What "Android security patch level" is your Android phone currently at?

[arlen holder]

What "Android security patch level" is your Android phone currently at?

In another thread, while both Android & Google have fewer than 50 security
vulnerabilities fixed in their respective latest security updates, we
easily determined that Apple finds only about 1 out of every 10 security
vulnerability in iOS, while Google appears to "author" over 75% of the
security vulnerabilities found in Android.
o iOS v12.2 is out now!
<https://groups.google.com/forum/#!topic/misc.phone.mobile.iphone/v3y5ih7ReCE>

In checking on those details, I happened to check the version of my Android
7.0 LG Stylo 3 Plus, which is a couple of years old now (does LG even still
make it?), where I was surprised that my version was dated in February.
<https://i.postimg.cc/ryDCCvNx/android01.jpg>
*Android security patch level = February 1, 2019*

I'm curious what others have for their current "security patch level".
I found that screen, for Nougat, Android 7.0, using:
o Settings > General > About phone > Software info

What "Android security patch level" is your Android phone currently at?

[arlen holder]

On Wed, 27 Mar 2019 05:58:39 -0000 (UTC), arlen holder wrote:

> Apple finds only about 1 out of every 10 security
> vulnerability in iOS, while Google appears to "author" over 75% of the
> security vulnerabilities found in Android.

I made a minor error but I wish to be accurate where I said "over" but I
should have said "about" (since it was 72%).

Instead of:

"Apple finds only about 1 out of every 10 security vulnerability in iOS,

while Google appears to "author" _over_ 75% of the security
vulnerabilities found in Android."

It should have been:

"Apple finds only about 1 out of every 10 security vulnerability in iOS,

while Google appears to "author" _about_ 3/4 of the security
vulnerabilities found in Android."

BTW, a just one guy at Google Project Zero found essentially as many
security vulnerabilities in iOS as _all_ of Apple did.

[123456789]

arlen holder wrote:

> What "Android security patch level" is your Android phone
> currently at?

Motorola Droid Turbo 2 Purchased July 2016
Android 7.0
Patch level October 1, 2017

[Libor Striz]

arlen holder <ar...@arlen.com> Wrote in message:

> What "Android security patch level" is your Android phone currently at?

As it very depends on the vendor, model and Android version,
usefulness of such a poll is IMHO rather a moot point.

My Xiaomi MI A2 has Feb 5,
but it is an Android one phone.

Most of phones not directly managed by Google
are rather hostages of their vendors, especially older models.

--
Poutnik ( the Wanderer )



----Android NewsGroup Reader----
http://usenet.sinaapp.com/

[Anssi Saari]

arlen holder <ar...@arlen.com> writes:

> What "Android security patch level" is your Android phone currently at?

2019.1. Not exactly good performance from Oneplus considering it's
getting near end of March now. Last time I got timely security patches
was with the Galaxy Nexus.

[Chris]

Libor Striz <poutnik4R...@gmailCAPITALS.com.INVALID> wrote:
> arlen holder <ar...@arlen.com> Wrote in message:
>> What "Android security patch level" is your Android phone currently at?
>
> As it very depends on the vendor, model and Android version,
> usefulness of such a poll is IMHO rather a moot point.
>
> My Xiaomi MI A2 has Feb 5,
> but it is an Android one phone.
>
> Most of phones not directly managed by Google
> are rather hostages of their vendors, especially older models.

And the network. I gave up on android because my network wasn't passing on
updates that the phone manufacturer had made available. Android is more
like iOS - updates directly from Google - since Oreo I believe so should be
better now.

[Apd]

"arlen holder" wrote:
> What "Android security patch level" is your Android phone currently at?

Samsung J3
Android 5.1.1
Patch level: 1 Jan 2018.

[arlen holder]

On Wed, 27 Mar 2019 06:14:54 -0000 (UTC), arlen holder wrote:

> "Apple finds only about 1 out of every 10 security vulnerability in iOS,

> while Google appears to "author" _about_ 3/4 of the security
> vulnerabilities found in Android."

More details...

I love facts, where digging into this issue of "who finds security bugs" is
telling us a story, in bits and pieces (since I've never looked at this
problem before).

For example, it appears that Qualcomm also finds some of the bugs listed in
that Android release (where there are 8 from Qualcomm).

Also, Google refers the user to the manufacturer sites, such as to Pixel,
Samsung, LGE, etc. for "more details".

The most informative of those sites are the Pixel & Samsung sites:
o Samsung <https://security.samsungmobile.com/securityUpdate.smsb>
o Pixel <https://source.android.com/security/bulletin/pixel/>

Where Samsung, in particular, named the following who, we can presume,
found some of the vulnerabilities.
- Jelmer de Hen: SVE-2018-13452
- Pholwongsa, Voottisak: SVE-2018-13547
- Andr. Ess: SVE-2018-13453, SVE-2018-13563
- Bogdan: SVE-2018-13764, SVE-2018-13765, SVE-2019-13773, SVE-2019-13814, SVE-2019-13815
- Pierre Barre and Chaouki Kasmi from DarkMatter: SVE-2018-13162
- Fluoroacetate working with Zero Day Initiative: SVE-2018-13467

With both Apple & Google fixing over 50 security bugs per security update,
one only can wonder how many the TLA's have found and are keeping secret
for _both_ platforms!

[arlen holder]

On Wed, 27 Mar 2019 08:26:27 +0100 (GMT+01:00), Libor Striz wrote:

> As it very depends on the vendor, model and Android version,
> usefulness of such a poll is IMHO rather a moot point.

Hi Poutnik,

Doesn't _every_ phone have the capability to do a manual security update?
(of course, if an update exists)

I just looked, where mine, for my LG Stylo 3 Plus, can be manually updated
using "Settings > General > About phone > Update center > System update"

Mine says, when I pressed that just now, "Your system is up to date".
o I wonder if those who responded can update theirs?

BTW, one _huge_ (astoundingly huge!) difference between updating Android &
iOS, for those who don't own iOS devices, is that all hell breaks loose
when you update iOS, whereas, nothing happens when you update Android.

That's because an iOS update is more like a Windows change from Windows 7
to Windows 8 than an Android update, which is more like a Linux change from
Ubuntu 17.04 to Ubuntu 18.04 (IMHO).

If you don't have both platforms, you won't realize how much iOS flips
things around on you, breaking stuff that worked (e.g., ties to Linux)
where the Apple support page simply says they don't care (since they don't
support connectivity to Linux anyway).

Back to the others ... I wonder if those who reported in the poll can do a
_manual_ update?

[123456789]

Anssi Saari wrote:
> arlen holder <ar...@arlen.com> writes:

>> What "Android security patch level" is your Android
>> phone currently at?

> 2019.1. Not exactly good performance from Oneplus
> considering it's getting near end of March now.

My Chromebook (with Android 7.1.1) reports a patch level
of January 5, 2019.

> Last time I got timely security patches was with the
> Galaxy Nexus.

My Galaxy Tab A8 (2016 version), with Android 5.1.1,
purchased new December 2018, reports a patch level of
December, 2017

My Galaxy Tab S4, with Android 8.1.0, purchased new January
2019, reports a patch level of December 1, 2018.

When queried they of course all say they're "up to date"...

[Libor Striz]

arlen holder <ar...@arlen.com> Wrote in message:

> Hi Poutnik,Doesn't _every_ phone have the capability to do a manual security update?(of course, if an update exists)

If an update exists.

It is IMHO better
to focus on Android or iOS, whatever anybody uses,
and avoid iOS/Android group crossposting
for Android vs iOS pros/cons heated discussions.

The big difference for fixing bugs is,
That Android is Open Source,
what I doubt about iOS.

