It’s a brand new month, and meaning a brand new safety replace for Android. The November Android safety patch is out, and that is extra noteworthy than most with its repair for the high-profile key reinstallation badault (KRACK). It additionally places some Band-Aids on the newly launched Pixel 2 telephones.
Google truly launched three “November” safety patches final evening. First there’s the traditional “2017-11-01” safety patch, which incorporates all of the month-to-month patches developed on the common schedule. OEMs get these fixes a full month upfront (so early October on this case), and Google lets the bugs sit round for an entire month, permitting OEMs to port the patch to their telephones. A month later, Google discloses the bugs and (theoretically) does a simultaneous launch with the Android OEMs and carriers.
Anything increased than the “20xx-xx-01” launch exists as a result of Google wanted to focus on a very nasty bug in the midst of the month and quick observe it by means of the discharge system. In this case, now we have the “2017-11-05” and “2017-11-06” releases. While the 11/5 patch was principally about fixing a important Qualcomm bug, it is the 11/6 patch that can get probably the most consideration, because it patches the KRACK Wi-Fi vulnerability.
In mid-October, a weak point within the WPA2 Protocol was discovered, which handles safety for many Wi-Fi networks. Researchers discovered key reinstallation badault (KRACK) might disrupt the preliminary encryption handshake that takes place between an entry level and a tool, permitting an attacker to learn data that was badumed to be encrypted. Any gadget that makes use of Wi-Fi is probably weak, however Linux and Android 6.zero+ units are notably weak, since they are often tricked into putting in an all-zero encryption key.
In response Google patched a slew of bugs badociated to KRACK below the “2017-11-06” label. The variations patched cowl Android eight.zero Oreo all the way in which again to Android 5.zero.2 Lollipop, which Google nonetheless helps below the three-year safety patch window. I am unsure any OEM on the market will truly patch an Android 5.zero gadget, nevertheless it’s good that Google cares.
The later November patches have not been given to OEMs as early because the 11/01 patch, so do not be stunned in case your OEM does not have a patch out but. In this case, Google says, “Android companions have been notified of all points within the 2017-11-01 and 2017-11-05 patch ranges at the least a month earlier than publication,” (emphasis ours) whereas particulars concerning the 11/6 patch solely went out “within the last month.” Google is disclosing the bugs now, though the Android Open Source Project (AOSP) repository can have the code within the subsequent 48 hours, and Google’s Pixel and Nexus units have completed 11/6 patches rolling out now.
All of those patch dates correspond to the “Android Security Patch Level” on a tool’s “about” display screen. Just as a result of you have got a “November” safety patch does not imply you have got all of the November safety patches. The magic string to search for this month is “2017-11-06,” which implies you have got the KRACK repair and in addition all of the patches that got here earlier than it.
Addressing Pixel 2 person complaints
It additionally looks like Google is increasing the month-to-month safety replace program for the Pixel telephones to formally embody non-security fixes. A brand new part on the “Pixel/Nexus Bulletins” web page is named “Functional updates” and lists a bunch of bug fixes along with the slew of safety fixes. There are 12 non-security bugs which were formally squashed this month, principally having to do with Bluetooth.
The November patch additionally consists of many of the Pixel 2 and Pixel 2 XL fixes Google introduced two weeks in the past. The Pixel 2 XL (however not the Pixel 2) is likely one of the first telephones in current reminiscence to launch with an LG-made OLED show, and the outcomes weren’t nice. The show had a slew of points and has been extensively criticized on-line. In response to person complaints, Google promised a variety of adjustments.
To handle complaints of burn in, Google mentioned it could decrease the utmost brightness by a “virtually imperceptible 50 cd/m2 (nits),” which it mentioned would cut back load on the display screen. It modified the largest burn-in wrongdoer, the always-on navigation bar, to dim when it wasn’t getting used and make it swap from black to white in sure apps. The November safety patch lowers the max brightness and features a dimming navigation bar, nevertheless it does not swap to white but. To see what the white navigation bar appears like, you may take a look at the Android eight.1 Developer Preview.
Another criticism was a declare that the colours of the show have been “dull.” This is usually a realized choice due to Samsung and different OEMs transport oversaturated shows for years, whereas the Pixel 2 adheres nearer to the sRGB colour spec. Google considered this earlier than the Pixel 2 launched and included a “vivid color” checkbox within the show settings, however this nonetheless wasn’t sufficient for some customers. So as of the November safety patch, there is a new “colors” part within the show settings with three saturation choices: “Natural,” “Saturated,” and “Boosted.” “Saturated” is the brand new tremendous saturated mode, which ignores sRGB and stretches the colours out to the show’s most, identical to a Samsung telephone.
Some Pixel 2 and a pair of XL homeowners have been additionally experiencing odd clicking noises coming from the speaker throughout a name. Google says that drawback has been fastened within the November patch, too.