On Monday afternoon, Google posted the monthly Nexus Security Bulletin that says what the company is doing to protect Android devices worldwide.
Here’s what was fixed this month:
- Exploitation for many issues on Android is made more difficult by enhancements in newer versions of the Android platform. We encourage all users to update to the latest version of Android where possible.
- The Android Security team is actively monitoring for abuse with Verify Apps and SafetyNet, which will warn the user about detected potentially harmful applications about to be installed. Device rooting tools are prohibited within Google Play. To protect users who install applications from outside of Google Play, Verify Apps is enabled by default and will warn users about known rooting applications. Verify Apps attempts to identify and block installation of known malicious applications that exploit a privilege escalation vulnerability. If such an application has already been installed, Verify Apps will notify the user and attempt to remove any such applications.
- As appropriate, Google Hangouts and Messenger applications do not automatically pass media to processes such as mediaserver.
When you check your version of Android after the update, it’ll still read as usual. The difference, however, will be that the Android security patch level will read “April 2, 2016.”
The following Nexus devices are getting the April security update right now:
- Nexus 5 (MMB29X)
- Nexus 5X (MHC19Q)
- Nexus 6 (MMB29X)
- Nexus 6P (MHC19Q)
- Nexus 7 2013 WiFi (MOB30D)
- Nexus 7 2013 LTE (MMB29X)
- Nexus 9 WiFi (MOB30D)
- Nexus 9 LTE (MMB29X)
- Nexus 10 (LMY49J)
- Nexus Player (MOB30D)
Factory images can be downloaded from Google right here, and you can get instructions for installing them by reading this guide put together by our very own Brad Ward. If you’re patient, Google will have the aforementioned devices fully secured in the coming days and weeks through an over-the-air update. It should also appear for anyone using Android N after manually installing factory images or enrolling in the Android Beta Program.
Two devices not belonging to the Nexus line are already covered by the latest security update — the Samsung Galaxy S7 and Galaxy S7 Edge from T-Mobile, which received a software update even before April’s Nexus Security Bulletin went live, and the BlackBerry Priv.
Source: Android Open Source Project