[nospam]

In article <q7g5o5$h0b$1...@dont-email.me>, Libor Striz

<poutnik4R...@gmailCAPITALS.com.INVALID> wrote:

> The big difference for fixing bugs is,
> That Android is Open Source,

not all of it, but that doesn't matter since google patches bugs, not
end users.

> what I doubt about iOS.

some of it is, but that doesn't matter since apple patches bugs, not
end users.

[arlen holder]

On Wed, 27 Mar 2019 08:42:37 -0700, 123456789 wrote:

> When queried they of course all say they're "up to date"...

Hi 123456789,

That's interesting!

I hadn't thought about manually checking if the device was up to date when
I first asked the question, so I would like to ask others to do what you
did, which is a manual check to see if they have downloaded & installed the
latest "available" updates for their device.

I love facts, where this is interesting that yours says it's "up to date"
when you manually check it, where, mine (LG Stylo 3 Plus) does too.

Mine also says "Your system is up to date" as shown below.
<https://i.postimg.cc/4dthSPDJ/android02.jpg>

And yet, my "up to date" is a completely different version than yours.
o I wish we had more visibility into _why_ the huge variability in what
people are reporting.

I realize support only lasts a certain time for each device, where my LG
Stylo 3 Plus is a few years old (searching, it says it was released in May
2017 so it's two years old).

What would be nice would be to find a site that tells us, for each phone,
what the latest update is, so that you and me and the others can _check_ if
we have the latest release.

[arlen holder]

On Wed, 27 Mar 2019 16:44:04 +0100 (GMT+01:00), Libor Striz wrote:

> If an update exists.

Hi Poutnik,

Remember the laconic response the Spartans gave to Phillip II of Macedon?
o "If"

If the updates exist, I don't see why Android users shouldn't press the
button. I don't know if they did for those who posted.

> It is IMHO better
> to focus on Android or iOS, whatever anybody uses,
> and avoid iOS/Android group crossposting
> for Android vs iOS pros/cons heated discussions.

Referring back to the Spartan's laconic responses to Phillip of Macedon,
that one-word "If" was _after_ they already responded prior to his query
whether he should come as friend or foe, where their one-word diplomatic
reply was:
o "Neither"

I think most people, particularly those who don't own both devices, would
say that they don't care; but, I would say that the two ecosystems are
similar and different enough to be EXTREMELY INTERESTING to me, since I'm
_always_ all about cross-platform solutions.

I find cross platform solutions to be the _hardest_ to solve, but...
o I learn the most when I solve those cross platform solutions!

> The big difference for fixing bugs is,
> That Android is Open Source,
> what I doubt about iOS.

Hi Poutnik,

You bring up a great point that Android is open source, so that gives both
the opportunity for the bad guys to _find_ zero-day bugs, but also it gives
plenty of opportunity for the good guys to find them too.

My original request which asked for the version should also have asked
whether the user has pressed the update button.

[arlen holder]

On Wed, 27 Mar 2019 12:38:15 -0400, nospam wrote:

>> The big difference for fixing bugs is,
>> That Android is Open Source,
>
> not all of it, but that doesn't matter since google patches bugs, not
> end users.

Hi nospam,
I think, perhaps, a key differentiator of being Open Source, is that both
the good guys and bad guys, if they're so inclined, can _look_ at the code
to see what vulnerabilities exist.

As I recall, that's how the good guys (and maybe the bad guys too, only
silently) found the Heartbleed OpenSSL cryptographic bug, albeit, well
after the fact, as I recall (simply because, as I recall, nobody was
EXPECTING this particular code to have such a severe problem).

What it took to find the bug was "eyeballs" on the code, where, in the case
of Apple, we already _know_ they never test iOS sufficiently (did you even
_look_ at the huge number of _extremely severe_ privacy flaws just in this
one 12.2 fix, nospam?)

In the words of a report just published today... (see below)...
"*Those are just a few of the most shocking [iOS] security flaws*"

>> what I doubt about iOS.
>
> some of it is, but that doesn't matter since apple patches bugs, not
> end users.

Hi nospam,

Notice something interesting, with respect to Apple finally (for the first
time) putting QA "eyeballs" on their Facetime code.

Notice that I already reported that, by doing so, they found _multiple_
bugs which apparently existed since the features were _added_ (i.e.,
multiple iOS releases).
o Apple's delay may indicate QA found long-standing super-serious facetime flaws
<https://groups.google.com/d/msg/misc.phone.mobile.iphone/1V5tFA1OQ0w/qmc4iiUWCQAJ>

And, it turns out,
o "*Those are just a few of the most shocking [iOS] security flaws*
<https://www.cnn.com/2019/03/26/tech/ios-12-2-security/index.html>

Specifically, what seems to have happened is that Apple, finally, for the
first time seemingly, has looked at Facetime, and found security hole after
security hole after security hole after security hole.

And it's not just Facetime, but even shocking flaws in the microphone!
"Perhaps the most notable fix: Apple patched a flaw that could allow
malicious applications to access the microphone on your iPhone
and record you and those around you. "

That article goes on to remind us that:
"But that's just one of the vulnerabilities..."

Where, there's more privacy & security holes Apple only found by putting
eyes on Facetime, seemingly for the first time, where Apple fixed
o a problem with the FaceTime app that prevented video chats from pausing
o a loophole that allowed users to access sensitive information in the
Messages app and websites visited
o see information from their phone's light and motion sensors
etc.

All because a mother went viral on the Internet making Apple look bad.

In summary, the fact that there are eyes on software looking for bugs is a
"good thing", where seemingly, Apple is not the one who finds 9 out of 10
of their security vulnerabilities, whereas we're not sure on Google, but it
sure looks like about 3/4 of the bugs on that landing page were found by
Google themselves, and that there were 8 bugs reported by Qualcomm, and
where there seemed to be quite a few reported by Samsung.

Back to Poutnik's point, I think Android being Open Source, while a two
edged sword, still _vastly_ outweighs the sophomoric "security by
obscurity" that Apple provides, simply because it has more "well intended
eyes" looking out for bugs.

[Libor Striz]

nospam <nos...@nospam.invalid> Wrote in message:

> ..... but that doesn't matter since google/Apply patches bugs,
> not end users.

Majority of work is finding a bug.

And for open source parts,
even end users patch bugs
by source code pulling requests.

[nospam]

In article <q7gbm7$ouh$6...@news.mixmin.net>, arlen holder

<ar...@arlen.com> wrote:

>
> >> The big difference for fixing bugs is,
> >> That Android is Open Source,
> >
> > not all of it, but that doesn't matter since google patches bugs, not
> > end users.
>
> Hi nospam,
> I think, perhaps, a key differentiator of being Open Source, is that both
> the good guys and bad guys, if they're so inclined, can _look_ at the code
> to see what vulnerabilities exist.

nope.

<https://www.androidpolice.com/2018/04/29/like-using-open-source-softwar
e-android/>
But even from the beginning, there were components of Android that
were closed-source. The Gmail app, Maps, Google Talk, and the Play
Store were some of the earliest examples. To combat the
always-present fragmentation of Android, Google offers many APIs
through the Play Services Framework. As more and more apps switch to
these proprietary APIs, they become less functional (or break
entirely) on devices without the Play Store.
...
I started this experiment with one question in mind: could you
realistically use an Android phone in 2018 with only open-source
software? I think for most people, the answer is no. Just about every
service or app used by the general public is closed-source, and
unless you're willing to switch away from Google's ecosystem and go
without most apps, it's just not practical.


<https://www.quora.com/Can-we-say-that-Android-is-effectively-closed-sou
rce-since-there-is-no-LFS-equivalent>
The Android being used in commercial devices, however, are a
different beast. The bulk of Google-specific software is proprietary.
The photos, maps, and Play Services (which a lot of other apps depend
on) are proprietary too.


