1000$ phone - no security updates

Toggle sidebar Toggle sidebar
pool_shark said:
I don't immediately install the latest updates on my million dollar servers at work.
Patches can and often do break applications and/or disrupt the proper operation of hardware.

Just recently I patched openssh for a security vulnerability, then couldn't login because the patch changed to encryption and the app used to login couldn't use it. The app which is 3rd party, also needed an update.

My WAS servers need to be parched, but I know the patches will break some of the apps on the server, so I can't just patch them without thorough testing of the apps using WAS.

My point is, just because a patch exist doesn't mean immediately roll it out. It needs thorough testing.
Click to expand...
Exactly.

There was recently a notifications issue on some devices when a patch came out a few months ago.

Honestly if having a device that gets Security Updates immediately is the only thing that matters, you are best off getting a Pixel.
 
I put phone updates and security updates on a different level to server/enterprise updates for many reasons but there are more complexities and moving parts to enterprise updates over many more years. I don't think you can really compare them the same way.

Tha's why, like you, and from experience I am not quick to push updates on an Enterprise level but there is a value of having such support and updates available.

But anyways even though I mentioned having the latest updates as they come out, my point was also about getting the proper support through the life of the product or at least the warranty.

pool_shark said:
I don't immediately install the latest updates on my million dollar servers at work.
Patches can and often do break applications and/or disrupt the proper operation of hardware.
Click to expand...
 
pool_shark said:
I don't immediately install the latest updates on my million dollar servers at work.
Patches can and often do break applications and/or disrupt the proper operation of hardware.

Just recently I patched openssh for a security vulnerability, then couldn't login because the patch changed to encryption and the app used to login couldn't use it. The app which is 3rd party, also needed an update.

My WAS servers need to be parched, but I know the patches will break some of the apps on the server, so I can't just patch them without thorough testing of the apps using WAS.

My point is, just because a patch exist doesn't mean immediately roll it out. It needs thorough testing.
Click to expand...
That is exactly how Experian got hacked. Delaying security patches.
 
badcat said:
That is exactly how Experian got hacked. Delaying security patches.
Click to expand...

No. Experian got hacked because someone didn't install it, not because they took extra time to make sure it didn't break something.
 
donm527 said:
I put phone updates and security updates on a different level to server/enterprise updates for many reasons but there are more complexities and moving parts to enterprise updates over many more years. I don't think you can really compare them the same way.

Tha's why, like you, and from experience I am not quick to push updates on an Enterprise level but there is a value of having such support and updates available.

But anyways even though I mentioned having the latest updates as they come out, my point was also about getting the proper support through the life of the product or at least the warranty.
Click to expand...

Sure, but it shows price doesn't dictate updates. It also shows how much testing needs to go on just for the few to hundreds of users on a particular server, within the same organization.

With the mobile devices, you have multiple carriers, each having made different changes, adding/removing apps, changing/removing settings, the patches require extensive testing before pushing out to millions of devices, with any number of differences.
 
badcat said:
That is exactly how Experian got hacked. Delaying security patches.
Click to expand...

No, equifax was told about holes in their security and chose not to act on it. Not to mention, equifax has out facing servers in a DMZ or TZ.
Outward facing servers should be handled a bit differently, but still requires testing before implementing.
For all we know a particular patch could have made them even more vulnerable.

I have been patching servers like crazy, but I can't patch everything because the apps need to work with the patches, which means the developers have to fix their code.

No one in their right mind will simply patch prod, especially if they know their apps will break. Doing so takes your servers offline for an undetermined amount of time. On test or development servers that may be ok, but not on prod.
 
Last edited:
Didn't Samsung incorporate some of the the security patches from September into the August one (ie. Bluebourne)?
 
badcat said:
Doesn't extra time equal a delay?
Click to expand...

What you said concerning Equifax was factually incorrect. They did not delay anything. Someone just didn't install it. The two situations are not at all the same.

This also doesn't change the fact that it is just as irresponsible to NOT install a security patch as it is to install one that hasn't been thoroughly tested and could cause more harm than good.
 
Mine says 'Security Enhancements for Android Status" Fri Sep 15. I did see that update come through.
 
Samsung (and also some US carriers) has a long and sordid history of glacier slow updates. It’s just the way it is.
 
JHBThree said:
What you said concerning Equifax was factually incorrect. They did not delay anything. Someone just didn't install it. The two situations are not at all the same.

This also doesn't change the fact that it is just as irresponsible to NOT install a security patch as it is to install one that hasn't been thoroughly tested and could cause more harm than good.
Click to expand...

I agree with most of your points. I believe this has run its course.
 
S8 on T-Mobile here still waiting on update, stuck on August security. :(
 
FWIW, the update that was released on T-Mobile Note 8 devices on launch date / August 15th, left the security patch level at August, as one would expect, but did address Blueborne (install the Armis app, and you'll see it says the phone is no longer vulnerable, while doing the same on my daughters Axon ZTE with August updates says that device is vulnerable. I think Blueborne has brought us into a dangerous and unprecedented era. I was ok with delays in security updates because I'm extremely careful with what I click on, and even receiving MMS messages.

But Blueborne, if the vulnerability is used, will allow hackers close to you physically, to hack in without any action on your part other than having BT turned on. In this day and age, Samsung and Google need to figure out a solution for these urgently, and not over many different releases.

Also FWIW, my wife's S8 from T-Mobile was stuck on July update until mid-September at which point the August update with the Blueborne fix was pushed out. And last year, I had unlocked S7 Edge and a T-Mo branded one at different times. The T-Mo ones updated more frequently. I have no idea why.
 
zipro said:
My Note 8 is still on the August 1 patch level - has anyone gotten any later security updates?

If Samsung thinks they can sell this thing at 1000$ and then not issue at least basic Android security patches, they're wrong.
Click to expand...

LOL, not for nothing, but since YOU bought one, and I bought one, and a whooole bunch of other people did as well, I'm betting they don't think they're wrong.
 
dlgus said:
LOL, not for nothing, but since YOU bought one, and I bought one, and a whooole bunch of other people did as well, I'm betting they don't think they're wrong.
Click to expand...

Especially given that consumers can easily search for evidence on Samsung's update track record.

Caveat Emptor.
 
zipro said:
My Note 8 is still on the August 1 patch level - has anyone gotten any later security updates?

If Samsung thinks they can sell this thing at 1000$ and then not issue at least basic Android security patches, they're wrong.
Click to expand...

The only way to ensure updates for any phone is to have one directly from Google. Other manufacturers seem to be good for the first few months then just drop off completely.
 
You must log in or register to reply here.

Similar threads

gray2018
Last security update
Replies
7
Views
2K
Samsung Galaxy Note 20 & Note 20 Ultra
gray2018
gray2018
SennaSempre
New Android User Trying To Stop Auto Updates
Replies
23
Views
3K
General Help and How To
Drongo
D
C
Security updates
Replies
1
Views
1K
Android Pie
B. Diddy
B. Diddy
D
Best Samsung Travel Phone, leave S25 Ultra home, use another phone when traveling...
Replies
5
Views
2K
Samsung Galaxy S25 Series
winmod21
winmod21
J
Question Need help, not receiving software updates in new s24 plus phone
Replies
158
Views
29K
Samsung Galaxy S24 Series
mustang7757
mustang7757

Latest posts

Trending Posts

Members online

Total: 1,541 (members: 9, guests: 1,532)

Forum statistics

Threads
956,861
Messages
6,970,377
Members
3,163,644
Latest member
RichardDixon

Share this page

COMPANY
RESOURCES
FOLLOW
Top Bottom