MediaTek makes chips that power millions of devices. Some you've heard of, like the Amazon Fire HD tablet(s) (opens in new tab), others, like the Alcatel Tetra, you probably haven't. Almost all of them have something in common though: a bug in the CPU firmware that allows a simple script "root" the device itself.
This was first found by developers at XDA Forums, and almost every single 64-bit MediaTek CPU is vulnerable unless it's been patched. And some devices are patched since a recent update but the list isn't very long:
- Samsung has patched its phones
- Vivo has patched its phones
- Huawei and Honor phones with Android 8 or higher have been patched
- Oppo phones with Android 8 or higher have been patched
- Phones running Android 10 are immune
- Amazon Fire HD tablets may be patched if they have a specific firmware version.
That leaves a whole lot of unpatched devices with a critical exploit in the system that should have been wiped out a long time ago, as MediaTek released a firmware patch in May 2019 to developers who use the affected chipsets.
The dirty details of the whole thing are a really interesting read, even if you're not "into" Android security. This was originally discovered by XDA developer diplomatic as an easy way to root the Amazon Fire HD tablets, and things progressed from there. Eventually, Google was forced to get involved and worked with the XDA team to release the details in conjunction with a complete system-wide fix for any phone maker that's included as part of the March 2020 Android Security Bulletin.
Many of us aren't going to be affected because we don't use any MediaTek-powered devices, but worldwide we're talking about millions and millions of phones, tablets, and Android-powered set-top boxes. It's a pretty big deal. That doesn't mean that it's going to get fixed in any sort of timely or meaningful way, though.
For all the work MediaTek, XDA developers, and Google have done to matter the company which made your device has to send out an update. Let's be frank here: looking at the list of affected devices (which you can find at Mishaal Rahman's excellent write-up) it's obvious that many will never see this patch. That means it's up to the owners of these devices to be proactive.
- Only download applications from official app storefronts like Google Play or Amazon's App Store.
- Read reviews of apps before you install them.
- Pay attention to all the permissions an app requests and if anything seems fishy, just say no.
- Remember that the company who made your device left you high and dry when you make your next purchase.
We want everyone's experience to be awesome when they use their phone or tablet. And even though there's a particularly nasty bug in some of them, and it may never be fixed, you still can. Just take a bit of extra time before you install any applications and you can be safe.
Best Amazon tablet
Amazon Fire HD 10
One of the best media consumption devices you can buy under $200.
If you plan on watching a lot of movies on your tablet, the Fire HD 10 is the clear winner. Its display is larger and higher density than the HD 8, it comes with more onboard storage, and the speakers are louder and clearer.
Is their any list to see what Amazon fire hd devices are patched?
I noticed that the fire hd 10 android security patch was from October 5, 2018.when I sent an email about the old patch I was to, by way of a generic email, to contact customer support. I don't expect the devices to be patched.
Thats why for my Tablet i have an Ipad pro
Yeah I'm pretty sure no one asked
I have two Fires, an 8 and a 10. Both of them stopped charging unless the USB cable was held in just the right position. Micro USB is awful, as we all know, but the fact that both of them failed at the same time seems... Suspicious? Perhaps auspicious - I'm already thinking of trading them in, now I have another reason. Does the new HD10 with the USB C port have the same problem? What other tablet can compete? Samsung A10 perhaps?
Get the best of Android Central in in your inbox, every day!
Thank you for signing up to Android Central. You will receive a verification email shortly.
There was a problem. Please refresh the page and try again.