AH 2015 Samsung LOGO-133

Samsung Introducing Patch Date Into Lollipop Firmware

December 6, 2015 - Written By David Steele

2015 was an interesting time for Android security news. We witnessed a significant security flaw being uncovered in April, called the Stagefright vulnerability, which could potentially allow an attacker to take control of a device via a downloaded video containing embedded code. Google had already implemented changes to the code, which meant that supported Nexus devices were shored up against the vulnerability. However, it took other manufacturers a number of days, weeks or months before they released their own software patches to secure devices. At the same time as the Stagefright vulnerability patch, Google promised to release monthly updates to Android in order to keep devices up to date. We’ve seen a change within Android 6.0 Marshmallow that details the date of the last security update, which makes it much easier for consumers to see the date of the software because a date is much easier to interpret than a firmware code. By way of example, the Nexus 7 I am using to write this article on has the security update patch applied as at the 1 November 2015 and is using firmware version MRA58V.

Following the announcement of monthly software updates, we have seen different manufacturers either promising to do the same, or in HTC’s case, calling the idea unrealistic. LG is one manufacturer with a promise to release monthly updates for Android devices, concentrating on the high end devices first – but at the time of writing, it has not implemented the monthly Android update cycle as none of its devices have yet to receive the update to Android Marshmallow. We have seen alleged leaks of Samsung’s Marshmallow update roadmap, but Samsung have made another detail change to the latest Android 5.1.1 Lollipop ROMs by showing the current update patch date of the software. This resides in the About command in device Settings, under the “Android security patch level” field. So whilst this hasn’t introduced Android 6.0 Marshmallow yet, it does help customers see how up to date their device is – and it’s a feature we are confident Samsung will continue to implement going forwards. It seems that Samsung are preparing to follow through on their promise of improving device security and visibility of device security status, too.

To date the new field has appeared in Samsung Galaxy S6 Edge+ and Samsung Galaxy Note 5 ROMs released into both European and Middle Eastern regions, but we can expect the feature to roll out across the rest of the world in due course. It is not yet clear if Google have mandated that the software release date is included into Android or if Samsung have voluntarily included it.