Thursday, 08 December 2016 12:40

Android Security Bulletin: Everything you need to know


Google has detailed the latest Android Security Bulletin and released the fixes for Nexus and Pixel devices.


These are exploits and other security concerns that affect Android as a whole. Issues with the operating system, kernel patches, and driver updates may not affect any particular device, but these need to be fixed in the Android base by the folks maintaining the operating system code. That means Google, and they've detailed the things they have improved for this month.


Updated factory images for Pixel and Nexus devices that are supported are available, and over-the-air updates are rolling out to users. If you don't want to wait you can download and flash the factory image or OTA update file manually, and here are some handy instructions to get you started.


These changes have been released to the people making Android phones for at least 30 days, but Google can't force anyone to deliver them to you. If you're using a phone from Samsung, LG or anyone besides Google, you'll need to wait for them to send an update and shouldn't try to flash any of the above files.





Of course, Google has safety checks in place to prevent any problems on your phone because of any security exploits. Verify Apps and SafetyNet are at work anytime you add an app to your phone, and seamless updates to Google Play Services will keep them up to date regardless of any hold up from a manufacturer or carrier. Details and incident numbers can be found in the yearly Android Security Review (.pdf file).


Highlights for December 2016


December 2016's update comes with two patch dates: 12/01/2016 and 12/05/2016.

  • Fixes in the 12/01 update cover Android in general, and address issues with the Android operating system itself. The most serious exploit addressed was in the CURL library (software used to transfer data that covers most transfer protocols and security certificates), where a man-in-the-middle attack could be performed by someone with a spoofed security certificate. Other patches for Smart Lock, the telephony system, and comm stack are also included.
  • The 12/05 patch date covers issues with the kernel or drivers. These aren't part of Android, but Google is the central maintainer and assembles updated code and resources from the folks making the hardware components. This time we see fixes for serious exploits from Qualcomm, MediaTek, and NVIDIA — so chances are your phone needs these. Samsung's Exynos chips are covered outside of the Android Security Bulletin and are patched by Samsung themselves.


If you get an update with a patch date of 12/05 you also have every issue addressed by the 12/01 update in place.






World's leading professional association of Internet Research Specialists - We deliver Knowledge, Education, Training, and Certification in the field of Professional Online Research. The AOFIRS is considered a major contributor in improving Web Search Skills and recognizes Online Research work as a full-time occupation for those that use the Internet as their primary source of information.

Get Exclusive Research Tips in Your Inbox

Receive Great tips via email, enter your email to Subscribe.