Recently a pretty nasty vulnerability in Android was discovered.
It's being called Stagefright, and it affects versions 2.2 Froyo and newer of
the OS. There is a fix, and thankfully it's now starting to be deployed through
over-the-air updates by different manufacturers and carriers.
But to ensure a more swift response to future situations of this nature, two
companies that are very important to the Android ecosystem have
announced some similar measures today.
Let's start with Google, the developer of Android and the company in charge
of software updates for the Nexus line. It has unveiled that, going forward,
it will release monthly security updates for the Nexus devices, in addition to
the usual platform updates.
The first such security patch is in fact rolling out right now to the Nexus 4,
Nexus 5, Nexus 6, Nexus 7, Nexus 9, Nexus 10, and Nexus Player, fixing the
aforementioned Stagefright exploit. According to Google, Nexus devices
receive security updates "for the longer of three years from initial
availability or 18 months from last sale of the device via the Google Store".
At the same time, Samsung, the biggest Android device maker, has
committed to implementing a new security update process for its products.
This will fast track patches when new vulnerabilities are uncovered. The
updates will come to Samsung devices over-the-air "regularly about once per
The Korean company is already doing some fast tracking in issuing a patch
for the Stagefright bug, but it "plans to further develop this process and
implement it as a timely security update practice".