T-Mobile began rolling out security-centric updates to Nexus devices yesterday. As we already know, there aren't any big changes due out in this release, but Google has pushed the latest code up to the Android Open Source Project (AOSP) for the world to see. As usual, we've put together a changelog for easy reading.

Updates for T-Mobile devices are built from a dedicated branch in AOSP with custom code to support the Wi-Fi calling feature. As it turns out, the list of changes for this update to LMY48M closely resembles the r6 to r9 update from last month, otherwise known as the update that (mostly) fixed Stagefright. Quite simply, T-Mobile didn't post OTAs for its devices when Google released its updates. We'll have to wait to see if updates will begin to follow the plan for monthly security updates from here on out.

Even though there is a lot of overlap with an older changelog, there are still a few brand new commits to look at. It's likely T-Mobile's update encompasses fixes from both last month and this month. The full changelog is linked below, but I've listed out just the items that are unique between the two updates:

  • platform/external/skia
    • e28401b : DO NOT MERGE Prevent integer wrap around for malloc size when creating a SkRegion
  • platform/frameworks/av
    • 6fe85f7 : MPEG4Extractor.cpp: handle chunk_size > SIZE_MAX
    • 304ef91 : Guard against codecinfo overflow
    • a5d9298 : Revert "DO NOT MERGE: Lock drm plugin API calls globally, not per MediaDrm instance"
    • d776139 : DO NOT MERGE: Lock drm plugin API calls globally, not per MediaDrm instance
  • platform/frameworks/base
    • 8fba7e6 : Prevent insanely long passwords from crashing SystemUI
    • 1e72dc7 : DO NOT MERGE: Ensure that unparcelling Region only reads the expected number of bytes
    • 4cff1f4 : Check that the parcel contained the expected amount of region data. DO NOT MERGE
    • 0e40462 : Revert "DO NOT MERGE Backport of limited jank-tracking metrics
    • d5a4a1a : DO NOT MERGE Backport of limited jank-tracking metrics
  • platform/frameworks/native
    • e68cbc3 : Disregard alleged binder entities beyond parcel bounds
    • 7dcd0ec : Verify that the native handle was created
  • platform/frameworks/opt/telephony
    • df31d37 : Externally-reported Moderate severity vulnerability in SMS: Apps can bypass the SMS short code notification prompt
  • platform/system/core
    • e8c62fb : Prevent integer overflow when allocating native_handle_t
  • platform/system/security
    • bb9f439 : Fix unchecked length in Blob creation

Most of the changes are related to memory management and potential overflows, which means they're probably closing up some potential targets for malware. A few more bug fixes are mixed in for good measure, but nothing we're likely to notice in regular usage. At least T-Mobile is getting caught up and getting the fixes out there. I've got a hunch Google will have an update coming out shortly that looks eerily similar to the list above.

UPDATE: 2015/09/10 3:16pm PDT BY

Changelogs added for Android 5.1.1 r15 through r18

Shortly after the changelog went up for the r14 update, Google posted a stream of new tags for different devices in the Nexus family. It should come as little surprise, these changelogs basically line up with the additions from r14. After all, they are part of the monthly security updates.

The factory images have been posted and it looks like the Nexus family will be using the same build number T-Mobile began rolling out. Aside from the Nexus 6, which still comes in 3 flavors (T-Mobile, Project Fi, and regular), all of the Nexus phones and most of the tablets are back on the same build number: LMY48M. The Nexus Player, 2013 Nexus 7, and all flavors of the Nexus 6 will probably remain on separate build numbers. Though, we can hope the release of Android 6.0 puts all of them in line.

Android 5.1.1 r14 (LMY48M) - android-5.1.1_r3 -> android-5.1.1_r14 (Nexus 4, 5, 6, 9, and 7 Wi-Fi)

Android 5.1.1 r15 (LMY48N) - android-5.1.1_r14 -> android-5.1.1_r15 (Nexus Player)

Android 5.1.1 r16 (LMY48P) - android-5.1.1_r15 -> android-5.1.1_r16 (2013 Nexus 7 - deb)

Android 5.1.1 r17 (LYZ28K) - android-5.1.1_r12 -> android-5.1.1_r17 (T-Mobile Nexus 6)

Android 5.1.1 r18 (LVY48F) - android-5.1.1_r13 -> android-5.1.1_r18 (Project Fi Nexus 6)