account arrowhead-down arrowhead-up mobile-menu search sm-bold-x x-skinny-rounded x-skinny arrowhead-right social-facebook social-googleplus social-instagram social-linkedin social-pinterest social-qzone social-renren social-tencent social-twitter social-vkontakt social-weibo social-youku social-youtube

Please help us improve our website

Take our customer survey to evaluate your visit.

It should only take a few minutes to answer five quick questions. Just click the Launch survey button at the end of your visit to begin.

cancel
Showing results for 
Search instead for 
Did you mean: 
Tips & Tricks

Want to know more about Xperia 5? To read more about it go here.
If you can't find the answer to your question there please post it here and let the community help you.

Security patches. How? When? How often?

Regular
Message 101 of 203
1,751 Views
Message 101 of 203

Re: Security update?

Surely there is something that Sony can do to make just security patches available?  I'm not asking about my Z2 moving from Android 6 to 7.  I just want the vulnerabilities fixed - and Google do send their partners updates:

 

"The Android security team currently provides patches for Android versions 4.4 (KitKat) and above. This list of backport-supported versions changes with each new Android release."

 

Sony's stance on the patches is very poor.

 

If you want to get long term updates on Android, looks like the only way is to get a Nexus or Pixel.

Apprentice
Message 102 of 203
1,750 Views
Message 102 of 203

Re: Security update?

Not all the manufacturers are careless as Sony: Google is going to patch the Nexus 5x, launched in 2015, Apple will patch the iPhone 6, launched in 2014.

Why it's a stupid idea to choose a smartphone based on the security updates?

Unregistered user
Not applicable
Message 103 of 203
1,569 Views
Message 103 of 203

Re: Security update?


@dead3 wrote:

Not all the manufacturers are careless as Sony: Google is going to patch the Nexus 5x, launched in 2015, Apple will patch the iPhone 6, launched in 2014.

Why it's a stupid idea to choose a smartphone based on the security updates?


You compared manufactor which created android and manufactor with different operating system which have total probally less model as Sony, it's not good compare, is not the same situtanion Slightly smiling Face 

Highlighted
Regular
Message 104 of 203
1,553 Views
Message 104 of 203

Re: Security update?

Android partners have the same level of source code access to the patches as the creator of the OS, and for platform fixes you can go and get the latest source code snapshots. Not providing timely updates due to a high number of devices in flight is not a good excuse either, since having multiple form-factors is kind of the motto of Android, "Be together, not the same".

 

So if a device does not go in patched for a long time, it sends a message to the customers that subsequent devices will have the same fate.

 

I wish for more transparency from the company, but corporate wall may not make it easy, especially for a company as large as Sony.

 

Message 105 of 203
1,524 Views
Message 105 of 203

Re: Security update?

I've actually been in touch with Sony support several times asking that they release security patches for my phone (Z3 on Android 6.0.1) and each time they just dance around the issue and make excuses to basically say "no patches". I've finally got the message that Sony pretty much EOL's a new phone 6 months to a year after it's released and will not create any security patches, so my beautiful Z3 (bought in Dec. 2015) will be my last Sony phone. In the next few months I will shopping for a new phone and the main requirement will be to select a vendor that has a very good track record for security patching. 

Regular
Message 106 of 203
1,501 Views
Message 106 of 203

Re: Security update?

I think this information should be made more public so that consumers know the level of future security patching at the point of their purchase.  

 

In my mind it is unacceptable to provide a product that is only patched for 12-18 months.  Google provide the information to enable the patches to be deployed by phone makers.  It appears that they put their resources into selling new product, leaving the old products vulnerable to security threats.

 

It would be nice if someone from Sony could comment on this.

 

Message 107 of 203
1,487 Views
Message 107 of 203

Re: Security update?

Yes, and to help other readers and googlers realize how short lived the support can be on Sony phones I'll even list some dates from my own experience:

 

- Sony Xperia Z3 released Sept.1, 2014

- I bought my Xperia Z3 in November 2015

- Last security update to Sony Xperia Z3 May 1, 2016 (Android 6.0.1) ......

 

So in Sony's view the phone basically has a 1 year and 8 months lifespan if you happen to buy it the very month the phone is released...

 

In my case the phone had a 7 month lifespan (measured by when Sony turns their back on the device completely). Unacceptable. If I had know that I sure would not have bought the Sony phone in Nov.2015.

