850M Android Devices Still Vulnerable To Stagefright Bug

[HardOCP News]

How can this be? I know it is easy to blame the fragmented nature of the Android ecosystem but it has been almost a year since Stagefright was discovered.

Over 850 million Android devices are still potentially at threat from the notorious Stagefright vulnerability, leaving large swathes of smartphones and tablets at risk from hijacking via malware injections. Stagefight first came to light last year after it was discovered by Zimperium researcher Joshua Drake and the bug was dubbed one of the "worst Android vulnerabilities discovered to date".

 

[Koolthulu]

Slow Android updates from manufacturers and carriers was one reason I finally switched to a Nexus and Google Fi. I'm getting monthly updates now, instead of the maybe once a year updates from Samsung/Verizon.

 

[Mr. Snrub]

Slow Android updates from manufacturers and carriers was one reason I finally switched to a Nexus and Google Fi. I'm getting monthly updates now, instead of the maybe once a year updates from Samsung/Verizon.

You pretty much nailed it right there. Although I think the carriers are more to blame than the manufacturers. Why can't we have more devices that just update the damn system files, similar to what Windows does? Leave it out of the carrier's hands.

 

[Domingo]

Yup, it's the slow or lack of updates. It's a double whammy because Samsung/LG/Sony/Moto/etc. have to create their own update (based on Google's existing one), package it up with their own launcher and apps. Once they finally sign off on it, and then AT&T/Verizon/Sprint/etc. have to sign off on that version and of course toss their own bloat on top of it.

Android is all about freedom, but the fact that there are so many parties involved causes problems. The launcher/carrier issue makes me wish things were closer to MS and Apple.

 

[Shmee]

Another problem is that a lot of the time updates aren't forced, so they are waiting for the user to click 'update'. Which is kind of why I am okay with the forced updates on Windows 10 for the consumer versions.

 

[Morphy]

If the carriers aren't planning on releasing update to fix that then they really ought to replace existing customers phones with new versions of phones that are updated even if it means a new phone at the carriers expense.

Just as what happens in the automotive industry when there is a safety issue and cars get recalled. Problem is malware exploits has not been known to endanger anyone's safety so noone takes it seriously.

I am not a proponent of more regulatory control but there should be one here. And if that were the case, I bet those updates would be coming.

 

[tazeat]

I've been saying for years and years Android's patching model was not feasible let alone sustainable. Only now on official Google Nexus devices do I even feel patches are reasonable. I get monthly patches from Google, I don't know why you'd buy an Android phone supported by most of the OEMs that don't give a shit about you. Samsung might be one of the few others that actually supports their products, at least for a certain time period.

 

[chenw]

I have been manually checking for updates daily since I got my phone (Asus Padfone X) so updates usually do not escape past me. I haven't moved to Nexus as Nexus have no offering that is anywhere remotely close (or rather, anything else on the market) to what the Padfone offers, so been relying solely on Asus' updates.

I wonder if it isn't possible to separate Android into two components, one where the manufacturers are free to modify and update, and the core kernel which is controlled directly by google (half way between what Android is now to what Windows is now).

 

[westrock2000]

Hey, it happens