Still holding on to its promise, Google has released updates for its most recent Nexus devices that carry within it the latest security patches for Android. Although no high profile security exploit has been reported for the past month, Google isn’t letting its guard down. Factory images are already available on the Nexus developer web page and OTA links will soon follow. Users, on the other hand, are expected to wait for the update to land on their devices. Unless, of course, they intend to start fresh and flash the factory image themselves.
Ever since the Stagefright scare on Android, Google has become more proactive in addressing security concerns on Android. In addition to the monthly security bulletins it gives its partners, it also releases monthly updates for its Nexus devices. It is somewhat easier for it to do so, considering it controls updates directly. OEM devices aren’t so lucky.
For February’s security bulletin, which was given to partners January 4, 2016, two critical vulnerabilities where closed. The first one again affects the mediaserver service, which can compromise a system when a malformed media file sent through email, web page, or MMS is processed. A relatively newer vulnerability was found in the Broadcom Wi-Fi driver, which exposed users to hacking attack if connected on the same network as the hacker.
Google again emphasizes on how it has designed Android and its features to mitigate such vulnerabilities. Security features like Verify Apps and SafetyNet ensure that malware isn’t installed even if an app is installed via a third-party source. In addition, Google Messenger and Hangout apps have do not, by default, pass media files to the likes of mediaserver, in response to the Stagefright issue.
The factory images with the security fixes are now available on Google’s web page for users as well as ROM developers to download and use. Supported devices include the Pixel C, Nexus 6P, Nexus 5X, Nexus 6, Nexus Player, Nexus 9 both LTE and Wi-Fi, Nexus 5, Nexus 7 2013 both Wi-Fi and Mobile models.