account arrowhead-down arrowhead-up mobile-menu search sm-bold-x x-skinny-rounded x-skinny arrowhead-right social-facebook social-googleplus social-instagram social-linkedin social-pinterest social-qzone social-renren social-tencent social-twitter social-vkontakt social-weibo social-youku social-youtube

Please help us improve our website

Take our customer survey to evaluate your visit.

It should only take a few minutes to answer five quick questions. Just click the Launch survey button at the end of your visit to begin.

cancel
Showing results for 
Search instead for 
Did you mean: 
Tips & Tricks

If you want to get the max out of your Xperia phone then check out Xperia tips page.

Does Sony really care about customer security after two years?

Rookie
Message 1 of 15
2,006 Views
Message 1 of 15

Does Sony really care about customer security after two years?

I have a Z1, that is uptodate (all system patche from sony applied, systeme said to be up-to-date when manually checked) and still is is vulenrable to:


The vulnerability quadrooter from checkpoint still mention the phone is affected by following CVE:
CVE-2016-2059
CVE-2016-2504

Beside this one the bluetooth bug called  blueBorne is probably there as it needs a linux kernel fixes that has been issued in 2017

 

BlueBorne Vulnerability Scanner by Armis says the phone is vulnerable
 
 
 

Then of course for WiFi : you have Krack weher all wpa cleint should patches their wpa_supplicant code that is used by android.


So far no word for a fix comming from sony.

 

14 REPLIES 14
Emperor
Message 2 of 15
1,993 Views
Message 2 of 15

Re: Does Sony really care about customer security after two years?

@EricV1

 

The phone has reached its EOL, there won't be any further updates, that's probably why. 




"I'd rather be hated for who I am, than loved for who I am not." Kurt Cobain (1967-1994)

Highlighted
Rookie
Message 3 of 15
1,988 Views
Message 3 of 15

Re: Does Sony really care about customer security after two years?

This is a miserable anwser : when I pay a phone the price of a PC, I can expect more than 18 months services.

 

With aPC, I get neraly 10 years windows support and they are not more expensive and even more complex. So Sony is making a very poor jobs for the money they got for such an expensive phone. Atelephone is like a PC and service duration has no reason to be different. Sony shoud shift its way of envisonning phone support. There are phone with less memory that run android 6, why do they refuse to support it on this phone? Money money money.

 

Last time I buy a Sony phone and will probably advertise this in customer reviews for Sony phones in several places. As money is the only driver, they will be hit were it hurts after a while.

Emperor
Message 4 of 15
1,980 Views
Message 4 of 15

Re: Does Sony really care about customer security after two years?

@EricV1

 

The Xperia Z1 was released 4 years ago (September 2013), it makes sense that it has reached its EOL, it doesn't matter if you bougth the phone yesterday, the phone was released 4 years ago. Just like if you buy a brand new computer running XP today, it won't change the fact that Microsoft won't release any further patches for XP. 

 

But please do check other brand forums and do some google here and there to see how long other brands support their devices, it seems to be about 2 years. 

 

Xperia Z1 was released with Android 4.2 Jelly Bean 

 

Android 4.2 Jelly Bean > 4.3 Jelly Bean > 4.4 KitKat June 2014 > 5.0.2 Lollipop 2015 > September 2015 5.1.1 

 

As you can see it received updates for 2 years, and 2 major Android updates. 




"I'd rather be hated for who I am, than loved for who I am not." Kurt Cobain (1967-1994)

Rookie
Message 5 of 15
1,969 Views
Message 5 of 15

Re: Does Sony really care about customer security after two years?

 


The Xperia Z1 was released 4 years ago (September 2013), it makes sense that it has reached its EOL, it doesn't matter if you bougth the phone yesterday, the phone was released 4 years ago. Just like if you buy a brand new computer running XP today, it won't change the fact that Microsoft won't release any further patches for XP.

 

That maazing how people don't get it : a phone is not just another consummer device. It replace a PC, contains a lot of credentials. You can pay with it, there are more and more banking applications and could at the replace credit cards. If I buy a PC with XP (I do not know how it was 4 years ago but 7 was already there), I can get windows 7 or 10 if I pay.  Here, allthough the phone is capable of running android 6, it is not suported. I have to root my device to put the fixes in.

 

So it is clear, Sony does care about security at all. I do not say it is not true for many other brands, but I have a Z1 that costed me around 600€ and it is now full of well known security bugs. My wife has a OnePlus and they are much more reactive...

 

I hope consummer will realize a phone must have security fixes as a PC has.

 

Message 6 of 15
1,957 Views
Message 6 of 15

Re: Does Sony really care about customer security after two years?

@EricV1 the thing is, smartphone parts manufacturers (for example Qualcomm, SoC provider) don't support their products for as long as, say Intel supports their desktop CPUs. without appropriate drivers it's impossible to continue releasing new updates for the phones.

Emperor
Message 7 of 15
1,949 Views
Message 7 of 15

Re: Does Sony really care about customer security after two years?

