If you've recently updated your Nexus device from Jelly Bean to KitKat, there's a chance you're already being notified of an OTA update to KRT16S. If you're wondering what's changed, the collected list of source commits has been posted by Al Sutton. Most of the tweaks are pretty minor, including an improvement to the backup service, a few updated APNs for assorted carriers, and code to handle rare issues with the 3G Nexus 7 (2012) radio. However, there is one emergency fix for a serious bug that could result in the loss of access to encrypted disks on a device upgrading from 4.3 to 4.4.


One of the numerous security improvements included with KitKat is a new Key Derivation Function (KDF) called Scrypt. The change makes brute force attacks more expensive, helping to ensure full-disk encryption is extremely difficult to break. Naturally, devices protected by the older method of full-disk encryption are being upgraded to use Scrypt as part of the update. Unfortunately, this upgrade process suffered from a pretty serious oversight. While users were asked for the passphrase used to secure their devices, no verification check was performed before the conversion began. If users entered an incorrect passphrase, the upgrade could effectively scramble the cryptographic keys and leave an owner's data inaccessible.

The fix (e41ab11) was submitted 5 days ago, only 2 days after the first OTAs began rolling out to both Nexus 7s and the Nexus 10. This issue prompted a halt to the rollout of KRT16O, explaining why many people were left waiting longer than expected for KitKat.

Here is a summary of the remaining changes:

  • The backup service now has registration occurring dynamically. (c46c4a6)
  • It appears there were some issues with the tilapia (2012 GSM Nexus 7) radio, which the developers solved by forcing a restart of the radio after provisioning (2575df8).
  • Mako (Nexus 4) received an updated prebuilt kernel (6a0177d) and a few tweaks to the APNs for several carriers (753ddc7, 59e4a0c, 0af7ccb, 962c235). Update: The change to the kernel was an updated WLAN driver (6aa1c72) - Thanks, deltatux.

The update isn't particularly exciting, but it might save a few people from a pretty serious catastrophe. The Nexus 5 almost certainly won't be receiving this OTA because it never could have used the earlier form of full-disk encryption, therefore it would never need to go through the upgrade process. Otherwise, all of the factory images have been updated to build KRT16S and no more devices are receiving OTAs for KRT16O. If you've already updated, an OTA for the latest version should be rolling out to you soon.

Source: Changelog

Cody Toombs
Cody is a Software Engineer and Writer with a mildly overwhelming obsession with smartphones and the mobile world. If he’s been pulled away from the computer for any length of time, you might find him talking about cocktails and movies, sometimes resulting in the consumption of both.

  • Jan

    Can we stop the staged rollout hating now?

    • Brian

      Only the smart people wouldn't be hating. I knew something was strange.

    • http://www.androidpolice.com/author/cody-toombs/ Cody Toombs

      Yup, this man gets it.

      Hey, even if there aren't that many people using full-disk encryption, the staged releases probably saved a good number of people from a pretty severe outcome.

      • Sir Oliver

        Number of people "saved" is very very small. It is

        S = Ad*(Fe*Sf)

        S = Number of people saved
        Ad = Applicable devices for OTA update

        Fe = Number of people having Full Encryption
        Sf = Number of people having Sticky Fingers (typed the wrong password)

        Number is probably in the vicinity of 17 ;)

        • Ximinez

          Effectively wiping the phones of 17 users is far too much.

        • Tarun Pemmaraju

          More like S = (Sf/Fe)/Ad where your answer is a percentage.

        • Andrew CD

          Thats a Prime Number, I like Prime numbers and 13 is my favourite

    • http://www.androidpolice.com/ Artem Russakovskii

      The biggest problem is lack of transparency and communication. If there was a simple page that had the status of the updates or at least some sort of updates on potential bugs and delays, nobody would have had a problem with it. But Google, as we know, is absolutely awful at explaining anything product-related. Same goes for changes between updates - for fuck's sake, tell us something.

      • Tills13

        why do you think they're obligated to tell us anything? Because we're impatient?

        • http://www.androidpolice.com/ Artem Russakovskii

          Because that would be a good thing to do. More transparency = everyone wins. It would take almost no effort too. Other companies manage to do it, and their users are much happier because of it.

          • Tills13

            Literally no one cares about the new update or its features until it's on their phone except us Android nerds. Google owes us nothing in terms of "transparency."

