If you use a Google Pixel Handset, your phone is protected against a vulnerability that could cause a PNG file to completely ruin your system. If you use almost all other Android phones, your phone is vulnerable. This is a problem.
Recently, Google released the February security update for Pixel Devices, which closes a gap that allows malicious PNG files to "execute arbitrary code in the context of a privileged process". Put simply, the code can do this. Run at a high level and steal your information ̵
That is, any PNG that comes to you – be it in an email, a messaging client or even via MMS – could potentially hijack the system and steal valuable data. That is, on any phone that is not a pixel because they are now protected. The phones from Samsung, LG, OnePlus and most other manufacturers are still prone to this error. We must start to keep manufacturers at a higher level when it comes to security updates. Period.
I currently have four Android phones within easy reach: Pixel 2 XL, Pixel 1, Samsung Galaxy S9 and OnePlus 6T. The two pixels are patched and protected with the February update, but the S9 and 6T are only available on the December patches. This means that newer vulnerabilities – such as this PNG version – are not patched on both handsets. Considering the fact that Samsung Galaxy devices are among the most popular mobile phones in the world, this is problematic.
However, this is not just a problem because of the current issue. This is a dynamic problem that is a constant concern – or at least it should be. As long as there are new security holes, delayed security updates are always a problem. Put simply, this will always be a problem as security vulnerabilities are guaranteed.
While the "fragmentation" of Android (since the introduction of the platform in essence) has long been a problem when it comes to full operating system updates, this should not apply to security updates. These are not "new features are cool, and I want them" updates, these are important data protection updates. Regardless of whether they are small or not, this should not be overlooked by any consumer. Always.
CONNECTED: Fragmentation is not Android bug, it's the manufacturer
Currently, manufacturers are doing a terrible job to protect their users. Not all operating system updates (or even point versions) are annoying, but security updates are not acceptable. It sends a message that can not be ignored: it says that the phone manufacturer is not interested in your data. Your information is not important enough to protect her.
Security updates are not as extensive as full operating system updates or even point releases. They are published monthly by Google. So they are much smaller and can be more easily embedded in the system – even for third-party manufacturers. Again, there is no real excuse not to make this a priority.
Last year, Google required that manufacturers offer at least two years of security updates for mobile phones. (Pixel phones are guaranteed to get three years.) The problem with that? Only "at least four" updates are required within one year. That's not monthly quarterly – and that's exactly what most manufacturers do. The bare minimum. And it's just not good enough.
Why? Because new vulnerabilities are always revealed. I do not want my data to be potentially compromised while I wait for my phone manufacturer to prepare the security updates for three months in an update. I want them to be published by Google immediately after publication. 19659004] This PNG vulnerability is only an example . Month after month, these types of issues are discovered, and with most vendors releasing security updates months later, your data stays exposed for much longer than is acceptable.
I wish there was a simple answer to fix the problem. Unfortunately not. Until manufacturers start taking your information seriously, there is only one answer: buy another phone. Apple and Google have routinely proven that they care about users' data. Therefore, iPhone and Pixel Handsets are an excellent choice for users who want to do anything to protect their data.
As cliché as it sounds (and I'm tired of hearing it): It's time to tune with your wallet. Do not buy phones from manufacturers that are not interested in your details. Only then do they know that this is serious.