With the number of threats and exploits targeting mobile devices increasing rapidly, Android gets left behind as companies like Apple rapidly take action to fix the issues on their own platforms. Meanwhile, the now infamous update schedule for Android makes this a very serious problem for Android users, which have to patiently wait for mobile manufacturers to eventually give them the update instead of getting it from Google directly. Well, it seems like someone took notice of this issue, because Google, Samsung and now LG are now committing to monthly security updates for their devices.
Android software updates are a mess. There’s nothing painful about the installation of an update itself, but the real issue is the frequency and scheduling of it. While iOS users get regular and immediate updates, Android users are still left at the mercy of Google and the manufacturers when it’s time to get a bug fix or a new version of the operating system. Things have gotten a bit better, but it’s still far from ideal. One of the worst things about this is how it wcan make the users vulnerable to serious Android exploits, since it takes a long time to get a fix. But that’s about to change, since some of the big-name OEMs like Samsung and LG are committing to monthly security updates from this point on.
This new measure is announced after the unveiling of the Stagefright bug, a very serious Android exploit that leaves the user vulnerable to remote code execution using a simple MMS message specifically crafted to trigger the bug without the user even having to open it, in most cases. It affects Android devices from version 2.2 up to Lollipop, the most recently released version of the operating system. The Stagefright bug is a very serious issue that highlights the problem that Android’s lack of regular updates poses to the users, but now that monthly updates are being scheduled, things are looking up in terms of safety and stability, with major issues like Stagefright being potentially fixed right away and deployed over the month.
To find out if you’re affected by the Stagefright bug, there is actually a handy little app that will test your device and let you know the result. You can download the app here, from the Play Store. The app is simple to use: just open it once it’s done installing, and you will see this screen:
Then, just tap the button. The app will test against the known attack vectors for the exploit, which shouldn’t take long, and in the end it will report the result:
If you’re affected by the bug, you should update your device as soon as possible. If it’s a recent device from a brand like Samsung, Sony, LG and HTC, you’ll probably get an update soon, if you haven’t already received it. If it’s an older device, you may not get a fix at all – which leaves you fully vulnerable. In that case, there are still a few things you can do to protect yourself. The best course of action would be to install a new ROM that has the fix. For example, the latest CyanogenMod releases already include the necessary fix. If you don’t want to do that, or if you’re unable to find a new ROM for your device, you can still make sure the bug doesn’t affect you by changing a few of the settings in your messaging app. The option you’re looking for should be named something like “automatically retrieve MMS messages”. For example, in the Samsung Galaxy S6, the option is under “Multimedia Messages”:
In the end, it’s a nice thing to see manufacturers being more proactive when it comes to updating their devices against serious issues. It’s a shame that updating an Android device is still such a big deal after all this time, and exploits like this really highlight the need of some sort of universal update system similar to iOS. Since that is not possible for now, this is the next best thing. Security needs to be taken seriously on mobile devices, since they contain so much of our data and information – and it’s nice to see that Google is finally taking steps to help ensure that.