 

I propose a way for Sony to save face in all of this. Offer a subscription plan of $100 a year, available only for the 3 years after the release date of the phone. That subscription plan should offer downloads of all security updates for the version of Android installed on the phone. This way someone could buy a Sony phone at any point in the 3 year window, pay the $100/year and get updates. Call me Sony, I have lots of good ideas Grinning Face with smiling Eyes

 

 

Emperor
Message 108 of 203
1,480 Views
Message 108 of 203

Re: Security update?

@secure_phones

 

Xperia Z3 Released September 2014 with Android 4.4.4 Kitkat > March 2015 Lollipop > April 2016 Lollipop  > last update was released around August 2016 > reached EOL

 

That's about 2 years of updates 

 

Developer previews for Android 7.0 Nougat were released but Google & Qualcomm halted this 

 

Another example that I was trying to point out to another user and I made a mistake as Xperia Z1 didn't reached EOL september 2015 but December 2015.

 

Xperia Z1

 

Xperia Z1 was released with Android 4.2 Jelly Bean September 2013 (4 years ago) 

 

Android 4.2 Jelly Bean > 4.3 Jelly Bean > 4.4 KitKat June 2014 > 5.0.2 Lollipop 2015 > September 2015 5.1.1 > last update December 2015 > reached EOL 

 

27 months 

 

Just like I've asked the other user, which other brand and specific models with the same Snapdragon received more updates than the Xperia Z3 (in your case)? 

 

Back to the Z1 example 

 

Devics with Snapdragon 800

 

LG G Pro 2 Released April 2014 4.4.2 last update 5.0.1

*Google Nexus November 2013 Adroid last update 6.0

Samsung Galaxy Note 3 September 2013 Android 4.3 last update 4.4.2

ZTE Grand S Pro June 2014 Android 4.3 last update 4.3

LG G Flex Februrary 2015 Android 5.0 last update 6.0

Acer Liquid S2 August 2013 Android 4.2.2 Last update 4.2.2

 

Flagships 2013

HTC One February 2013 Android 4.1.2 last update 5.0 (Snapdragon 600)

Samsung Galaxy S4 March 2013 Android 4.2.2 last update 4.4.2 (Snapdragon 600)

Sony Xperia Z Ultra June 2013 Android 4.2 lasy Xperia Z1  update 5.1 (Snapdragon 800)

Motorola Moto X August 2013 Android 4.2.2 last update 5.1 (Snapdragon S4 Pro)

Sony Xperia Z1 September 2013 Android 4.2 lat update 5.1 (Snapdragon 800)

 




"I'd rather be hated for who I am, than loved for who I am not." Kurt Cobain (1967-1994)

Pioneer
Message 109 of 203
1,257 Views
Message 109 of 203

Re: Security update?

There are two things that limit update availability: SoC vendor support timeline and OEM vendor resources.

 

Qualcomm, the maker of the System-on-Chip cuts the Linux kernel version, writes drivers for its solutions and then supports it with patches for a limited time. I assume 2-3 years.

Later, Google and AOSP project contributes patches to Android, while Qualcomm provides fixes for their side of the device, and sending these updates to OEMs, such as Sony, who need to incorporate them into their images. That's, basically, a reason why Android phones have a short support lifespan.

 

Now, sadly, OEMs are under no obligation to provide these updates from AOSP and SoC vendors to the end users. Some do for some time, some don't build updates at all, leaving users less protected from intrusion than if they had no phone at all.

 

It's important to educate end users and reviewers about the support status of the phone. Reviewers tend to overlook this while describing design and bezels extensively.

 

One of the things that make updates harder for OEMs is local customizations which then need to be merged with the SoC code and AOSP. Some vendors make changes that are very intrusive, so development and testing time is increased. The security patch so you see on AOSP project don't contain SoC changes, and some vendors decide to forego updates completely if they can't get supported fixes from SoC vendors.

 

For a phone that shipped with KitKat (around 2015) you need to look at when the CPU became first available, add 3 years and that would be the hard stop for updates for a reputable vendor.

 

Project Treble (enforced on phones shipped initially with Oreo) aims to better separate the layers between SoC, OEM and platform code, so that updates to one part don't require that much work in the others. How well it works for Sony? We can only check after XZ1 gets updated to 8.1 or later.

 

Now, for the phones that are not shipping with Oreo things don't change much.


No longer using XZ1C
Inhabitant
Message 110 of 203
1,226 Views
Message 110 of 203

Re: Security update?

all this does not justify that in the same phone model, for example the xperia xz, and referring to devices not linked to operator, or free, some regions are updated relatively soon and others like Spain are months without updating, HAS NO EXPLANATION , BUT IF SOLUTION XIAOMI HAS JUST OPENED A STORE IN SPAIN