What are Android security Patches? should We care about Them?

You must be receiving security patches from Google or your phone’s OEM via OTA updates on your device. Do you know what Android security patches are, what do they mean and why are they important? In this article, we’ll take a detailed look at the Android security patches and explain what they have to offer.

Android has been focusing on security since day one. It is built on top of the Linux kernel and makes use of several of its strong security mechanisms. The whole operating system framework is developed following strict rules. These make it possible to provide full isolation between the operating system kernel, system processes and libraries, and Java Apps. Every new Android version uses a kernel in sync with the official (upstream) Linux kernel and defects found in the framework in previous releases are addressed by Google engineers.

Early in Android’s development process, it became apparent that security enhancements were usually coming late. during the annual release cycle of the operating System, a big number of security defects were found. However, no fix would come until the next Android release. most of the time, fixes were only made available on the next Android version and devices should be upgraded to be safe. even if fixes were also applied to earlier versions of the operating System, most manufacturers would not create Over The Air (OTA) updates for non-flagship devices to provide these fixes: The cost of such a task was just very high.

Google tried to come up with a solution to this issue: since 2015, Google has been releasing monthly security bulletins. These include information about newly found security defects and links to the patches that address them (known in the community as security patches). Although Google usually splits these patches into several groups in their bulletins, they can be generally categorized as kernel patches – targeting the kernel versions currently officially supported by Android – and system patches – which fix issues affecting the rest of the Android stack. patches for security defects are available around one month after the vulnerability is exposed, with the next bulletin.

What does Android security patch mean?

Google’s security patches cover Remote Code Execution, Elevation of Privilege, information Disclosure and Denial of service vulnerabilities. These types of vulnerabilities allow a possible attacker to gain special access on a device without the user’s input. For example, a malware app would need to be installed first and then opened by the victim in order to steal information or charge the user’s account. Do not forget to read my exhaustive article about malware on Android. On the other hand, an attack through Remote Code Execution could happen without the user even noticing it. users are not able to do anything to protect their devices from the types of security vulnerabilities discussed above, except running an Android version with the latest security patches.

In general, running an Android with the latest security patches provides protection from attacks that can steal personal information (including passwords, bank accounts data and phone numbers), cause damage to the software of a device, and spy on the victim (through location tracking, voice recording, etc).

The status of security patch support

One could find the above security vulnerability management very interesting. However, while the code available on Google’s code repositories is constantly updated with the latest security patches, it is still up to the manufacturer to implement these on their current (through OTA Updates) and future devices. This is considered difficult to achieve because most manufacturers do not have the human resources needed to complete this task. Moreover, versions of Android shipped with most devices are heavily customized by the manufacturer to add special features. applying Google’s patches on top of these special Android builds might require extra modifications to the code.

Apart from the above, some security vulnerabilities affect proprietary code traditionally released by the System-On-Chip (SoC) distributors (eg Qualcomm, MediaTek). only they would be able to fix these issues. most of the time, these issues remain unaddressed on older hardware.

It becomes clear that, while Google does its best to provide easy solutions to most of the security vulnerabilities of its operating System, the huge number of devices running Android and its great variation in hardware characteristics make it difficult to apply security fixes to all of them.

Find the security patch version you are running on

You can find what version of security patches your Android (6.x +) is patched with, by going to settings and then about Phone. There, you should find a Text-view named Android security patch level. Google provides two types of security patch levels each month. One, on the first day of the month (e.g. Sepnull

Leave a Reply Cancel reply

Related Post

Galaxy S9 Snapdragon Vs Galaxy S9 Exynos performance comparisonGalaxy S9 Snapdragon Vs Galaxy S9 Exynos performance comparison

UC DAVIS students build COFFEE CAN RADAR project inspired BY MITUC DAVIS students build COFFEE CAN RADAR project inspired BY MIT

Further Delays In MacBook pro Deliveries expected With Chinese Assemblers unlikely To achieve Pre-Lockdown production Levels before JulyFurther Delays In MacBook pro Deliveries expected With Chinese Assemblers unlikely To achieve Pre-Lockdown production Levels before July