LG joins Samsung and Google by promising monthly security updates

Just like Samsung and Google, LG also plans to roll out security updates once a month directly to smartphones, in order to help prevent exploits like Stagefright from occurring again. LG confirmed said plans with Wired in an email:

"LG will be providing security updates on a monthly basis which carriers will then be able to make available to customers immediately. We believe these important steps will demonstrate to LG customers that security is our highest priority."

Manufacturers are looking at ways to deploy a process by which updates can be rolled out promptly to consumers without delay. Only time will tell just how reliable said processes will prove for consumers who may be at risk.

Source: Wired

Rich Edmonds
  • So where's my stagefright fix for my G4? Posted via the Android Central App
  • Right on cue. Got an update for my unlocked G4 H815. Maybe it might not be the Stagefright update but it should be coming. Now, waiting for the rest (especially OnePlus)
  • While the older phone like lg g2, samsung galaxy s3/4 and budget devices won't get updated? Posted via Android Central App on 1+1
  • Nice to hear some manufacturers are directly taking this on. After seeing Sprint and AT&T are going to address the issue, I called Verizon to see if they have a patch in the works...you can guess what their response was...crickets chirping :-(.
  • Lol, but vzw has to wait for LG most likely. Being that AT&T and Sprint haven't done anything for LG devices yet, unless I missed that.
  • AC had a story on August 5th...probably the carriers announcing a patch was "in the works", but Verizon was conspicuously not mentioned....all Samsung devices updates though, no mention of LG
  • Lol, crickets.
  • I'm sure Verizon is trying to figure out how to add some non removable apps.
    My Note 3 with Tmobile has had 2 security updates since the stagefright exploit was announced. No idea if it's related. Posted via the Android Central App
  • Yeah, right?
  • Man me being on Verizon means I stil won't see any update for this till October lmao.... Posted via the Android Central App
  • That might be overly optimistic.
  • With Vzw prices you'd think these suckers would be the first out of thevgateceit updates. Posted via the Android Central App
  • LG and Samsung and Google may release monthly security updates but how long will the carriers take to push to devices? Answer: forever and will cripple the updates to force ppl into early upgrades Posted via the Android Central App
  • Hi hope Motorola does the same.... Posted via the Android Central App
  • I wonder what device's will be supported in these monthly updates....? Posted via the Android Central App
  • Cam anybody explain what is straigfight ? Posted via the Android Central App
  • Here you go: http://lmgtfy.com/?q=Stagefright+exploit Posted via the Android Central App
  • When some is frighten when are on stage. Simple :) Posted via the Android Central App on my Nexus 5 or Nexus 7 2013
  • Stagefright is the core Android library responsible for media playback.  It's also what indexes the photos and videos on your device and creates thumbnails so that the gallery can display them quickly.  The exploit involved making Stagefright execute code when it scanned a video sent via text message, trying to generate a thumbnail to show in your SMS app.
  • Which LG phone will get these promised upcoming updates? Posted via VZW LG G2
  • It's things like this that make me consider going to the other side. Posted via the Android Central App
  • Or you could just run something like CyanogenMod which has been patched for nearly two weeks now.
  • Please do!
  • Not sure why you got downvoted. The OEMs and Google should have been focusing on ways to make security updates fast and easy all along. They don't deserve slack just because their our favorite devices.
  • Or just turn off auto-retrieve MMS messages until you get the update.  Problem solved.  Every OS has issues.  There was an iOS vulnerability announced at BlackHat that caused legitimate apps on an iOS device to be replaced by a modified (ie: malware-ridden) version of the app, just by clicking a link in an email or on a web page.  Switching doesn't mean you don't have to be aware of what's going on.
  • Now that we got root for the G4 and disabled OTA's to keep it... Posted via the Android Central App
  • Hopefully my Unlocked LG g2 will also be included in these monthly updates Posted via the Android Central App. On my Nexus device or my LG G2 unlocked version
  • Bad news for root users I'm guessing. Every updates probably require for unrooting the device then root again "monthly." not to mention chances of root access might get blocked each month. Posted via the Android Central App
  • Eh... or you just don't update every single month :)
  • So monthly factory resets? Great.
  • Well LG does include a pretty decent backup tool.
    This is welcome news whether you give a fk or not.
  • Will the G3 updates still be months behind? Posted via the Android Central App
  • Given the speed that carriers get updates from manufacturers, test them, add their stupid custom things, test them, and make them available OTA, we can expect to see the July security fixes somewhere around February of 2016. Posted via Android Central App
  • Should be better when they're just putting out minor bug fixes, not going to a whole new version of Android.
  • OK a bit confused here. I always hear and read about the fact that the Android OS is secure by design not needing anti-virus programs and the like. If this is true why do we need "monthly" updates? I can't help but feel this has more going in than just security updates. Anyone else believe as I do that these updates are also about regularly killing root access? I can see the devs working around these updates to keep root in a new model phone. However that's going to require a lot of work for the devs. I really don't think they will want to do this for older phones like my G2 or the S3 that I gave to my daughter to use. Might be time to disable OTA updates. From my lollipopped rooted LG G2
  • Just like any other modern OS there are always a need to patch security holes, MAC OS X, Windows, Unix, iOS, Android, Windows Phone etc. Everyone needs it and not everyone gets it due to the carriers holding things up.
  • Oh please. Stahp! There's no conspiracy. Android IS pretty secure, but nothing is fool (or hacker) proof.
  • Really, even the stagefright issue is *way* blown out of proportion.  It's basically a buffer-overrun issue, but every Android device running 4.3 and up is protected from this by using memory address randomization.  To exploit this kind of vulnerability, a hacker would "push" to much data into a buffer, cause that buffer's contents to spill into other parts of memory, potentially spilling into memory space where they could then execute code without the confines of the current app's sandbox.  Memory address randomization means that, even if a hacker did this, it would be *very* difficult to "find" that spilled code and execute it.  That's an over-simplified explanation, but hopefully that gives you some idea.  Even still, just turn off the "Auto-Retrieve MMS" setting in your SMS app (and hangouts, if you have it installed) and you'll be fine.
  • The issue is and will always be the carrier, they block, delay and ultimately prevent any critical updates. Where are the legislators and the FCC requiring critical security updates be issued immediately for at least 2 years for device sale date, which is a typical smartphone life cycle. No where!. The high profile nature of hacks, breaches and data theft is so high yet they are asleep at the helm as usual. Instead our Gov't focuses on repealing the Affordable Care Act instead of doing the real work.
  • The question is when LG will push the updates,coming from Blackberry 10 I am concerned over the slowness of pushing a critical patch such as this Oh the person with link in his comment cute you must bored Posted via the Android Central App
  • With these recent developments, it'd be nice to have an annual OEM/carrier report card feature relating to Android OS updates.
  • Nobody got time for that.. Lol Posted via the Android Central App
  • That's not a bad idea.  Maybe I'll work on putting together a website....
  • Not sure that I trust LG's updates. The last one just tried to sneak McAfee in. They tried to defend it when I called them out, saying Google required it as some anti theft thing. When I asked why they didn't use Android Device Manager, there wasn't a response.
  • LG is the king of abandoning devices, but I think it great that they are showing some commitment. Posted via the Android Central App
  • Samsung didn't patch my Galaxy Note 3 from Stagefright.