@EricV1

 

Interesting approach, your first reply was: 


@EricV1 wrote:

 


This is a miserable anwser : when I pay a phone the price of a PC, I can expect more than 18 months services.

 


Which I pointed out that the phone was supported for about 24 months 

 

Xperia Z1 was released with Android 4.2 Jelly Bean September 2013

 

Android 4.2 Jelly Bean > 4.3 Jelly Bean > 4.4 KitKat June 2014 > 5.0.2 Lollipop 2015 > September 2015 5.1.1  As you can see it received updates for 2 years (24 months), and 2 major Android updates. 

 

 

 

Snapdragon 800 won't update to 7.0 at least Qualcomm won't support it nor Google allow it 

 

Devics with Snapdragon 800

 

LG G Pro 2 Released April 2014 4.4.2 last update 5.0.1

*Google Nexus November 2013 Adroid last update 6.0

Samsung Galaxy Note 3 September 2013 Android 4.3 last update 4.4.2

ZTE Grand S Pro June 2014 Android 4.3 last update 4.3

LG G Flex Februrary 2015 Android 5.0 last update 6.0

Acer Liquid S2 August 2013 Android 4.2.2 Last update 4.2.2

 

Flagships 2013

HTC One February 2013 Android 4.1.2 last update 5.0 (Snapdragon 600)

Samsung Galaxy S4 March 2013 Android 4.2.2 last update 4.4.2 (Snapdragon 600)

Sony Xperia Z Ultra June 2013 Android 4.2 lasy Xperia Z1  update 5.1 (Snapdragon 800)

Motorola Moto X August 2013 Android 4.2.2 last update 5.1 (Snapdragon S4 Pro)

Sony Xperia Z1 September 2013 Android 4.2 lat update 5.1 (Snapdragon 800)

 

*It makes sense that a nexus device gets more support than other brand

 

If you go back to the example of computers, you have to remember that you are using a computer that was made to run XP not vista, not 7 not 8 nor 10, so we are referring to a phone that was made to run Android 4.2 and then was updated to a newer Android Flavor Android 4.3 and then to a new flavor Android 5.0/5.1 Lollipop, and it was supported for 2 years/24 months

 


@EricV1 wrote:

 

This is a miserable anwser : when I pay a phone the price of a PC, I can expect more than 18 months services.


There are computers running Windows XP and even there are new security patches needed, it won't happen, that platform its dead. 

 


@EricV1 wrote:

 


... I do not know how it was 4 years ago but 7 was already there...

 


Perhaps we should leave the computer comparison aside and concentrate to Android

 

 

I understand that you are concern that your Xperia Z1 won't receive any more security patches, but there won't be any more updates on old devices that have reached EOL, that's how it is with any other brand, you can go to a different forum and check if there will be new updates on EOL devices, just be objective.

 

With all that said, there's a way around it, the phone has reached EOL, BUT, you could look into a custom ROM, check the XDA forum. 




"I'd rather be hated for who I am, than loved for who I am not." Kurt Cobain (1967-1994)

Rookie
Message 8 of 15
1,937 Views
Message 8 of 15

Re: Does Sony really care about customer security after two years?


@najodleglejszy wrote:

@EricV1 the thing is, smartphone parts manufacturers (for example Qualcomm, SoC provider) don't support their products for as long as, say Intel supports their desktop CPUs. without appropriate drivers it's impossible to continue releasing new updates for the phones.


Well, well I suspect qualcomm does support its chips for five years, so not sufficient to explain this plus, the BleuBorne fix is in the protoccol part of the bluetooth stack not tied to any chipsets and the fix for WiFI is in wpasupplicant that is also not directly tied to any supplier. For quadrooter fix, I can check as I append to meet qualcomm several for several other matters.

Rookie
Message 9 of 15
1,936 Views
Message 9 of 15

Re: Does Sony really care about customer security after two years?


@uliwooly wrote:

@EricV1


*It makes sense that a nexus device gets more support than other brand

 

But this makes the answer regarding SOC support invalid

 I do not ask for a new android version, I ask for fixes that do not require to deploy a new android version. And the fact that some other brand do the same bad job as sony does is NOT an answer.

 

Again blueborne needs a patch in the bluetooth stack and the Krack WiFi bug just need patches to wpasupplicants. If you do deliver open source correctly for kernel and GPL stuff, I could probably do the patches myself... So it means Sony is just lasy.

 

Emperor
Message 10 of 15
1,932 Views
Message 10 of 15

Re: Does Sony really care about customer security after two years?

@EricV1

 

You are in luck, you can get in contact with Sony Android Devs Slightly smiling Face 

 

https://talk.sonymobile.com/t5/Developer-World/ct-p/DeveloperWorld

 

Just wondering, which devices that were released in 2013 will get this security updates? And which devices with Snapdragon 800 will get those security patches? 

 

I'm not trying to argue with you, I genuinely want to know which other devices




"I'd rather be hated for who I am, than loved for who I am not." Kurt Cobain (1967-1994)