Following the discovery of the Stagefright exploit that could affect nearly all Android devices, Google and a number of major OEMs pledged monthly security updates to ensure that users would be quickly protected from any future security issues. Although it has already rolled out some security patches, HTC has refused to commit to guaranteed monthly patches, and it appears that the company doesn’t want to promise something that it can’t deliver.
Answering questions via Twitter, HTC’s America President Jason Mackenzie states that, despite the company’s efforts to push them out, it is unrealistic to say that these type of updates can be guaranteed every month. This is not an unreasonable statement once you take into account the number of handsets that would require an update and the added delay from carrier testing and approval, but the news is not reassuring to those concerned about device security.
— Jason Mackenzie (@JasonMacHTC) October 3, 2015
The revelation comes shortly after a second Stagefright vulnerability was discovered. The latest exploit can affect devices with malicious code just through previewing audio files. A patch for this issue is expected to appear in October’s monthly Android update from Google, but who knows when other OEMs will get around to releasing their fix.
What do you think about the current state of Android security patches?