Google had back in August promised to provide monthly security patches for Android devices, following an ecosystem-wide vulnerability called Stagefright. Samsung and other OEMs had joined it to declare they will provide the same monthly security updates for their own devices. Samsung has this week started rolling out the December security update to its Galaxy S6 and the Galaxy S6 Edge+ smartphones.
The OTA security update for the two handsets is said to be rolling out for devices in India and the Nordic countries for now. Weighing about 100MB for the Galaxy S6 and around 70MB for the Galaxy S6 Edge+, the notification details that the update improves the security and stability of voice calls for the duo, reported users (via Sammobile). Samsung has also made it clear that downgrading after the installation of this update will not be possible. The company has also detailed its December security update on its dedicated website.
As we mentioned earlier, Samsung's announcement to bring monthly updates to its smartphones was followed by other manufacturers, such as LG and Motorola. Detailing its own plans, Google had said that it will offer major updates to its Nexus devices for two years, and security patches for three years from initial availability, or "18 months from last sale of the device via the Google Store." The company also releases the patch in the Android Open Source Project (AOSP) to help manufacturers and other developers integrate the changes to the code.
(Also see: Google's Android Stagefright Security Patch Is Flawed, Says Researcher)
To recall, cyber-security firm Zimperium had in July reported of a flaw in the world's most popular smartphone operating system that let hackers take control of Android smartphones with an MMS message. According to the report, attackers could remotely execute code via a specially crafted media file delivered via an MMS message to the customer's Android handset. The bug can affect the device even if the message has not been opened. The malicious codes would let them take control of the device without the owner's knowledge. The vulnerability was related to the Android mediaserver, and several related services were also affected and could be exploited. The vulnerabilities later expanded to being called Stagefright 2.0, and affected almost every Android device till date, requiring further patches.
On a related note, Samsung last week announced a beta testing programme where registered users can install upcoming firmware updates to provide feedback to the company before it rolls out the final versions globally. Called the Galaxy Beta Program, the first beta test is for the Android 6.0 Marshmallow update for the Galaxy S6 and Galaxy S6 Edge smartphones in South Korea and the UK.