          • http://www.androidpolice.com/ Artem Russakovskii

            That's just like your opinion, man.

          • Tills13

            totally, just like it's your opinion that Google owes you changelogs and status updates.

        • Ca3ru5

          Because it's good customer service? Lack of information leads to speculation which leads to bad PR and malcontented customers.

          • Tills13

            Google is taking after Apple, who never touts patch or hardware features. If people want to find them, they can refer to AOSP.

  • Nick3030

    I read on xda or reddit that the nexus4 is also getting updated WLAN drivers. Can AP confirm?

  • Moeen Ahmed

    I STILL havent recieved the 4.4 update on my nexus 10. what the hell is going on? I dont understand why Google cant just update it for everyone at the same time?

    • blahmoomoo

      I'm pretty sure this article spells out the reason for staged rollouts quite clearly. There was a critical bug, and the staged rollout reduced the number of people who encountered the bug.

      However, as Artem commented, more transparency would be really nice.

    • Smirkis

      Did you even read the post?

  • ITGuy11

    What about the Moto X? Does it include these fixes in it's 4.4 update?

    • http://randomphantasmagoria.com/ Shawn

      The Moto X is based on KRT16M, so no.

  • GP

    I unlocked the bootloader and flashed KRT160 yesterday. Will I get the OTA or will I have to flash KRT16S?

    • Michael Pahl

      I got the OTA

      • GP

        That's awesome. Thanks.

    • Josh Legoza

      I flashed KRT16O to my 2012 N7 from the factory image yesterday apparently minutes before they released KRT16S, and very soon after it booted up it said I had an update. Confused the hell out of me! Quick search showed that they had just released the update. Sounds like due to the severity of that buy, KRT16S is being pushed immediately to any device running KRT16O. My 2013 N7 (which has been on KitKat for over a week) had the update waiting for me when I turned it on to check. I'm guessing you might already have the OTA.

      • GP

        Don't have it yet but hopefully soon. It's kinda wicked that yours was waiting for you right after you flashed KRT160 and booted up. :)

  • http://www.dljordaneku.com/ Darrell Jordan

    I guess this explains why I haven't gotten it on my 2012 Nexus 7 yet. My boys have been asking when their tablet would get it. Now I have an answer for them. :)

  • Aaron Stevens

    Hope that kernel update for Nexus 4 fixed the problem I had the other day with WiFi not turning back on until next reboot, this was on KRT16O.

  • lig

    Just updated my N4, did anyone else notice the new Settings icon? it is a wheel now!! wonder how many other things like that changed!

  • Matthew Fry

    Wish they'd have put something on the factory image page or removed the 4.4 binary. Through a set of unfortunate circumstances, I lost everything on my Nexus 10 upgrading to 4.4O, reinstalled everything, lost everything upgrading to S, and reinstalled everything in a span of a week. 12Mb/s seems fast until you download 8 gigs of games twice. Eh se la vie. Dangers of rooting, flashing, sideloading, etc.

    • PiLoT .

      *cest la vie

      • Matthew Fry

        I was kind of close!

      • DrakeTungsten

        *C'est la vie. ;-)

  • valapsp

    there definitely is something wrong with krt16s:

    • Marcus


      • valapsp

        those blurred texts and black bars.

        • Marcus

          Ahh I didn't see the screenshot at first. Weird.

  • arcy

    Anyone here updated their n7LTE manually? Any feedbacks?

  • aaron cooper

    I loaded the KRT16O version on my Nexus 4 when it was available, but no KRT16S over the air nor with the files that are already up. I have used Wugfresh's program the last few days to upgrade, I might give it another go tonight...

  • Rodalpho

    Interesting. I encrypt my N7 and was on KRT16O. It worked fine, except TWRP couldn't decrypt the disk. Android could, TWRP couldn't. I upgraded to KRT16S yesterday and everything now works fine.

  • Gustavo Mendoza

    Anyone else having issues performing the device encryption on their device AFTER the KRT16S upgrade? My Nexus 7 (2013) will not perform an encryption post upgrade even after factory reset...

  • Taskeen

    Last night I got update to KITKAT notification. Started to update then halted now all I am having is the KITKAT logo for hours,...tried to reboot nothing work. :( please help

  • Anuj Thapar

    Google google my sweet black sheep have u any new kitkat wool ... ;) or i finally update