Follow ZDNET: Add us as a favorite source On Google.
Key takeaways of zdnet
- Google can change how Android security updates work.
- But large patch cycles can give more time to hackers.
- The ‘high-risk first’ model can streamline OEM patch.
Google is considering the overhaul of the security patch update rollout in a bid to improve Android security.
Risk-based updated system
As Android authorityThe new system-“Risk-based updated update system” (RBU) dubbed-dubbed-manufacturer (OEM) will continue to protect Android users by streamlining patching processes.
Too: The most powerful safety facility of your Android phone is hidden and closed by default – turn it on now
Currently, Google operates the Android Security Bulletin (ASBS) listing list for weaknesses affecting the Android operating system. Android partners and OEMs are informed about all issues at least one month before public release.
Instead of throwing every available fix for everything from high risk, significant weaknesses for low-risk bugs in a monthly ASB, Google can focus on shipping updates for important real-world issues within their monthly patch cycles. Therefore, if a vulnerability is being actively exploited in the wild or is considered a highly risk for user privacy and security, it will be more rapidly patched than a low-risk refusal-service-service memory problem.
Too: Google Android is killing the phone facility that once made them popular – and a big reason is
As mentioned by publication, however, there is a difference between an official “significant” rating issued by the authorities in CVSS scoring and what technical giants can do high risk. This means that a safety issue with a low CVSS score that is used in a comprehensive exploitation chain can be included in the theoretically, monthly updates.
This means that other, ‘low risk’ security problems can be infected in quarterly ASB patch cycles.
What does this mean for OEMS?
OEMs use Android operating systems to operate their devices, but this does not mean that they follow the same security patch updated cycles, and many run their own bulletins. Google wants to reduce the sheer number of fixes that need to be deployed on the Android handset, which may mean that the low patch needs to be tested and deployed on a monthly basis.
If high-risk insects are dealt with first, it can give the OEM more breathing chamber and more control they want to deploy, and when.
Too: I still like my Google Pixel 9 Pro on expensive flagship – and it’s not even close
However, a negative side is that there may be a delay in resolving safety issues, which may give more time to the danger actors to use safety flaws in their attacks. It is also a risk that upcoming release may be leaked, allowing the attackers to pay attention to what the bugs are due and when.
The quarterly ASBS will probably be very large, and if you consider Google it is already displayed September ASB, which included improvements for over 100 weaknesses. Compare it july Or augustIn which no or very low bugs were listed in the bulletin.
A Google spokesperson told ZDNET, “Android and pixel security bulletins are published monthly.” “To protect users, we create powerful protection in the foundation of Android. Android wide platform strictly prevents exploitation at the source at the source, such as our use and advanced opponent protection of the war of memory-saf language. Security protection. Android and pixels consistently address the prioritizes and the first people give priority.
Too: 7 ways to shut down your phone safety – before it is too late
In related news, starting next year, apps were installed behind developers Fasting Tools will be required to verify yourself. In particular, sideloading – a tunnel that allows users to bypass Google Play and install applications from rejected sources – will be restricted, and Google says that this should allow the company to clamp on fake and fraudulent software.