<https://www.theregister.co.uk/2016/06/08/google_is_taking_android_propr
ietary_heres_how/>
Google is preparing to seize control of Android with its own
proprietary closed-source version of the mobile operating system,
an analyst claims.
Technology analyst Richard Windsor says that a highly confidential
internal project is underway to rewrite the ART runtime, removing any
lingering dependencies from the freely downloadable open source AOSP
(Android Open Source Project) code base.
...
For years, Google has been adding functionality not to the open
source AOSP code base, but to its own proprietary binary libraries,
specifically the ever-expanding GMS (Google Mobile Services). Phone
makers must pass a compatibility test to receive the GMS.

[nospam]

In article <q7ge11$bmv$1...@dont-email.me>, Libor Striz

<poutnik4R...@gmailCAPITALS.com.INVALID> wrote:

>
> > ..... but that doesn't matter since google/Apply patches bugs,
> > not end users.
>
> Majority of work is finding a bug.

true.

> And for open source parts,
> even end users patch bugs
> by source code pulling requests.

not in android, they don't. most of it is *not* open source. see other
post for specifics.

[Apd]

Tried a manual update:
"Latest updates already installed".

[Libor Striz]

arlen holder <ar...@arlen.com> Wrote in message:

> On Wed, 27 Mar 2019 16:44:04 +0100 (GMT+01:00), Libor Striz wrote:

>> If an update exists.

> Hi Poutnik,Remember the laconic response the Spartans gave to Phillip II of Macedon? o "If"

> If the updates exist, I don't see why Android users shouldn't press thebutton. I don't know if they did for those who posted.

I do remember, I use it often and I just repeat - IF....

For many phones, the last update comes 1-2 years after the model release, no matter what updates Google released.

Things changed with the Android One and with the project Treble,
where the latter seems aimed
to separate the Android core and vendor specifics.

[Libor Striz]

arlen holder <ar...@arlen.com> Wrote in message:
>

Hi 123456789,That's interesting!I hadn't thought about manually checking if the device was up to date whenI first asked the question, so I would like to ask others to do what youdid, which is a manual check to see if they have downloaded & installed thelatest "available" updates for their device.

My device automatically checks for system updates
and offers to update, if applicable.

[Libor Striz]

nospam <nos...@nospam.invalid> Wrote in message:

>> And for open source parts,
>> even end users patch bugs
>> by source code pulling requests.

> not in android, they don't. most of it is *not* open source. see otherpost for specifics.

All parts from open source parts are open source,
otherwise they would not be open source parts.

[nospam]

In article <q7gjv2$l9v$1...@dont-email.me>, Libor Striz

<poutnik4R...@gmailCAPITALS.com.INVALID> wrote:

>
> >> And for open source parts,
> >> even end users patch bugs
> >> by source code pulling requests.
>
> > not in android, they don't. most of it is *not* open source. see otherpost
> > for specifics.
>
> All parts from open source parts are open source,
> otherwise they would not be open source parts.

most of android is not open source and google is moving towards more of
it being closed. see other post for links.

[xJumper]

December 2018 Vendor Security Patch

March 5 Android Security Patch

That's the perks of running a custom roms, everybody else is basically a
sitting duck for ownage.

[arlen holder]

On Wed, 27 Mar 2019 16:05:46 -0400, nospam wrote:

> most of android is not open source and google is moving towards more of
> it being closed. see other post for links.

Are you confusing "apps" with the "os" again, nospam?

[nospam]

In article <q7gpo8$moc$1...@news.mixmin.net>, arlen holder

<ar...@arlen.com> wrote:

>
> > most of android is not open source and google is moving towards more of
> > it being closed. see other post for links.
>
> Are you confusing "apps" with the "os" again, nospam?

nope, but you clearly are.

[arlen holder]

Hi xJumper,
You are likely one of the most knowledgeable here, where I am a mere novice
compared to you (all my experience with Android is purely empirical).

May I ask your advice?

If I want to "custom ROM" my Nougat 7 T-Mobile LG Stylo 3 Plus, how "hard"
would it be to do that?
<https://i.postimg.cc/ryDCCvNx/android01.jpg>

I realize it's hard to answer a question like that, but I'm wondering, up
front, if it would be worth the effort.

For example, if nothing exists for my phone, then it wouldn't be worth
trying for me as I'm not going to be able to go off road on this.

[s|b]

On Wed, 27 Mar 2019 05:58:39 -0000 (UTC), arlen holder wrote:

> What "Android security patch level" is your Android phone currently at?

March 5 2019

(Pixel 3, bought after I learned that Nexus 5X wouldn't receive security
updates anymore).

--
s|b

[arlen holder]

On Wed, 27 Mar 2019 17:31:15 -0400, nospam wrote:

>>> most of android is not open source and google is moving towards more of
>>> it being closed. see other post for links.
>>
>> Are you confusing "apps" with the "os" again, nospam?
>
> nope, but you clearly are.

Hi nospam,

*Please stop trying to constantly bullshit us.*
o *Yet again, you failed to even _read_ your own cite, nospam.*

HINT: It doesn't say anywhere near what you claimed it says, nospam.
o I wish you'd learn how to comprehend words & stop bullshitting us.

Your own quote says...

"But even from the beginning, there were components of Android

that were closed-source. The _Gmail app_, _Maps_, _Google Talk_,
and the _Play Store_ were some of the earliest examples."
<https://www.androidpolice.com/2018/04/29/like-using-open-source-software-android/>

Hmmm.... _every_ one of those is merely an app, none of which are required.
o Gmail app
o Map app
o Google Talk app
o Google Play Store app

Let's look a bit at the reference you provided, shall we?
"*Android is open-source*. This means anyone can look at the operating
system's code, or change it - this is how OEMs like HTC and Samsung add
their own tweaks. That openness has often been a rallying cry for
hardcore Android enthusiasts. *Why use a _closed_ platform like iOS*,
when you can have a free and open-source platform?"

The entire basis of your argument is this sentence:

"Google offers many APIs through the Play Services Framework."

Nobody has to _use_ those APIs, nospam.
o Nobody

If they _choose_ to use those APIs, nospam, then they're simply using
"calls" (which is how APIs work, nospam). They use those calls for
convenience, nospam; otherwise they'd have to write the calls themselves.

Besides, there are existing OPEN SOURCE implementation of those very APIs
nospam, which was clearly stated IN THE ARTICLE you quoted, nospam.

Jesus Christ nospam. Do you even _read_ your own cites?
o No?

Well that explains why you completely whooshed on the fact that your own
article clearly said that the author of that article REPLACED Google Play
Services with "The microG Project". <https://microg.org/>

The article, which was written a year ago, so we can presume things are
better, did complain that the replacement Google Play Service Framework API
functionality wasn't complete at that time. Also, the article says that the
device drivers for hardware components (e.g., the camera, GPS, and other
sensors) is a binary that comes from the manufacturer of those devices.

But your article then goes on to say that _even_ those binary blobs are
replicated in FOSS with the "Replicant" ROM., which, interestingly,
supports my venerable but old Android phone, the Galaxy S3.

The only proprietary problem that the author of that article ran into was
his need for the "Slack" app for communication, which isn't FOSS.
<https://play.google.com/store/apps/details?id=com.Slack>

I repeat: The _only_ non FOSS app the author needed was Slack,
and even then, it was only because his employer required it.

*Most of us wouldn't have that requirement for Slack, nospam.*

This is a direct quote from the author of that article, nospam:
"[Slack] ended up being the one closed-source app I installed,
since that's a necessity for my job."

