News

Google has made a huge change to the monthly Android Security Bulletin

News Room
News Room

Did you notice something strange about recent Android Security Bulletins (ASB)? The July release listed no security vulnerabilities for Pixel phones, while the September update counted 119 such flaws. This was not a coincidence but a change made by Google to the monthly ASBs that are disseminated monthly. There are actually two of them released each month, and the one you’re familiar with is the one released publicly on the first Monday of each new month. 

There is also a private ASB that is sent to phone manufacturers and companies that supply chips to them. The latter is distributed 30 days before the public bulletin is sent out so that the manufacturers and chip suppliers can test the patches before they are announced.

Google changes how it releases the monthly Android Security Bulletin

Not all Android phones receive the security patches each month. Those models that don’t (typically budget and mid-range Android phones) might receive them quarterly, twice a year, or not have Android support. As a result, these models are at risk of being exploited, and personal data, including the credentials used by an individual to open his or her apps, can be stolen and used to wipe out financial accounts. To help prevent this from occurring, Google has made a change to the Android Security Bulletin as it implements a new release strategy called “Risk-Based Update System” (RBUS).

Google now releases only information about “high-risk” vulnerabilities monthly. As a result, the majority of software fixes will be received on a quarterly basis. So what does Google consider a high-risk vulnerability to be? The company defines these as crucial issues that need to be addressed immediately, including ones that are being actively exploited or are part of an exploit chain. The latter is a series of multiple vulnerabilities linked together by an attacker to help him achieve a larger goal, something like taking control over the full system of a phone.

Calling a software flaw “high risk” in this manner is different than the “critical” or “high-severity” vulnerabilities that appear in the ASBs.

Manufacturers will benefit from Google’s new security bulletin release plan

With the new ASB release plan, phone manufacturers will have fewer difficulties releasing updates each month. At the same time, this could allow them to release more frequent security patches for certain handsets. The manufacturers will also be able to focus on releasing the larger quarterly updates while limiting the monthly releases to the aforementioned “high-risk” vulnerabilities.

With the new plan, we should expect to see some monthly bulletins, like the one for the Pixel this July, released with no vulnerabilities to list, although two functional patches were included with that update. Functional patches exterminate bugs that prevent a feature from working correctly. A security patch eliminates a flaw that creates a security hazard when exploited.

While Pixel users had no security patches to deal with according to the July bulletin, Samsung’s monthly July report said that Samsung Mobile patched 17 Samsung Vulnerabilities and Exposures (SVE), along with a couple of issues that were patched by Samsung Semiconductor.

What you should know about this

Actually, most phone owners probably don’t think twice about the monthly security releases. Pixel enthusiasts are much more interested in the quarterly Pixel Feature Drop than the monthly security release. Functional patches are also more eagerly awaited than security patches because they exterminate a bug that prevents you from doing something with your phone. While security patches are obviously very important, installing them doesn’t result in a change to the software that you can notice.

Even so, whenever you receive a monthly, quarterly, or even a semi-annual security update, you should install it right away. The faster you have these updates installed, the sooner your Android phone is protected from attackers looking to break into your device.

“Iconic Phones” is coming this Fall!

Good news everyone! Over the past year we’ve been working on an exciting passion project of ours and we’re thrilled to announce it will be ready to release in just a few short months.

“Iconic Phones: Revolution at Your Fingertips” is a must-have coffee table book for every tech-head that will bring you on a journey to relive the greatest technological revolution of the 21st century. For more details, simply follow the link below!

LEARN MORE AND SIGN UP FOR EARLY BIRD DISCOUNTS HERE

Read the latest from Alan Friedman

Share This Article
Previous Article Windows 11 Pro Is Just $13 for a Limited Time
Next Article How to Switch to Google Fi
Leave a comment

Leave a Reply

Your email address will not be published. Required fields are marked *

Stay Connected

Latest News

5 reasons the streaming era has been a complete failure so far
News
‘Dear Apple’
News
YouTube Premium’s main shortcoming is stopping me from subscribing
News
How Applicant Tracking Systems are Using AI to Improve the Hiring Funnel
Gadget
Lost your password?