and will be pushed out to phones this month
Nope
By the vendors some time next year
And by the telcos some time in the next decade
Another month, another round of Android patches – although October's batch is pleasantly small compared to other recent releases. Of the 14 CVE flaws released, six cover Android's troubled media processing and playback engine. This means miscreants can fling malicious files at devices to potentially hijack them. The privilege …
Lucky. I'm still on 7.0 with the April patches on my LG G5 and they don't even care about dealing with patches now that the newer phones are out and resort to blaming carriers instead when they aren't even pushing them to the phones direct from them and never locked to a carrier...
At least on the Nexus phones you have some hope of getting them.
unless you really believe we should be throwing away functional hardware every 1-2 years.
@AC no, I don't believe that but I agree the software release regime is pushing one to that conclusion. The actual innovation at the core of the phone (CPU, Memory, Storage and Battery) is trivial from one "generation" to the next however the lack of software support forces one to consider a 3 year old phone obsolete.
The problem is that the Android patches are so closely tied to the hardware. They often require a complete new OS image of a few hundred megabytes.
I'm not a fan of Windows update, but a Windows patch does not care much if you are running on a Dell or a Lenovo or a beige box. It just works, normally. So does PC Linux.
… because I use iPhone and Macs.
Please remind me, how many apps has Google pulled this year due to them containing malware? And how many has Apple pulled for the same reason?
And let's face it. Apple do release patches quite often. Now how often do android users get patched?
Maybe, just maybe, Apple is better at security?
Just saying
Cheers… Ishy
P,S, I do have a Sony telephone. It looks and feels much nicer than iPhone. I just don't trust it to run apps. They always ask for too many permissions. Don't have that problem with iPhone
"Maybe, just maybe, Apple is better at security?"
Oh no no no no no. You just can't say stuff round here. Repeat the mantra after me:
"Open - good, walled garden - bad. Open - good, walled garden - bad."
Ignore the fact that "Open" these days means "closely tied in with a suite of proprietary support systems that it is almost impossible to operate without."
Conform.
@Ishtiaq I wouldn't be rude enough to mock anybody for their choice of operating system. That's because I value choice. That said I personally find it difficult to justify paying twice the price for a phone or tablet from Apple versus a me-too Android. But I do respect the fact you attach a different value to things than I do. It makes the world an interesting place to live in and explore.
"I just don't trust it to run apps. They always ask for too many permissions. Don't have that problem with iPhone"
I too had a Sony phone a few years ago, it was very good.
Provided you get apps from the authorised Google Play Store they are almost certainly not malware. And you can refuse individual permissions for apps nowadays. Unlike with Apple, if I understand correctly.
Which is more secure, old phone with a version from a trusted source or an old phone on the latest version you downloaded from somewhere on the internet? Neither.. people worry about the IoT being insecure, there's so much more which industry abandons as it isn't profitable.
How this can be fixed I don't know, there are so many variations with software. Only way to control it would be like Apple, where devices are locked down from user access fairly well. Always a way round though (eventually).
I'd go for user education, take some responsibility for what you're doing and do it better/put in working practices which make you more secure. Maybe then when users realise they're not secure/at risk they'll push back and manufacturers will take notice.
Sorry, that simply won't work. The only thing that will make suppliers & importers take notice is liability for unpatched flaws after a certain time. You know the sort of thing that would happen in the traditional hardware world of cars, etc, when some safety factor comes to light.
Much as I distrust government meddling in technology, having some legal standards for, say, 5 years after the sale of any "connected device" would be a more workable answer. Sure those companies will bitch about profitability, etc, but the reality is they are currently shitting on the consumers by not doing it right in the first place (and by "right" I mean having a proper system for support and patching planned for and used, as some bugs are inevitably going to happen).
Whilst I do agree, it'd be hard/impossible to do there's nothing in place to have suppliers take on liability and getting that in place would be impossible.
My central heating boiler is was under warranty, as long as it was installed correctly and on a well designed heating system. All the manufacturer has to say is that it hasn't been done properly and they're excluding any claim. There's so much wriggle room that can be used that devices would never be supported for a reasonable period.
My guess is that around 50% of Android devices that are still in use will never see these or any other updates.
I have a old unbranded tablet from 2013 that is still running Jellybean which i have rooted but can't find any newer ROM version for, but it works fine for BBC iplayer connected to a bedroom tv
There's three ways to do patching
Control just the software and spend years refining the patching process with vast amounts of in house testing to ensure 90% compatibility and then if anything breaks you did your best
Abdicate responsibility for the delivery of patches to 3rd parties who are only interested in selling new stuff and customize your OS so everything will break, then its their fault when stuff does break or their customers get hacked.
Control Hardware and software so patching is simple and pushed to every device (except where they pass control of patching to third parties for some hardware who ......)
Two of them work, one doesn't, take you pick
Class action anyone?