Moving on, the guy used Chromium, but he could have used _any_ browser from
the F-Droid repository, nospam. He just didn't want to. For example, he
doesn't like Firefox, but he could easily have used it.

Besides, he ended up using the native "Jelly" browser, saying
the Jelly browser "performance is great" for heaven's sake.

Then the author covered the NewPipe functionality, which, as you know,
nospam, I have used for years. What the author said made absolutely zero
sense, since with NewPipe, you can watch, download, strip, search, and
subscribe, all without logging into the Google servers (which is the entire
POINT of NewPipe for Christs's sake).

But the author complained "you can't log in".
o WTF? That's the whole point that you don't log into YouTube with NewPipe!
o It's a privacy thing silly.

Then, the guy claimed he couldn't listen to any of his music until he
copied his MP3 files to the phone's internal storage. Big freaking deal.
HINT: That's how I listen to my music and it works just fine.

They he complained that some of his fave silly games aren't open source.

Do you see a pattern here?
o The guy is essentially complaining that his favorite _apps_ aren't FOSS

This has NOTHING to do with the operating system, nospam.

Moving on, the guy complains that there aren't enough FOSS Twitter apps.
Jesus Christ.

I get it that there aren't a billion FOSS apps, but how many Twitter apps
does the guy need for heaven's sake when he admits that there are FOSS
Twitter apps.

The guy concluded that there weren't enough FOSS apps to make him happy,
where that is a fine conclusion, but to the point where you're clearly
confused nospam, apps are SEPARATE from the OS, nospam.

I realize you're an Apple Apologist, so you think that if they add emojis
to the message app, that it's a BIG DEAL FOR IOS, but it's not. It's just a
freaking app for Christs' sake nospam.

You, nospam, don't seem to know the difference between an app
and an operating system.

What I find interesting is that every time you list a cite in support of
your arguments, the very last sentence of those cites goes COMPLETELY
against what you CLAIM is the data in the cite.

This is the last sentence of that article, which says that you gain privacy
by going FOSS on the Operating System and apps, nospam:
"I think everyone can agree that the fewer Silicon Valley
companies collecting detailed analytics about you, the better."

[arlen holder]

On Wed, 27 Mar 2019 14:07:56 -0400, nospam wrote:

> nope.
>
> <https://www.androidpolice.com/2018/04/29/like-using-open-source-softwar
> e-android/>
> But even from the beginning, there were components of Android that
> were closed-source. The Gmail app, Maps, Google Talk, and the Play
> Store were some of the earliest examples. To combat the
> always-present fragmentation of Android, Google offers many APIs
> through the Play Services Framework. As more and more apps switch to
> these proprietary APIs, they become less functional (or break
> entirely) on devices without the Play Store.
> ...
> I started this experiment with one question in mind: could you
> realistically use an Android phone in 2018 with only open-source
> software? I think for most people, the answer is no. Just about every
> service or app used by the general public is closed-source, and
> unless you're willing to switch away from Google's ecosystem and go
> without most apps, it's just not practical.

Hi nospam,

*Please stop trying to constantly bullshit us.*
o *Yet again, you failed to even _read_ your own cite, nospam.*

HINT: It doesn't say anywhere near what you claimed it says, nospam.
o I wish you'd learn how to comprehend words & stop bullshitting us.

Your own quote says...

"But even from the beginning, there were components of Android

that were closed-source. The _Gmail app_, _Maps_, _Google Talk_,
and the _Play Store_ were some of the earliest examples."
<https://www.androidpolice.com/2018/04/29/like-using-open-source-software-android/>

Hmmm.... _every_ one of those is merely an app, none of which are required.
o Gmail app
o Map app
o Google Talk app
o Google Play Store app

Let's look a bit at the reference you provided, shall we?
"*Android is open-source*. This means anyone can look at the operating
system's code, or change it - this is how OEMs like HTC and Samsung add
their own tweaks. That openness has often been a rallying cry for
hardcore Android enthusiasts. *Why use a _closed_ platform like iOS*,
when you can have a free and open-source platform?"

The entire basis of your argument is this sentence:

"Google offers many APIs through the Play Services Framework."

[Lloyd Parsons]

That's the same for my Moto Z3. Oddly there were articles in January
saying Android Pie would release 'soon' for it but here we are nearly
in April and other than those articles no one has seen it yet.

[John McGaw]

On 3/27/2019 1:58 AM, arlen holder wrote:
> What "Android security patch level" is your Android phone currently at?
>

> In another thread, while both Android & Google have fewer than 50 security
> vulnerabilities fixed in their respective latest security updates, we
> easily determined that Apple finds only about 1 out of every 10 security
> vulnerability in iOS, while Google appears to "author" over 75% of the

> security vulnerabilities found in Android.

> o iOS v12.2 is out now!
> <https://groups.google.com/forum/#!topic/misc.phone.mobile.iphone/v3y5ih7ReCE>
>
> In checking on those details, I happened to check the version of my Android
> 7.0 LG Stylo 3 Plus, which is a couple of years old now (does LG even still
> make it?), where I was surprised that my version was dated in February.
> <https://i.postimg.cc/ryDCCvNx/android01.jpg>
> *Android security patch level = February 1, 2019*
>
> I'm curious what others have for their current "security patch level".
> I found that screen, for Nougat, Android 7.0, using:
> o Settings > General > About phone > Software info

>
> What "Android security patch level" is your Android phone currently at?
>

My now-antiquated Nexus 5 is stuck at Android 6 and the last security patch
is from October 2016. I have a Pixel 3 on the way right now so I guess I'll
be up to date for at least a while.

[xJumper]

>
> Hi xJumper,
> You are likely one of the most knowledgeable here, where I am a mere novice
> compared to you (all my experience with Android is purely empirical).
>
> May I ask your advice?
>
> If I want to "custom ROM" my Nougat 7 T-Mobile LG Stylo 3 Plus, how "hard"
> would it be to do that?
> <https://i.postimg.cc/ryDCCvNx/android01.jpg>
>
> I realize it's hard to answer a question like that, but I'm wondering, up
> front, if it would be worth the effort.
>
> For example, if nothing exists for my phone, then it wouldn't be worth
> trying for me as I'm not going to be able to go off road on this.

For one it would be worth the effort just to dip your feet into the
whole custom ROM/modding Android field. Once you go there and you
understand it, you "get it" and you never go back to stock OEM roms.

The thing with using custom roms and being successful with them is that
it's something you wanna look into BEFORE you chose your hardware and
not something you do after the fact.

Lineage OS is probably the most well built/all around custom rom and
will probably do everything you need it to do privacy/control wise.
There are other roms with specific niches for them but none are as well
maintained as Lineage and when it comes to security being up to date
with the android/vendor patches is #1.

When you decide you wanna use a custom rom the best thing to do first is
to look at the official Lineage OS build page bellow and find a phone
that you like that is officially supported, meaning there is an actual
official build listed for download. In your case I don't see one, all is
not lost but it just means it's gonna be harder since you'll have to use
an unofficial build which means going on the forums. Really though if
you get into flashing custom roms you will need to keep an ear on the
developer forums in one way or another. It's not too involving once you
get the hang of it but you will need to do it.

https://download.lineageos.org/

The next step once you find a few phones that you like that have
official builds is to find which one is going to be the easiest to
"unlock" and flash whats known as a "custom recovery" or "custom
bootloader".

All phones have what's known as a "recovery" or "bootloader", this is
what loads your main Android OS, think of it as a sort of BIOS for the
phone world. If it's locked and cannot be unlocked you cannot flash a
custom Android ROM. Different manufactures go to different lengths to
lock their bootloaders.

