Community

EricV1

I have a Z1, that is uptodate (all system patche from sony applied, systeme said to be up-to-date when manually checked) and still is is vulenrable to:

The vulnerability quadrooter from checkpoint still mention the phone is affected by following CVE:
CVE-2016-2059
CVE-2016-2504

Beside this one the bluetooth bug called blueBorne is probably there as it needs a linux kernel fixes that has been issued in 2017

BlueBorne Vulnerability Scanner by Armis says the phone is vulnerable

Then of course for WiFi : you have Krack weher all wpa cleint should patches their wpa_supplicant code that is used by android.

So far no word for a fix comming from sony.

Uliwooly

@EricV1

The phone has reached its EOL, there won't be any further updates, that's probably why.

EricV1

This is a miserable anwser : when I pay a phone the price of a PC, I can expect more than 18 months services.

With aPC, I get neraly 10 years windows support and they are not more expensive and even more complex. So Sony is making a very poor jobs for the money they got for such an expensive phone. Atelephone is like a PC and service duration has no reason to be different. Sony shoud shift its way of envisonning phone support. There are phone with less memory that run android 6, why do they refuse to support it on this phone? Money money money.

Last time I buy a Sony phone and will probably advertise this in customer reviews for Sony phones in several places. As money is the only driver, they will be hit were it hurts after a while.

Uliwooly

@EricV1

The Xperia Z1 was released 4 years ago (September 2013), it makes sense that it has reached its EOL, it doesn't matter if you bougth the phone yesterday, the phone was released 4 years ago. Just like if you buy a brand new computer running XP today, it won't change the fact that Microsoft won't release any further patches for XP.

But please do check other brand forums and do some google here and there to see how long other brands support their devices, it seems to be about 2 years.

Xperia Z1 was released with Android 4.2 Jelly Bean

Android 4.2 Jelly Bean > 4.3 Jelly Bean > 4.4 KitKat June 2014 > 5.0.2 Lollipop 2015 > September 2015 5.1.1

As you can see it received updates for 2 years, and 2 major Android updates.

EricV1

The Xperia Z1 was released 4 years ago (September 2013), it makes sense that it has reached its EOL, it doesn't matter if you bougth the phone yesterday, the phone was released 4 years ago. Just like if you buy a brand new computer running XP today, it won't change the fact that Microsoft won't release any further patches for XP.

That maazing how people don't get it : a phone is not just another consummer device. It replace a PC, contains a lot of credentials. You can pay with it, there are more and more banking applications and could at the replace credit cards. If I buy a PC with XP (I do not know how it was 4 years ago but 7 was already there), I can get windows 7 or 10 if I pay. Here, allthough the phone is capable of running android 6, it is not suported. I have to root my device to put the fixes in.

So it is clear, Sony does care about security at all. I do not say it is not true for many other brands, but I have a Z1 that costed me around 600€ and it is now full of well known security bugs. My wife has a OnePlus and they are much more reactive...

I hope consummer will realize a phone must have security fixes as a PC has.

najodleglejszy

@EricV1 the thing is, smartphone parts manufacturers (for example Qualcomm, SoC provider) don't support their products for as long as, say Intel supports their desktop CPUs. without appropriate drivers it's impossible to continue releasing new updates for the phones.

Uliwooly

@EricV1

Interesting approach, your first reply was:

@EricV1 wrote:
This is a miserable anwser : when I pay a phone the price of a PC, I can expect more than 18 months services.

Which I pointed out that the phone was supported for about 24 months

Xperia Z1 was released with Android 4.2 Jelly Bean September 2013

Android 4.2 Jelly Bean > 4.3 Jelly Bean > 4.4 KitKat June 2014 > 5.0.2 Lollipop 2015 > September 2015 5.1.1 As you can see it received updates for 2 years (24 months), and 2 major Android updates.

Snapdragon 800 won't update to 7.0 at least Qualcomm won't support it nor Google allow it

Devics with Snapdragon 800

LG G Pro 2 Released April 2014 4.4.2 last update 5.0.1

*Google Nexus November 2013 Adroid last update 6.0

Samsung Galaxy Note 3 September 2013 Android 4.3 last update 4.4.2

ZTE Grand S Pro June 2014 Android 4.3 last update 4.3

LG G Flex Februrary 2015 Android 5.0 last update 6.0

Acer Liquid S2 August 2013 Android 4.2.2 Last update 4.2.2

Flagships 2013

HTC One February 2013 Android 4.1.2 last update 5.0 (Snapdragon 600)

Samsung Galaxy S4 March 2013 Android 4.2.2 last update 4.4.2 (Snapdragon 600)

Sony Xperia Z Ultra June 2013 Android 4.2 lasy Xperia Z1 update 5.1 (Snapdragon 800)

Motorola Moto X August 2013 Android 4.2.2 last update 5.1 (Snapdragon S4 Pro)

Sony Xperia Z1 September 2013 Android 4.2 lat update 5.1 (Snapdragon 800)

*It makes sense that a nexus device gets more support than other brand

If you go back to the example of computers, you have to remember that you are using a computer that was made to run XP not vista, not 7 not 8 nor 10, so we are referring to a phone that was made to run Android 4.2 and then was updated to a newer Android Flavor Android 4.3 and then to a new flavor Android 5.0/5.1 Lollipop, and it was supported for 2 years/24 months

@EricV1 wrote:
This is a miserable anwser : when I pay a phone the price of a PC, I can expect more than 18 months services.

There are computers running Windows XP and even there are new security patches needed, it won't happen, that platform its dead.

@EricV1 wrote:
... I do not know how it was 4 years ago but 7 was already there...

Perhaps we should leave the computer comparison aside and concentrate to Android

I understand that you are concern that your Xperia Z1 won't receive any more security patches, but there won't be any more updates on old devices that have reached EOL, that's how it is with any other brand, you can go to a different forum and check if there will be new updates on EOL devices, just be objective.

With all that said, there's a way around it, the phone has reached EOL, BUT, you could look into a custom ROM, check the XDA forum.

EricV1

@najodleglejszy wrote:
@EricV1 the thing is, smartphone parts manufacturers (for example Qualcomm, SoC provider) don't support their products for as long as, say Intel supports their desktop CPUs. without appropriate drivers it's impossible to continue releasing new updates for the phones.

Well, well I suspect qualcomm does support its chips for five years, so not sufficient to explain this plus, the BleuBorne fix is in the protoccol part of the bluetooth stack not tied to any chipsets and the fix for WiFI is in wpasupplicant that is also not directly tied to any supplier. For quadrooter fix, I can check as I append to meet qualcomm several for several other matters.

EricV1

@uliwooly wrote:
@EricV1

*It makes sense that a nexus device gets more support than other brand
But this makes the answer regarding SOC support invalid

I do not ask for a new android version, I ask for fixes that do not require to deploy a new android version. And the fact that some other brand do the same bad job as sony does is NOT an answer.

Again blueborne needs a patch in the bluetooth stack and the Krack WiFi bug just need patches to wpasupplicants. If you do deliver open source correctly for kernel and GPL stuff, I could probably do the patches myself... So it means Sony is just lasy.

Uliwooly

@EricV1

You are in luck, you can get in contact with Sony Android Devs

/t5/Developer-World/ct-p/DeveloperWorld

Just wondering, which devices that were released in 2013 will get this security updates? And which devices with Snapdragon 800 will get those security patches?

I'm not trying to argue with you, I genuinely want to know which other devices