reformat of /cache and /system is *much* faster -- however at least on my phone it took 3 full resets, and reinstalls to get TWRP fully functional - I've also modified my pit for the extra system space. Now, given an update of the mod only - it takes about half the time. Updating *any* gapps kit .... forget it, it seems to wander into the forest for a lovely afternoon tea with some Horrible Harry type and they get lost in the book.
That said, YMMV, I don't Odin, I use Heimdahl and have Recovery level backups, Nandroid backups and Titanium backups, so I bare bones things and reinstall from those.
Haven't seen Tesla add this latest patch yet, but I'm sure it will happen.
I hate to tell you this, but my iPhone updated fine just now. Took something like 8 minutes, including making a backup first (updates have never failed me yet, but that's no reason to become careless).
I'm not telling you this to be smug, but out of concern. It may be worth pushing Google and your providers a LOT harder for a decent approach to updates, because the fact that Android updating is such a painful process will deter many people from doing it, which is *not* a good thing.
It must be possible to structure Android in such a way that each party involved has their own segment so an update doesn't need to do a full rip & replace of the software stack.
A Linux distro for smartphones abandoned by their manufacturers, postmarketOS, has introduced in-place upgrades.
Alpine Linux is a very minimal general-purpose distro that runs well on low-end kit, as The Reg FOSS desk found when we looked at version 3.16 last month. postmarketOS's – pmOS for short – version 22.06 is based on the same version.
Researchers at the University of California San Diego have shown for the first time that Bluetooth signals each have an individual, trackable, fingerprint.
In a paper presented at the IEEE Security and Privacy Conference last month, the researchers wrote that Bluetooth signals can also be tracked, given the right tools.
However, there are technological and expertise hurdles that a miscreant would have to clear today to track a person through the Bluetooth signals in their devices, they wrote.
First Look The /e/ Foundation's de-Googled version of Android 10 has reached the market in a range of smartphones aimed at the privacy-conscious.
The idea of a privacy-centric version of Android is not new, and efforts to deliver are becoming friendlier all the time. The Register interviewed the founder of the /e/ Foundation in 2020, and reported on /e/ OS doing rather well in privacy tests the following year. Back then, the easiest way to get the OS was to buy a Fairphone, although there was also the option of reflashing one of a short list of supported devices.
A critical flaw in the LTE firmware of the fourth-largest smartphone chip biz in the world could be exploited over the air to block people's communications and deny services.
The vulnerability in the baseband – or radio modem – of UNISOC's chipset was found by folks at Check Point Research who were looking for ways the silicon could be used to remotely attack devices. It turns out the flaw doesn't just apply to lower-end smartphones but some smart TVs, too.
Check Point found attackers could transmit a specially designed radio packet to a nearby device to crash the firmware, ending that equipment's cellular connectivity, at least, presumably until it's rebooted. This would be achieved by broadcasting non-access stratum (NAS) messages over the air that when picked up and processed by UNISOC's firmware would end in a heap memory overwrite.
Microsoft is continuing to lavish love on Android for Windows with an update to Android 12.1 that disables telemetry by default, although, as Microsoft notes, "this update may cause some apps to fail to launch."
Such are the delights of living on the bleeding edge of Windows test builds.
The update for the Windows Subsystem for Android arrived at the end of last week in the Windows Insider Dev Channel and comprises Android 12.1, a new settings app, and Windows integration improvements.
Spyware vendor Cytrox sold zero-day exploits to government-backed snoops who used them to deploy the firm's Predator spyware in at least three campaigns in 2021, according to Google's Threat Analysis Group (TAG).
The Predator campaigns relied on four vulnerabilities in Chrome (CVE-2021-37973, CVE-2021-37976, CVE-2021-38000 and CVE-2021-38003) and one in Android (CVE-2021-1048) to infect devices with the surveillance-ware.
Based on CitizenLab's analysis of Predator spyware, Google's bug hunters believe that the buyers of these exploits operate in Egypt, Armenia, Greece, Madagascar, Côte d'Ivoire, Serbia, Spain, Indonesia, and possibly other countries.
Google IO Google I/O, the ad biz's annual developer conference, returned to the Shoreline Amphitheater in California's Mountain View on Wednesday, for the first time in three years. The gathering remained largely a remote event due to the persistence of COVID-19 though there were enough Googlers, partners, and assorted software developers in attendance to fill venue seats and punctuate important points with applause.
Sundar Pichai, CEO of Google parent Alphabet, opened the keynote by sounding familiar themes. He leaned into the implied sentiment, "We're here to help," an increasingly iffy proposition in light of the many controversies facing the company.
He said he wanted to explain how Google is advancing its mission in two ways, "by deepening our understanding of information so that we can turn it into knowledge and advancing the state of computing so that knowledge is easier to access no matter who or where you are."
A study has found more outdated apps in Apple's App Store and Google Play than actively updated ones.
Analytics biz Pixalate – the outfit behind the study, titled The Abandoned Mobile Apps Report – told The Register its figures appear "to support Apple's apparent desire to 'clean up' abandoned apps," despite the unpopularity of the announcement with developers. The iGiant last month threatened to wipe away software from its store that hasn't been updated for a significant period of time.
The report consists of data from crawls of the Android and iOS app stores to look for what Pixalate classified as abandoned apps – those that have gone two or more years without an update. Between the two stores in the first quarter of 2022, Pixalate said it found more than 1.5 million abandoned apps, amounting to 33 percent of the more than five million apps it told The Register it examined.
Microsoft patched 74 security flaws in its May Patch Tuesday batch of updates. That's seven critical bugs, 66 deemed important, and one ranked low severity.
At least one of the vulnerabilities disclosed is under active attack with public exploit code, according to Redmond, while two others are listed as having public exploit code.
After April's astonishing 100-plus vulnerabilities, May's patching event seems tame by comparison. However, "this month makes up for it in severity and infrastructure headaches," Chris Hass, director of security at Automox, told The Register. "The big news is the critical vulnerabilities that need to be highlighted for immediate action."
Google on Tuesday released the first beta version of Android 13, the next iteration of its mobile operating system.
Referred to internally as "Tiramisu," the beta release follows a Developer Preview that debuted in February.
Android 13 features a new runtime permission for sending notifications from an app, a system photo picker for sharing photos and videos securely with apps, themed app icons, and better localization, among other things.
Biting the hand that feeds IT © 1998–2022