Samsung phones for example are hard to unlock, you will need to go on
the forums, find the leaked OEM tool that's used by the factory to load
the OS on the phone and do a bunch of stuff that's beyond the scope of
this post to unlock your boot loader so you can flash a custom recovery.
It's doable but it's more complicated and the more complicated and hard
something is in the custom rom world, the higher the likelihood of
"bricking" your phone. In other words, taking that $500 flagship and
turning into an irrecoverable paperweight.

Oneplus phones on the other hand, Xiaomi, Huawei and their affiliate
brands are much more open to mods; Oneplus phones are the dev
community's choice actually. Unlocking the bootloader on those phones is
as simple as typing a few commands. You download whats known as the
"adb/fastboot" package onto your desktop which is basically a developer
Android command prompt to talk to your phone. Hook up the phone, type
some commands one of which is "./adb fastboot unlock bootloader" or
something and bam it's done. Then you get the "image" or "file" as you
call it of the "custom recovery" called "TWRP", type another command
like "./adb fastboot flash recovery isertfilenamehere" and then you're
done; your bootloader is now unlocked and you have a custom recovery.
Now all you have to do is find the custom rom of your choice, download
it, place it on the SD card/internal storage of your phone, go into your
custom recovery and hit install on the file.

That's the short version, really what you want to do is find a specific
forum thread on the developer forums like XDA that deals with your
specific device, someone will have created a guide with all the step by
step instructions. When I started the custom rom thing I didn't know
anything about it, I spent two weekends reading about it and all the
steps for my phone on the forums (XDA) and then I knew everything I
needed to do.

Now for your phone, it looks like theres an "unofficial build", it may
or may not be maintained anymore but it will likely get you a higher
version of android then you already have as well as a higher security
patch/vendor security patch for Android.

I don't know if your phone falls under the easy to unlock/flash category
or not but here is a developer thread on it. Really since your phone is
old already, might as well experiment with it not much to lose if you
mess it up and brick your phone. That's the one thing with custom roms
though, if you buy yourself the latest flagship which could be worth
anywhere from $500-$700, screw up the process and brick your phone
trying to install a custom rom it sucks. I took that risk when I
installed one on my flagship from the get go but it paid off. Just
something to keep in mind, don't put skin in the game if you're not
ready to lose it.

https://forum.xda-developers.com/android/development/rom-unofficial-lineageos-lg-stylo-3-plus-t3749201

[arlen holder]

On Thu, 28 Mar 2019 16:36:20 -0400, xJumper wrote:

> For one it would be worth the effort just to dip your feet into the
> whole custom ROM/modding Android field.

Hi xJumper,

Thanks for that very patiently & carefully written set of instructions.

Since I like to document the steps first, here's what I wrote based on your post.
Can you review the dozen steps below to make suggestions so that we all benefit?
Thanks!

****************************************************************************
The dozen basic steps for running a custom ROM on your Android device
****************************************************************************
This is a first pass work-in-progress attempt, based on xJumper's post.
As always, please improve so that others benefit from every action.

SUMMARY:
A. Choose a phone with an easily unlocked bootloader;
B. Unlock the bootloader & flash with a custom recovery image;
C. Install a custom ROM of your choice;
D. Install the apps of your choice.

SEE ALSO:
<https://android.gadgethacks.com/how-to/ultimate-guide-using-android-without-google-0193735/>
============================================================================
STEPS:
============================================================================
1. Obtain a phone that you like which is supported by Lineage OS:
<https://download.lineageos.org>

Best are OnePlus, Xiaomi, & Hauwei.
Worst are Samsung.
============================================================================
2. Create an account on XDA to get tutorials & answers to questions.
https://forum.xda-developers.com
============================================================================
4. Check whether the bootloader (aka recovery) is locked or unlocked
(I need to add those steps here.)
============================================================================
4. If locked, test if it can be unlocked & unlock it (else go to step 1).
(I need to add those steps here.)
============================================================================
5. Document phone-specific commands to unlock, test & flash the bootloader.
(I need to add those steps here.)

For example, for the LG Stylo 3 Plus (experimental), look here:
<https://forum.xda-developers.com/android/development/rom-unofficial-lineageos-lg-stylo-3-plus-t3749201>
============================================================================
6. Install the adb package with fastboot drivers onto your desktop computer.

[OFFICIAL][TOOL][WINDOWS] ADB, Fastboot and Drivers - 15 seconds ADB Installer v1.4.3
<https://forum.xda-developers.com/showthread.php?t=2588979>
============================================================================
7. Download the manufacturer's USB drivers for your phone.
In my experience, adb works best with the official manufacturer USB driver.
<https://developer.android.com/studio/run/oem-usb>
<https://developer.android.com/studio/run/win-usb>
============================================================================
8. Connect the phone to adb & test that things are working correctly:

C:\> adb devices
C:\> adb pull /system/etc/hosts C:\hosts
C:\> adb push C:\Windows\System32\drivers\etc\hosts /system/etc/
(I need to add those steps here.)
============================================================================
9. Unlock the the bootloader
./adb fastboot unlock bootloader
(I need to add those steps here.)
============================================================================
10. Flash the unlocked bootloader with a custom bootloader (aka recovery).
This replaces the old bootloader with a TWRP custom recovery image.

C:\> ./adb fastboot flash recovery isertfilenamehere
(I need to add those steps here.)
============================================================================
You have now nlocked the bootloader & flashed with a custom recovery image.
Now you need to install a custom ROM of your choice.
============================================================================
11. Find and install a custom Android ROM of your choice

<https://www.xda-developers.com/how-to-install-custom-rom-android/>
<https://www.androidpit.com/best-custom-roms-for-android>
<>
etc.
============================================================================
12. Install the apps of your choice.

MicroG: <https://microg.org/>
Gapps: <https://www.xda-developers.com/download-google-apps-gapps/>
Fdroid: <https://f-droid.org>
etc.
============================================================================
============================================================================

[Bob Martin]

[Bob Martin]

On 28 Mar 2019 at 15:37:42, John McGaw <Nob...@Nowh.ere> wrote:

[Bob Martin]

On 28 Mar 2019 at 15:37:42, John McGaw <Nob...@Nowh.ere> wrote:

[Bob Martin]

On 28 Mar 2019 at 15:37:42, John McGaw <Nob...@Nowh.ere> wrote:

[Bob Martin]

On 28 Mar 2019 at 15:37:42, John McGaw <Nob...@Nowh.ere> wrote:

[Bob Martin]

On 28 Mar 2019 at 15:37:42, John McGaw <Nob...@Nowh.ere> wrote:

[Bob Martin]

On 28 Mar 2019 at 15:37:42, John McGaw <Nob...@Nowh.ere> wrote:

[Bob Martin]

On 28 Mar 2019 at 15:37:42, John McGaw <Nob...@Nowh.ere> wrote:

[Bob Martin]

On 28 Mar 2019 at 15:37:42, John McGaw <Nob...@Nowh.ere> wrote:

[Bob Martin]

On 28 Mar 2019 at 15:37:42, John McGaw <Nob...@Nowh.ere> wrote:

[Bob Martin]

On 28 Mar 2019 at 15:37:42, John McGaw <Nob...@Nowh.ere> wrote:

[John McGaw]

On 3/27/2019 1:58 AM, arlen holder wrote:
> What "Android security patch level" is your Android phone currently at?

snip...

> What "Android security patch level" is your Android phone currently at?
>

Well, I got my new Pixel 3 this afternoon and went to the T-Mobile store to
obtain a nano-SIM since my old Nexus 5 just had a micro. That was free
(which surprised me no end) and after fiddling around trying to get all of
my apps reconfigured and my home screens looking like what I'm used to it
is pretty much usable although one email setup is giving me fits.

