It's the first Monday of May, and that means there are some new factory images and OTAs for the Nexus line. As usual, these new firmware packages include the latest security patches from the preceding month, and possibly some bug fixes and optimizations, as well. While we'll be looking for changes in the AOSP changelog (coming soon), Google has posted the security bulletin to explain the major risks that that have been fixed in this release.
Google took special care to point out that the security bulletin has been renamed (from "Nexus" to "Android") to reflect its relationship to all devices running Android, not just those directly supported by Google. Read More
Google has released its second Android Security Annual report, and it's full of big, impressive numbers. The full report is 49 pages long and covers the state of Android security in detail, but the basics are covered in Google's latest blog post. The gist is, Google scans all the things to keep Android users safe. We're talking about billions of apps; the Verify Apps service sure is working overtime. Read More
Dev previews are by definition not finished, so bugs are to be expected. Sometimes bugs are also patched, though. You might have noticed something that looks broken in the new Android N dev preview recent apps list, but it's not. The missing app previews are actually addressing a bug in the secure apps flag. It's a security thing. Read More
In a perfect world, every manufacturer would update all of its Android phones and tablets every single time Google posted an update to AOSP. We don't live in that perfect world, but at least some of them have paid lip service to the new monthly security updates that Google has been issuing for the last eight months or so. Samsung is one of them... as long as the definition of "monthly" is stretched to something like "eventually." The company posted March's security update notes yesterday (on April 13th) and followed up with the April notes almost immediately. Read More
We're a few days into a new month, which means it's time for a fresh set of security updates for the Nexus family and the Android Open Source Project (AOSP). Factory images are available for most of the actively maintained devices, though it looks like the Pixel C is still waiting its turn. OTAs should also begin rolling out shortly, if they haven't already.
Google has already posted the associated security bulletin for April's update. Read More
Staying private online is easier said than done, but a few services are popping up that promise to shield your conversations from prying eyes. The Signal messaging app, previously known as TextSecure, comes to mind. But the WhatsApp team has been working on securing its messages using some of the same code, and now, after testing things out last month, the service is ready to roll out end-to-end encryption to all users. Read More
LastPass is known for keeping your passwords safe, but these days a password sometimes isn't enough. That's why many services have implemented 2-factor authentication (2FA) to secure your account. Now, LastPass is getting into 2FA with its own authenticator app called (predictably) LastPass Authenticator. Please ignore the iPhone above. It's on Android too. Read More
As is the (new-ish) tradition, Google rolls out security updates on the first Monday of each month. The factory images for March's updates are right on schedule with all of the recent fixes to shore up potential vulnerabilities in the operating system. LMY49H is the build number for the Nexus 10 update, which will remain cut off at Lollipop. Most of the other devices on the list are moving up to MMB29V, though a few other build numbers are available for special variants. Read More
It looks like there may still be a couple of missing images, like the Nexus 6P. Just keep checking back and they'll probably turn up shortly.
Samsung followed Google's lead last year to promise regular security patches for its most popular phones. It's been following through with the updates, and today it's time for the February patches. If you've got a flagship Samsung device from the last few years, you can expect an OTA notification soon. Read More
Two bills recently passed in the states of New York and California that aim to weaken smartphone security in order to combat crime. The laws would prevent the sale of smartphones with full-disk encryption that could not be unlocked by the manufacturer (at the request of law enforcement). In response, Rep. Ted Lieu of California, a Democrat, and Rep. Blake Farenthold of Texas, a Republican, have proposed a bill, the Ensuring National Constitutional Rights for Your Private Telecommunications (ENCRYPT) Act of 2016, that would block state-level attempts to ban encryption on smartphones sold in the US.
The bipartisan bill addresses multiple issues. Read More