An Update to Nexus Devices
Posted:
Wednesday, August 5, 2015
Security has always been a major focus for Android and Google Play: Android was built from day one with security in mind.
For example, the “Application Sandbox” model keeps applications running separately from other apps and the rest of the device to keep your data safe. With Verify Apps, over 1 billion devices are protected via Google Play, which conducts hundreds of millions of antivirus-like security scans of devices per day seamlessly in the background. Also, Android is open source so that anyone can comb through the code to identify and address potential security risks, which makes the platform stronger. In fact, the Android Security Rewards Program financially rewards security researchers who invest their time and effort in helping make Android more secure.
We believe the combination of these approaches has led to there being fewer than 0.15% of devices with any kind of potentially harmful app installed, as long as apps were installed from Google Play. (See more of our research.)
An additional approach to further increase the security of Android users involves updates to the device software. For the past three years, we have been notifying Android manufacturers every month through bulletins of security issues so that they can keep their users secure.
Nexus devices have always been among the first Android devices to receive platform and security updates. From this week on, Nexus devices will receive regular OTA updates each month focused on security, in addition to the usual platform updates. The first security update of this kind began rolling out today, Wednesday August 5th, to Nexus 4, Nexus 5, Nexus 6, Nexus 7, Nexus 9, Nexus 10, and Nexus Player. This security update contains fixes for issues in bulletins provided to partners through July 2015, including fixes for the libStageFright issues. At the same time, the fixes will be released to the public via the Android Open Source Project. Nexus devices will continue to receive major updates for at least two years and security patches for the longer of three years from initial availability or 18 months from last sale of the device via the Google Store.
Security continues to be a top priority and monthly device updates are yet another tool to make and keep Android users safe.
Posted by Adrian Ludwig, Lead Engineer for Android Security, and Venkat Rapaka, Director of Nexus Product Management
For example, the “Application Sandbox” model keeps applications running separately from other apps and the rest of the device to keep your data safe. With Verify Apps, over 1 billion devices are protected via Google Play, which conducts hundreds of millions of antivirus-like security scans of devices per day seamlessly in the background. Also, Android is open source so that anyone can comb through the code to identify and address potential security risks, which makes the platform stronger. In fact, the Android Security Rewards Program financially rewards security researchers who invest their time and effort in helping make Android more secure.
We believe the combination of these approaches has led to there being fewer than 0.15% of devices with any kind of potentially harmful app installed, as long as apps were installed from Google Play. (See more of our research.)
An additional approach to further increase the security of Android users involves updates to the device software. For the past three years, we have been notifying Android manufacturers every month through bulletins of security issues so that they can keep their users secure.
Nexus devices have always been among the first Android devices to receive platform and security updates. From this week on, Nexus devices will receive regular OTA updates each month focused on security, in addition to the usual platform updates. The first security update of this kind began rolling out today, Wednesday August 5th, to Nexus 4, Nexus 5, Nexus 6, Nexus 7, Nexus 9, Nexus 10, and Nexus Player. This security update contains fixes for issues in bulletins provided to partners through July 2015, including fixes for the libStageFright issues. At the same time, the fixes will be released to the public via the Android Open Source Project. Nexus devices will continue to receive major updates for at least two years and security patches for the longer of three years from initial availability or 18 months from last sale of the device via the Google Store.
Security continues to be a top priority and monthly device updates are yet another tool to make and keep Android users safe.
Posted by Adrian Ludwig, Lead Engineer for Android Security, and Venkat Rapaka, Director of Nexus Product Management
Galaxy Nexus? The iPhone 4S which came out a month earlier than the Galaxy Nexus is receiving the newest iOS version, not just a security update. You have to do much better than this.
ReplyDeleteThe iphone 4s is complete dog crap on the latest version of iOS.I have one right here on my desk and i want to throw it out the window.
DeleteTI no longer develops updated drivers for the OMAP processor found inside the Galaxy Nexus, so it's their fault that this device can no longer be updated. Apple, who makes their own A-series processors found inside the iPhone, does not have this problem.
DeleteHow's the app compatibility on the iPhone 4s? I hear a lot of the newer apps don't work on it. App fragmentation on iOS is far worse than OS fragmentation on Android.
DeleteHow's the app compatibility on the iPhone 4s? I hear a lot of the newer apps don't work on it. App fragmentation on iOS is far worse than OS fragmentation on Android.
DeleteHow much did you pay for galaxy nexus and what was the price of 4s?
DeleteApple stopped selling the 4S around this time last year. For them to keep supporting it isn't anything to brag about.
DeleteThe N7 was sold until 2013 and still is being updated. Apple typically will stop updates after one to two years of the device being off the market.
@Joel Anderson
DeleteSurely Google has the resources to hire a developer to develop updated drivers for a discontinued processor. Or pay TI some money to get updated drivers once a year for a new OS in case there are some proprietary knowledge that TI is unwilling to share.
@Joel Anderson
DeleteTI does not develop new drivers? So why does something like a cyanogenmod version with Android 4.4 or 5.x for the Galaxy Nexus exist? It should be impossible if your argument is a real show stopper.