As for OP's question, my system is now Android 9, security patch level
March 5, 2019.

[arlen holder]

On Fri, 29 Mar 2019 19:26:07 -0400, John McGaw wrote:

> As for OP's question, my system is now Android 9, security patch level
> March 5, 2019.

Thanks for that update, as I think you have the newest of everyone. :)
(Although mine is only 1 month behind, and it's a two-year-old phone.)

> Well, I got my new Pixel 3 this afternoon and went to the T-Mobile store to
> obtain a nano-SIM since my old Nexus 5 just had a micro. That was free
> (which surprised me no end)

I have a _lot_ of T-Mobile "freebie" stuff, from a femtocell (which
connects to my router) to a cellular repeater (which hangs in an upstairs
window), and where I have a few of those free-for-life SIM cards that
enable the iPads to have cellular (200MB/month, which is plenty for
navigation and telephony).

I have never paid for a SIM card from T-Mobile, and I buy a _lot_ of
cellphones, where they generally overnight the SIM cards, all for free,
although I _know_ they charge others for those same cards.

> and after fiddling around trying to get all of
> my apps reconfigured and my home screens looking like what I'm used to it
> is pretty much usable although one email setup is giving me fits.

I used to factory wipe my cellphone about monthly, but I'm getting lazy
lately, where it takes me about an hour or so to reconfigure the phone
after I've wiped it clean.

OF course, _all_ the apps are automatically stored as APK (aka ZIP files)
on the SD card, so they're always there, and my app launcher (nova free)
re-creates the home screen with all the apps in placeholder format, so it's
pretty easy.

I'm sure a lot of people use the ready-made backup solutions, but, for me,
I just save my APKs, and then I save the critical data (contacts, calendar,
passwords, etc.,) on a cross-platform file on my LA N, so there's not much
to a restore from those backups.

I tried Titanium (when I was rooted) and didn't care for it as I don't want
everything backed up anyway. It's nice to start fresh.

Thanks for your update.

[Bob Martin]

[Roy Smith]

On Wed, 27 Mar 2019 05:58:39 -0000 (UTC), arlen holder

<ar...@arlen.com> wrote:

>What "Android security patch level" is your Android phone currently at?
>

...

>
>I'm curious what others have for their current "security patch level".
>I found that screen, for Nougat, Android 7.0, using:
>o Settings > General > About phone > Software info
>

>What "Android security patch level" is your Android phone currently at?

I have a Google Pixel 2 XL on Verizon and its using Android 9 (Pie)
and Android Security Patch Level is March 5, 2019. I love Google
phones, no carrier bloatware but you do have those pesky Google apps
that you can't get rid of without rooting your phone...

[s|b]

On Fri, 29 Mar 2019 19:26:07 -0400, John McGaw wrote:

> As for OP's question, my system is now Android 9, security patch level
> March 5, 2019.

As it should be.

--
s|b

[xJumper]

That's a pretty good writeup overall, you covered pretty much everything.

What I might add is that there is something you should do after you have
flashed your custom recovery but BEFORE you flash your custom rom, this
is a step that almost bit me in the ass and caused me to temporarily
brick my phone.

Phones have an extra piece of software, what's known as a "modem/radio"
firmware. It's software that runs at an even lower level than the
Android OS itself and control the actually cellphone radio. This is
proprietary hardware/software so it's a closed source black hole.
Nevertheless you need this firmware to have your phone actually work as
a cellphone.

Why this is important is because typically with custom roms, if you
download the latest one; it will only support the latest modem/radio
firmware. If you do not have the latest/correct modem/radio firmware
installed, best case scenario the rom will refuse to install and throw
an error message and worst case you will brick your phone. The dev for
your custom rom will sometimes list in their threads or release notes
what firmware is required but if they don't the general rule is that it
will need to be the latest one.


This firmware is released by your phones OEM and them only, this
firmware is typically pushed to your phone via OTA updates from your
carrier when needed. There's two ways you can go about acquiring this
firmware to ensure you have the correct one.

The recommended way and easiest way for beginners is to not flash a
custom rom right away and run your phone for a while using the stock
Android OS with a SIM that has a data plan from your carrier. Let the
phone do ALL of it's OTA updates, whatever OS updates/security patch
updates, etc. Your phone will likely receive the latest firmware for the
modem/radio via OTA and you will then be good to flash a custom rom.

The second way is to hunt down the correct firmware for your modem/radio
manually. This will require digging through the forums for some thread
where somebody very knowledgeable has "extracted" the firmware from a
stock OEM phone and made available the latest and/or all of the
different versions for download as an individual .zip file. You will
then need to install this firmware manually by placing it on your SD
card/internal storage and going into your custom recovery, selecting the
file and hitting "install" to flash the .zip file.

You will need to carefully read the numbering scheme used to denote what
the latest version is. You also really need to be overly cautious here
and make sure you are downloading the firmware SPECIFICALLY made for
your phone. e.g. if you have the A550 whatever, don't download the
firmware for the A550T thinking it'll be close enough so it should work.
Close enough might as well be another planet, if it is not made
specifically for your phone you will brick it.

It should be noted that once you do flash a custom rom, your phone no
longer receives OTA updates for it's firmware so this will be the only
method you can use to update your firmware. So if you want to keep
updating to better versions of Android you will need to get familiar
with this.


Other than that you don't really need to download the the USB drivers
for your phone unless somethings goes wrong, Windows 10 will auto
download them and Linux has built in support.

You don't really need to mess with learning/testing ADB push/pull
commands. Everything is drag and drop through your normal windowed file
manager, only time you're really using a command to "push" a file to
your phone is when you are flashing the custom recovery itself, you will
be using a command something along the lines of ./fastboot flash
recovery customrecoveryfilenamehere.img


I noticed you mentioned the flashing of "microG". MicroG is a spoofing
patch applied to your custom rom that can trick apps that rely on Google
services framework (a lot of apps do btw) to work without actually
having Google services on your phone.

When it comes to using the LOS rom (Lineage OS), I recommend looking at
the "microG" fork first. It's basically a carbon copy 1:1 clone of
Lineage OS but with microG already built in, using that instead of
trying to apply the patch manually after is wayyyyy easier and you won't
have to keep re-patching it every time you update the OS.

[arlen holder]

On Sat, 30 Mar 2019 16:23:21 -0400, xJumper wrote:

> You also really need to be overly cautious here
> and make sure you are downloading the firmware SPECIFICALLY made for
> your phone. e.g. if you have the A550 whatever, don't download the
> firmware for the A550T thinking it'll be close enough so it should work.
> Close enough might as well be another planet, if it is not made
> specifically for your phone you will brick it.

Hi xJumper,
Thank you for reading the tutorial and for meticulously suggesting I add a
new step between the flashing of the bootloader and the flashing of the
custom Android ROM for flashing the low-level modem/radio firmware if it's
not already the latest version of that manufacturer-specific firmware.

Now that we know this is another "gotcha", we can _plan_ ahead in the early
stages of determining how viable any particular phone is for customization.

Thanks for providing two ways to obtain that latest firmware, where the key
question for me to answer is how to tell what the latest radio/modem
firmware is and what it's supposed to be. :)

BTW, is _that_ the "Baseband version" in this screenshot of my phone?
<https://i.postimg.cc/ryDCCvNx/android01.jpg>

> you don't really need to download the the USB drivers
> for your phone unless somethings goes wrong, Windows 10 will auto
> download them and Linux has built in support.

