I bought a Huawei MediapadM2 8 LTE in December 2015, it never received any Android updates and so is stuck on Lollipop 5.1.1. Given that Google actually releases regular security patches now, is this old version of Android inherently not secure and are there things I should avoid doing with it. The tab itself is great for playing games and media consumption but I have stopped using it for anything where I would need to enter financial information.
https://forum.xda-developers.com/attachment.php?attachmentid=4575649&stc=1&d=1534662898
damole said:
I bought a Huawei MediapadM2 8 LTE in December 2015, it never received any Android updates and so is stuck on Lollipop 5.1.1. Given that Google actually releases regular security patches now, is this old version of Android inherently not secure and are there things I should avoid doing with it. The tab itself is great for playing games and media consumption but I have stopped using it for anything where I would need to enter financial information.
Click to expand...
Click to collapse
The earlier versions of Android are very insecure especially Lollipop with no updates. Even without storing and using the tablet for sensitive information it can still track your media preferences and if infected can record your voice/data or even be used as a gateway to hack other machines (with wifi network or with tethering). Not to worry though you can find a rom for your device or try developing one by yourself this will be a more recent version without all the security holes and has recent updates.
The forum for your device is here
Related
Android has a very flexible and dynamic software model but it has one critical flaw.
It is very very common for app updates to break applications and once an app is broken by an update there is no recourse. It has happened to me at least 6 times in the last 2 years.
Here is a typical scenario:
1) You have a great app that works perfectly
2) You get a notification that there is an update to this app ..... you install it
3) The app is now broken after the update either it crashes or it fails to do what it supposed to do.
4) At this point you have absolutely no recourse except email the developer or look for an apk
5) Live without the app you bought sometimes for months
This is not an acceptable situation. The Play Store and developer rules need to be changed so that users can revert to the previous version for at least one month after an update. This is a major flaw and why many people are very afraid to update any app.
The worst example is with HTC phones and Google Navigation. Many HTC One S phones have been unable to run Google Navigation after the 4.1.1 update. This problem has been unresolved for almost 8 months .... that's 8 months without the Navigation app and that's a major function of the phone. If you can revert to a version that works this is not a big issue, but that isn't possible. In the end it was easier to get a new phone than address this issue.
Althought Motorola want us to believe the Moto X Play was protected from stagefright vulnerability right after launch, I tested it using Zimperium StageFright Detector and it appears that the phone is still vulnerable. The app is showing CVE 2015-3864 vulnerability as exploitable. On my old Galaxy SIII, I had latest CM12.1 nightly and there was no exploitable vulnerabilities. I guess it will take a while before we can get CM on the Moto X Play.
Same with mine. Arrived on September 2nd, Stagefright is not 100% fixed. The only reason I ordered it were the promises from Motorola that it is fixed on launch.
Besides of this, it does make a difference telling people the phone comes with 16 GB of space and only listing it as 11 GB.
I use Textra for messaging, it has builtin protection.
For now, the issue is non-existant. But yeah, it'd be nice to have something builtin!
It's ok to use alternatives, but as Motorola promises fixed on launch, I want them to fix their build at launch.
I'm not even sure if the fix for CVE 2015-3864 is in the AOSP code for 5.1.1 right now. I know that on CM12.1, we had to wait until mid-august to have all vulnerabilities fully patched.
I should've googled it before, there's a way to patch it and it's on XDA Forum here. Only problem is that, again I don't have enough knowledge to create a custom ROM of our Moto firmware using this patch. Meanwhile, you can use Google Messenger app. It has been updated to avoid downloading automatically video from MMS.
MMS is just an example vector of attack. Stagefright exploits can be used in media played/showed anywhere in the system (email, website, etc.). Having MMS auto download disabled helps a bit, but it's far from being a real solution.
Hi,
First sorry for this vague post. I am on Android since 2012. During 2012-2014 I used to try out lots of custom ROMs as I was in college and I had mobile like Samsung Galaxy S3 and then later Nexus and the OEM abandoned the updates after a while. After that I started working and since then have been on multiple Google line of devices, first Nexus and now my latest is Pixel3. I am generally happy with the phone. However, my Pixel3 stopped receiving updates I started thinking why I should dump this and buy a new one when it's perfectly working fine for my need.
I just came to this site after like ages to see what is the current status of custom ROMs. It seems overwhelmingly new now. I remember back then we had some sharp edges and something or other didn't work. Since then I am more into google ecosystem now. I use google Fi for phone. I like and use most of the google feature. So just wondering what will I lose by moving to custom ROM and am I ready to live without those features or should I just accept that I will not have any updates and if I need the updates I will have to buy a new phone.
I am not much interested into rooting and gaining advanced controls or doing anything extra nerdy. I will be perfectly happy with just getting the security patches and whatever feature is there if they keep working.
1. what are some good custom ROMs popular these days?
2. What are the things I'd lose moving to custom ROM?
3. Does all hardware for ex: Finger print, NFC work?
4. What about google apps, I mostly like all google app like camera, google pay, phone, play store
5. I like the google specific features like call screening and google assistance, google feed. I guess I will lose those.
6. I also use google Fi, can I still use that seamlessly or is there any gotchas I need to be aware of?
7. Is there any other way to keep my phone Googlized and receive security updates. It is totally acceptable if I can get security patches after some delay and not via OTP but have to sideload manually.
r0b0 said:
Hi,
First sorry for this vague post. I am on Android since 2012. During 2012-2014 I used to try out lots of custom ROMs as I was in college and I had mobile like Samsung Galaxy S3 and then later Nexus and the OEM abandoned the updates after a while. After that I started working and since then have been on multiple Google line of devices, first Nexus and now my latest is Pixel3. I am generally happy with the phone. However, my Pixel3 stopped receiving updates I started thinking why I should dump this and buy a new one when it's perfectly working fine for my need.
