Google Nexus Android Mobile Devices Get Tighter Security
Google will now start to issue monthly security updates for many Nexus Android devices to help keep users more secure against hackers.Security in Google's Android mobile operating system is getting more formal, with the introduction of new monthly security updates that will be issued over-the-air (OTA) to a wide range of Nexus mobile devices. The latest security step was detailed by Adrian Ludwig, lead engineer for Android security, and Venkat Rapaka, director of Nexus product management, in an Aug. 5 post on The Official Android Blog. "For the past three years, we have been notifying Android manufacturers every month through bulletins of security issues so that they can keep their users secure," wrote Ludwig and Rapaka. "Nexus devices have always been among the first Android devices to receive platform and security updates. From this week on, Nexus devices will receive regular OTA updates each month focused on security, in addition to the usual platform updates." The first such security update began rolling out on Aug. 5, they wrote, to devices, including the Nexus 4, Nexus 5, Nexus 6, Nexus 7, Nexus 9, Nexus 10 and Nexus Player. The first security update includes fixes for issues reported since July 2015, including fixes for the libStageFright vulnerabilities, they wrote. "At the same time, the fixes will be released to the public via the Android Open Source Project. Nexus devices will continue to receive major updates for at least two years and security patches for the longer of three years from initial availability or 18 months from last sale of the device via the Google Store."
The additional step is the latest in Android's arsenal to protect customers and their devices, wrote Ludwig and Rapaka. "Security continues to be a top priority and monthly device updates are yet another tool to make and keep Android users safe."
The StageFright vulnerability was raised publicly in July when it was reported by security firm Zimperium, according to an earlier eWEEK article. The flaw is estimated to expose as many as 950 million users to risk. The vulnerability is found in the Android Stagefright media library, which is a common element in Android versions 2.2 and higher. The flaws in large part are integer overflows that lead to potentially exploitable memory buffer overflow conditions, according to the report.