Hi xJumper,

While I understand completely what you said, and while adb is _different_
than Android Studio, I did find out the hard way that the Windows-installed
USB drivers for my LG Stylo 3 Plus did _not_ work with Android Studio
(which is where my adb came from), while the driver that Android Studio's
web site pointed to on the LG site _did_ work fantastically with Android
Studio.
o My first Android hello-world tutorial using Android Studio & adb
<https://groups.google.com/d/msg/comp.mobile.android/aW64zYeBtF0/1b5h3r3PBAAJ>

So it's good to know from you that the adb-with-fastboot-drivers typically
does _not_ need to use the manufactuers' own USB drivers on Windows.

I'll modify that step to be "optional", since I don't think it will hurt to
have the official drivers from the manufacturer rather than the one that
Windows 10 chose for me (which worked for everything _but_ Android Studio).

> You don't really need to mess with learning/testing ADB push/pull
> commands. Everything is drag and drop through your normal windowed file
> manager, only time you're really using a command to "push" a file to
> your phone is when you are flashing the custom recovery itself, you will
> be using a command something along the lines of ./fastboot flash
> recovery customrecoveryfilenamehere.img

Hi xJumper,
This is good to know that we don't need to test adb workings first.

I've only used the adb that came with Android Studio to pull
system-protected files off of a non-rooted Android, where, I'm surprised
that it's so easy to access system-protected files, but it was just as easy
to read the system log on iOS, so, each device has their own privacy holes
that are different. :)

> I noticed you mentioned the flashing of "microG". MicroG is a spoofing
> patch applied to your custom rom that can trick apps that rely on Google
> services framework (a lot of apps do btw) to work without actually
> having Google services on your phone.

Hi xJumper,
Thanks for clarifying a bit "what" the heck "microG" is. :)

I'm never sure exactly what Google Services Framework is, where I kind of
sort of liken it to something like ".NET Framework" on Window, in terms of
the fact that _some_ programs, unfortunately, require it simply because
they punted on the low-level calls.

The real question is whether any app ever absolutely _needs_ the Google
Framework Services, where I assume that, just like with .NET Framework,
apps aren't forced to use the calls - the developer just _decides_ to use
their calls.

Is that kind of like how Google Framework Services works?
(Sort of like a .NET Framework for Android?)

> When it comes to using the LOS rom (Lineage OS), I recommend looking at
> the "microG" fork first. It's basically a carbon copy 1:1 clone of
> Lineage OS but with microG already built in, using that instead of
> trying to apply the patch manually after is wayyyyy easier and you won't
> have to keep re-patching it every time you update the OS.

Ah, this is very nice to know that there is a combination of the LOS ROM
and the microG implementation of the Google Framework Services API (which
saves having to implement each separately).

I'll note all of this in the next revision of the tutorial, so that others
benefit from each action.

[arlen holder]

On Sat, 30 Mar 2019 07:08:43 -0500, Roy Smith wrote:

> I have a Google Pixel 2 XL on Verizon and its using Android 9 (Pie)
> and Android Security Patch Level is March 5, 2019. I love Google
> phones, no carrier bloatware but you do have those pesky Google apps
> that you can't get rid of without rooting your phone...

Thanks for that input.

I've had a Nexus and Moto G in the past, both of which are "google phones",
where I didn't notice any more (or fewer) "pesky Google apps" than on my
prior Samsung Galaxy S3.

Are there more of those "pesky Google Apps" on the Pixels than on a
"normal" phone like my current LG Stylo 3 Plus?

[xJumper]

On 3/30/19 6:11 PM, arlen holder wrote:
> Hi xJumper,
> Thanks for clarifying a bit "what" the heck "microG" is. :)
>
> I'm never sure exactly what Google Services Framework is, where I kind of
> sort of liken it to something like ".NET Framework" on Window, in terms of
> the fact that _some_ programs, unfortunately, require it simply because
> they punted on the low-level calls.
>
> The real question is whether any app ever absolutely _needs_ the Google
> Framework Services, where I assume that, just like with .NET Framework,
> apps aren't forced to use the calls - the developer just _decides_ to use
> their calls.
>
> Is that kind of like how Google Framework Services works?
> (Sort of like a .NET Framework for Android?)

Google services framework is a lot of things. As it relates to
privacy/security it's that a lot of apps rely on the Google backend to work.

Think of all the apps that have some kind of interconnected connectivity
function, whether they be messaging apps, dating apps, find local car
apps or whatever. The authors could run their own server and deal with
all the encompassing headaches that entails or just use Googles "free"
backends that they provided such as the cloud messaging function that
many messaging apps rely on, etc.

Part of what microG does for apps such as these is that it tells those
apps that it is the Google Play store/Google services framework and then
allows your phone to hit Google API's, kind of like how Yalp allows you
to download off the Play store without Google Play actually installed.

I don't even fully understand microG myself, but that's my half assed
explanation of it.

> Thanks for providing two ways to obtain that latest firmware, where the key
> question for me to answer is how to tell what the latest radio/modem
> firmware is and what it's supposed to be.
>

> BTW, is _that_ the "Baseband version" in this screenshot of my phone?
> <https://i.postimg.cc/ryDCCvNx/android01.jpg>

I did a bit of research, theres a few forum threads if you (and I hate
to say it) "Google" your phone and custom rom/firmware flashing.

Your phone falls under the somewhat difficult category for this. There's
different firmware for the same phone sold by different carriers (e.g.
T-Mobil, Metro PCS, etc). There seems to be a couple ways of doing it,
there's a few tools to do it including a leaked OEM tool from LG. This
is where reading is gonna come in.

Your devices OEM, LG on their device support page does not offer
downloads and instead says what I figured they would, that firmware
updates are pushed OTA via your carrier.


So I'd say when it comes to firmware on your phone, we can assume it's
already at it's latest version (lol already broke rule one, never assume
remember) through OTA updates. Try installing a rom and if it gives you
an error (e.g. common one is code 7 for incorrect firmware) then you can
start digging around the forums for specific firmware files and how to
use the LG OEM tool to flash firmware.


I don't think that "baseband" screen shot is indicative of the
modem/radio firmware your phone is running, I could be wrong though. I
never really understood what that was.

[arlen holder]

On Sun, 31 Mar 2019 10:37:58 -0600, KenW wrote:

> My Motorola phone gets updates directly from Motorola. My carrier is
> not involved.

I don't know _who_ updated my 2-year-old LG Stylo 3 Plus phone to the Feb
2019 security update, but I just noticed this when looking for the modem
version to tell xJumper.
<https://i.postimg.cc/4dtQhSXx/permission08.jpg>

Settings > General > Developer options > Automatic system updates = on

I'm not sure why it's in "Developer options" though...

[arlen holder]

On Sun, 31 Mar 2019 11:31:40 -0400, xJumper wrote:

> Google services framework is a lot of things. As it relates to
> privacy/security it's that a lot of apps rely on the Google backend to work.

Hi xJumper,
Thanks for the advice and explanations.

> Part of what microG does for apps such as these is that it tells those
> apps that it is the Google Play store/Google services framework and then
> allows your phone to hit Google API's, kind of like how Yalp allows you
> to download off the Play store without Google Play actually installed.

Thanks for that pointer to "Yalp".

I tried installing Yalp from F-Droid but the install button wasn't there.
<https://f-droid.org/en/packages/com.github.yeriomin.yalpstore/>

The Aurora Store fork of the Yalp Store did have a download button.
<https://f-droid.org/en/packages/com.dragons.aurora/>

Here are the two views on F-Droid just now, where only Aurora works:
<https://i.postimg.cc/VNtC70p7/permission09.jpg>

I do _love_ very much that the "Auroroa Store" allows me to download Google
Play apps WITHOUT having a Google login!

I've been deleting my logins and then temporily creating new arbitrary
google logins whenever I needed Google Play apps, but if this Aurora Store
idea works, it's FANTASTIC (as long as Google doesn't break it).