I just came to this site after like ages to see what is the current status of custom ROMs. It seems overwhelmingly new now. I remember back then we had some sharp edges and something or other didn't work. Since then I am more into google ecosystem now. I use google Fi for phone. I like and use most of the google feature. So just wondering what will I lose by moving to custom ROM and am I ready to live without those features or should I just accept that I will not have any updates and if I need the updates I will have to buy a new phone.
I am not much interested into rooting and gaining advanced controls or doing anything extra nerdy. I will be perfectly happy with just getting the security patches and whatever feature is there if they keep working.
1. what are some good custom ROMs popular these days?
2. What are the things I'd lose moving to custom ROM?
3. Does all hardware for ex: Finger print, NFC work?
4. What about google apps, I mostly like all google app like camera, google pay, phone, play store
5. I like the google specific features like call screening and google assistance, google feed. I guess I will lose those.
6. I also use google Fi, can I still use that seamlessly or is there any gotchas I need to be aware of?
7. Is there any other way to keep my phone Googlized and receive security updates. It is totally acceptable if I can get security patches after some delay and not via OTP but have to sideload manually.
Click to expand...
Click to collapse
1. LineageOS
2. I have not found anything lost.
3. Yes
4. You can download the Google Camera app from the play store. Probably the phone app also, but I have not tried it. Google Pay will require rooting and Universal SafetyNet Fix module.
5. Don't know, as I don't use them.
6. I don't use Fi, but would expect it to work.
7. I'm not aware of any other way, but have not looked. Lineage does everything I need.
So is there a way to get security updates without updating to A13?
I wouldn't think so but don't know for sure, sorry.
Pretty sure you can't. If you go to the Factory Images page for directly downloading the img file, the last Android 12 security update ends in July. I don't see any way to more forward without upgrading to 13:
Factory Images for Nexus and Pixel Devices | Google Play services | Google Developers
developers.google.com
Thanks. Kinda what I thought.
It will be interesting to see what happens in about 3 years. The 6a is guaranteed security updates for 5 years, but OS upgrades for only 3. So, in 3 years, will they continue to backport security updates to A15 for a couple more years, or will they find it easier to move the 6a to A16, etc.
mike.s said:
It will be interesting to see what happens in about 3 years. The 6a is guaranteed security updates for 5 years, but OS upgrades for only 3. So, in 3 years, will they continue to backport security updates to A15 for a couple more years, or will they find it easier to move the 6a to A16, etc.
Click to expand...
Click to collapse
Older versions of Android continue to get security updates (to an extent), but Google will not simultaneously release updates for multiple OS versions for the device. When Google decides to stop providing new OS versions for the Pixel 6a, it will continue to receive security updates for the last OS version it received until the EOL.
I'm a fan of Google-free Custom ROM and use mainly crDroid on Xiaomi and Motorola devices.
However because some Apps (not needed daily) require a locked device and Google Android system with all security features I am looking for a secondary smartphone which can be used for such Apps at home over WLAN, no mobile phone monthly payment plan is planned so just the cheapest possible SIM to receive SMS and maybe have a little 4G-Traffic, because some Apps require that for security functions. Other features are reliable battery and not too small screen (6.2"+)
Because buying a new Pixel for over 300$ is not a good option for this use case (even my main phone did not cost much more) I am looking for the currently good devices which have Stock bloat-free Android, foreseeable updates and do not cost a lot. So either low-mid-range new smartphones or used ones.
While there are some helpful sites about such new and also expensive devices (Pixel 7, ASUS ROG 6D/Zenfone 9, Moto Edge 30 Fusion, ) https://www.androidauthority.com/best-smartphones-stock-android-844672/ I have not found a lot comparing affordable devices like Pixel 6a, Nokia X30, Nothing Phone 1 or even cheaper used options.
Is there a list of which brands have stock android devices?
Thanks for any alternative mention.
I was going to suggest running a GSI but that would require unlocking the bootloader. Are you aware that most apps can still be used on unlocked + rooted devices? You aren't going to find anything at a fairly low price that is going to continue to get updates for the forseeable future. Pixel 6a will no longer receive updates beyond July 2025.
If you run a GSI on a Treble compliant device you can potentially continue to get updates far into the future, especially if you pair it with a Generic Kernel Image. But, again, this would require using Magisk + mods in order to pass Play Integrity so you can use GMS dependent apps, as well as possibly other solutions such as Shamiko if the apps you use specifically detect root
Thanks. While not deeply I tried the Magisk/Mods route but would like to avoid it because it gave constant update problems from the "security" checks of the Apps I would use (Banking, OTA generation, public ID services). Meaning the troubleshooting is nagging. It is a shame that for common citizen services both public and by private firms you need a smartphone completely tied into the Google or Apple ecosystem. An alternative is often not anymore provided!
I am ok if the device has no more updates in 18-24 months. So maybe a cheap Moto like E40, G22, G31 would suffice. They all have A11 preinstalled, not sure if A12/13 upgrades or only security updates are provided. Since the Cam, 5G, RAM, Memory, etc. are all not so relavant just the system + Apps and usage (maybe including fingerprint option) is relevant.
I will even try if an old Moto G5 Plus Android 8.1 (via Update) works - unfortunately the battery is damaged/unreliable on that phone.