If you like Apple so much, why do you care what Google is doing? Go read Apple blog updates.
DeleteIf you're running a phone with iOS 8, which goes all the way back to the iPhone 4s, the app will simply work. That's basically all there is to it. There's a few games that require an iPhone 5S or newer, but that's not common. It's pretty simple.
DeleteLol
Delete, you actually it's the latest OS and not a re skin and smoke and mirrors ...
Behind closed apple can play all sorts of games
Yes but soon it will not get updates and then with will be abandoned like all ios devices before it
ReplyDeleteFix the carrier ecosystem. What percentage of Android devices are Nexus devices? While a step in the right direction, this doesn't help a lot of people.
ReplyDeleteIt sounds like at least Samsung is making changes to help this.
Deletehttp://global.samsungtomorrow.com/samsung-announces-an-android-security-update-process-to-ensure-timely-protection-from-security-vulnerabilities
As a loyal nexus fan (not the 6. Too big) I welcome this! If you can make the updates so they don't break root or anything like that it would be that much better! (I know that's kind of Pipe dream).
ReplyDelete+1
DeleteAs a loyal nexus fan (not the 6. Too big) I welcome this! If you can make the updates so they don't break root or anything like that it would be that much better! (I know that's kind of Pipe dream).
ReplyDelete1) Flash system and related images in adb.
Delete2) boot into latest version of TWRP recovery and it will literally ask you if you wan to root the phone before rebooting the system.
It's just too easy now.
As a loyal nexus fan (not the 6. Too big) I welcome this! If you can make the updates so they don't break root or anything like that it would be that much better! (I know that's kind of Pipe dream).
ReplyDeleteI was waiting to see how Google handled this issue to determine whether I bought another Nexus phone, if it had been mishandled I was planning to buy an iPhone. If the information in this blog is correct I would be quite happy to buy another Nexus phone. I'm glad to see google taking security seriously.
ReplyDeleteExtending major updates support from 18 months to two years for Nexus devices is still not enough, but at least I am so glad to see Google are in the right direction.
ReplyDeleteCompare to Apple, a 2011 iPhone 4s can still get official OS upgrade support this year for IOS 9, that is four years support and that is double of what Google/Nexus offer now.
List price of a 64G iPhone 6 plus with 48 month support was $849, and 64G Nexus 6 with last 18/24 month support was $699, anyone with primary school education can easily figure out which one has better solid value and is better choice.
Apple stopped selling the 4S last year. For them to keep supporting it after "four years" isn't something to brag about.
DeleteIf you it once it comes out, you might have a point. But right now, a 16GB iPhone 5s is more expensive than a 16GB Nexus 6.
DeleteI still have my old Nexus 4 here. Not my everyday device but just for development. Still getting updates (it'll get Android M), it was released almost 3 years ago, and it cost $300.
This comment has been removed by the author.
ReplyDeleteThat's great news! Security updates are my main concern with Android, and this confirms my decision to only buy Nexus phones.
ReplyDeleteI'd love to the the updates as Nexus Factory Images ASAP thou, as my Nexus 5 is rooted so I can't use OTA updates (I think).
I second this.
DeleteI third it!
DeleteYES!
DeletePlease help out my Galaxy Nexus! I'm still alive here!
ReplyDeleteAnd what about galaxy nexus?) You didn't update android(its good for this device I have nightmare update android 5 on nexus 7 2012), but you can backport security fix to 4.3 and update. Or not?... =)
ReplyDeleteAnd what about galaxy nexus?) You didn't update android(its good for this device I have nightmare update android 5 on nexus 7 2012), but you can backport security fix to 4.3 and update. Or not?... =)
ReplyDeleteAnd what about galaxy nexus?) You didn't update android(its good for this device I have nightmare update android 5 on nexus 7 2012), but you can backport security fix to 4.3 and update. Or not?... =)
ReplyDeleteBut everyone dogfooding Android M Preview 2 is left vulnerable because Google delayed the P3 OTA!
ReplyDeleteAny such plans for Android One devices? We receive updates directly from Google too :)
ReplyDeleteThe better question is, once they're bored of doing the security patches, what next? Is the software going to be opened to allow us to maintain our own firmware, or will it be tossed in the trash and we're all outta luck? (I'm not sure what public docs and tools are out there, but they usually fall short of a proper hand-off)
ReplyDeleteCmon, guys -- commit to opening the toolchain and build process so we can cut firmware easily. That'd be great !
"I'm not sure what public docs and tools are out there"
Delete60 seconds of research would fix that problem. See https://source.android.com/source/building-devices.html. You may have also heard of CyanogenMod, enabled by AOSP. If not, see http://www.cyanogenmod.org/community.
It would be really nice of atleast Google has complete control over the security and most important Android update to fix vulnerabilities, not the OS to newer version (which is not possible). So that is available to every Android user without any delay.
ReplyDeleteThis is where I really miss my iPhone. But still lollipop 5.0 is a real pleasure to use!!!
ReplyDelete