Apparently with the Aurora Store, you get an "anonymous" ID.
<https://i.postimg.cc/nzZC0Rvz/permission10.jpg>

This is a boon to privacy!

> Your phone falls under the somewhat difficult category for this.

Thanks for running the research for the LG Stylo 3 Plus.

The _first_ phone, IMHO, to put a custom ROM, should be one that is _easy_
where your advice to obtain an easy phone is apropos.

The advantage of an easy phone would be that it would be a second phone
anyway, so the downtime to solve issues wouldn't happen, and even if it
did, since it would be a second phone, it wouldn't matter.

I do have a Moto G and a Samsung Galaxy S3 (both of which were in the
_easy_ category, as I recall), but the Moto-G got crushed for the most part
so the screen is barely visible, and the S3 broke the internal battery
contacts after years of charging batteries outside the phone.

Thanks for your thoughtful advice.
o If I do it, I'll likely pick up a used "easy" phone first!

[s|b]

On Wed, 27 Mar 2019 05:58:39 -0000 (UTC), arlen holder wrote:

> What "Android security patch level" is your Android phone currently at?

April 5 2019

Apparently, Google operates in the future since I downloaded and
installed this _yesterday_ (April 2).

--
s|b

[John McGaw]

On 3/27/2019 1:58 AM, arlen holder wrote:
> What "Android security patch level" is your Android phone currently at?

snip...

> What "Android security patch level" is your Android phone currently at?
>

It just jumped to "April 5, 2109" and since it is now the evening of April
3rd, it appears that Google has finally invented the time machine they've
been trying for. Or they have a defective calendar...

[Arlen Holder]

In response to what John McGaw <Nob...@Nowh.ere> wrote :

> It just jumped to "April 5, 2109" and since it is now the evening of April
> 3rd, it appears that Google has finally invented the time machine they've
> been trying for. Or they have a defective calendar...

Maybe I'm just noticing it more, but my Android Moto G7 has asked me to
reboot for updates quite frequently lately.
o <https://i.postimg.cc/vHTvLyt5/update01.jpg>
o <https://i.postimg.cc/1zG053y1/update02.jpg>

Are they also updating your Android device a bit too frequently lately?
--
Usenet is a public forum to ascertain what many others are experiencing.

[Arlen Holder]

Motorola/T-mobile is updating the hell out of my Moto G7.
o Just a couple of weeks ago they updated me to Android 10

Today, they updated my security patch level of June 1, 2020
o Current version: QPUS30.52-23-4 (whatever that indicates)

[123456789]

Arlen Holder wrote:

> Motorola/T-mobile is updating the hell out of my Moto G7. Just a

> couple of weeks ago they updated me to Android 10

My Samsung Galaxy Tab S4 (purchased Jan 2019) was updated to Android 10
on 6-26-20. My phone came with it when obtained last September.

> Today, they updated my security patch level of June 1, 2020

The security patch level on both devices say June 1, 2020.

> Current version: QPUS30.52-23-4 (whatever that indicates)

Current version on my tablet reads T830XXU4CTF5/T830OXM4CTF5. On my
phone there are 9 lines of numbers and letters. I agree...whatever that
indicates... :-/

[Arlen Holder]

On Thu, 4 Jul 2019 07:21:42 -0000 (UTC), Arlen G. Holder wrote:

> My 2-year old LG Stylo 3 Plus is at Android 7.0, "Android security patch
> level", February 1, 2019, Kernel version 3.18.31.

That was a year ago where they were updating my $130 LG Stylo 3 Plus far
too frequently for my tastes (I try to leave iOS on the OS it was born
with).

But if I had thought the LG Stylo 3 Plus (T-Mobile) updated too
frequently...

This constant Android update is even worse with my $100 Moto G(7)!
o <https://i.postimg.cc/pTMh6H1w/update02.jpg>

They repeatedly keep updating my Motorola phone every couple of months!
o <https://i.postimg.cc/Qtg9Ly2H/update03.jpg>

[Arlen Holder]

On Sat, 26 Sep 2020 11:10:33 GMT, Dee wrote:

> Those both are Android OS updates (whether just security patch or
> full OS upgrades), so I would say the first one to your LG Stylo 3
> Plus came to you from LG (who got it from Google and then tweaked
> it), and the second one to your Moto G7 came to you from Motorola
> (who got it from Google and then tweaked it).

Hi Dee,
Regarding this thought-provoking question thread:
o When we talk of Android updates, what kinds of updates are we talking about?
<https://groups.google.com/forum/#!topic/comp.mobile.android/WaKaaPHM_Qs>

I apologize if I ask a basic question, where I get that they're Android OS
updates of some sort (e.g., a minor subversion of the major version).

But _who_ gave them to me?
o Didn't the carrier give them to me?

That is, is _this_ the sequence for those minor OS updates?
1. Google created it and gave it to LG
2. LG did something with it, and then gave it to the carrier
3. The carrier (in this case, T-Mobile) pushed it to me

Is _that_ the sequence for those myriad minor OS updates?

> You said you "recently got" the Android 10 upgrade on your Android 9
> Moto G7. How recently? In your screenshot the security patch says
> August 1, 2020. Yet Android 10 was released in September, 2019. So
> Motorola took at least 11 months to tweak the code before they
> released it to you.

My mistake. It was more recent. Let me look it up for you.
1. I bought the $100 Moto G7 on Black Friday 2019 from Google
2. It came with Android 9 at that time in late November 2019
3. Someone (the carrier?) pushed Android 10

See details here, dated July 3, 2020:
o Those on Android 10... is it worth upgrading from 9 to 10?
<https://groups.google.com/forum/#!topic/comp.mobile.android/X65cMyzAn-g>

In that thread, I quoted a bunch of cites explaining that update:
o Motorola finally starts rolling out Android 10 for the Moto G7 & Moto G7 Power
<https://www.androidcentral.com/motorola-finally-starts-rolling-out-android-10-moto-g7-and-moto-g7-power>
o Motorola timidly starts updating the Moto G7 and G7 Power to Android 10
<https://www.phonearena.com/news/motorola-moto-g7-g7-power-android-10-updates_id124496>
o *Which Motorola phones will get upgraded to Android 10?*
<https://www.trustedreviews.com/news/when-will-motorola-phones-get-upgraded-to-android-10-3941399>
etc.

Personally, given I keep my iPads as close to the iOS they were born with,
I think they push updates to Android too frequently for my personal taste:
o Are they updating your Android device too frequently lately? May 12, 2020
<https://groups.google.com/forum/#!topic/comp.mobile.android/a_62P0R-O6M>
Where I had posted these images in May:
o 01Feb2020 update <https://i.postimg.cc/vHTvLyt5/update01.jpg>
o 04Apr2020 update <https://i.postimg.cc/1zG053y1/update02.jpg> on May12

By way of summary, I'm thoroughly confused because they update my phone so
frequently I can't easily keep track of who is updating what from where.

1. What is it that is updated? (e.g., the OS, a patch, an app, a framework)
2. Who gives it to us? (e.g., Google, the carrier, or the developer)
3. How do they give it to us? (pull from somewhere or push to our phone)
4. Where does it sit? (e.g., an app repository or pushed to our device)
--
See also:
o What "Android security patch level" is your Android phone currently at?
<https://groups.google.com/forum/#!topic/comp.mobile.android/WKsE8UROGOA>
Which contains these screenshots of my Moto G7 updates:
o 06Jun2020 update <https://i.postimg.cc/pTMh6H1w/update02.jpg>
o 01Aug2020 update <https://i.postimg.cc/Qtg9Ly2H/update03.jpg>