Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Out of curiosity, what fraction of Android OEMs push these security updates promptly (or equivalently what fraction of Android phones receive these kind of updates regularly)?


This page has a table of OEMs/devices that, as of the end of May, were fewer than 60 days behind on patches.

https://android-developers.googleblog.com/2017/06/2017-andro...

To me, the takeaway from this is that unless you are using a "flagship" device, or one sold directly by Google, you're probably not getting updates in a timely manner.


Manufacturer: Device(S)

BlackBerry: PRIV

Fujitsu: F-01J

General Mobile: GM5 Plus d, GM5 Plus, General Mobile 4G Dual,

General Mobile 4G

Gionee A1

Google: Pixel XL, Pixel, Nexus 6P, Nexus 6, Nexus 5X, Nexus 9

LGE: LG G6, V20, Stylo 2 V, GPAD 7.0 LTE

Motorola: Moto Z, Moto Z Droid

Oppo: CPH1613, CPH1605

Samsung: Galaxy S8+, Galaxy S8, Galaxy S7, Galaxy S7 Edge, Galaxy S7 Active, Galaxy S6 Active, Galaxy S5 Dual SIM, Galaxy C9 Pro, Galaxy C7, Galaxy J7, Galaxy On7 Pro, Galaxy J2, Galaxy A8, Galaxy Tab S2 9.7

Sharp: Android One S1, 507SH

Sony: Xperia XA1, Xperia X

Vivo: Vivo 1609, Vivo 1601, Vivo Y55


Just a disclaimer, this isn't the complete list of devices that received the July 2017 update. I, for one, received it for my Moto G4 Play in Brazil.

This list shows the models with a MAJORITY OF DEPLOYED DEVICES running a security update from the last two months.


Yeah I just cut and pasted from the link above


And yet another time we learn why it is better to use Lineage OS. Five year old Samsung S3:

  Android: Version 7.1.2
  Security Patch Level: 5th July 2017


Note that not all vulnerabilities are/can be patched by LineageOS, regardless of what the security patch level claims. Your device maintainer needs to actively merge patches into the kernel/device (see [0], note that this list relies on maintainers to update it). In addition, binary blob firmware needs to be patched by the manufacturer (e.g. Broadcom wi-fi exploits), which won't happen for devices that are out of support.

[0] https://cve.lineageos.org/kernels


My five-year-old Samsung S3 for Verizon stopped receiving updates less than 2 years after its release. The bootloader is locked tight, so I am unable to install any custom ROMs such as Lineage OS.


My phone screen was eaten alive by fungi last week, so I had a look at the field to pick a new device. Discovered Lineage OS, super keen. Unfortunately, its device support is crap.


Guess I'll have to look at upgrading my diehard old Moto G. It's still on Android 5.1.1.

Meanwhile I guess disabling WiFi is a mitigation?


> Meanwhile I guess disabling WiFi is a mitigation?

That's a good question. If it's disabled in firmware and not actually powered down, it might still be susceptible.


My TV came with no on-screen menus but a tablet you use to interact with most features and settings: it's on the June... 2016 patch set. It was over half of year out of date before I took it out of the box.


The supported Pixel and Nexus phone lines get things quickly.

There isn't any third party customization to re-validate.




Consider applying for YC's Summer 2026 batch! Applications are open till May 4

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: