Hello Everyone,

Quite shocked that I couldn't find any mention of Stagefright on the forum. At least not in my searches.

http://arstechnica.com/gadgets/2015/...ty-armageddon/

http://arstechnica.com/security/2015...text-messages/

http://opensignal.com/reports/2015/0...fragmentation/

The fragmentation of Android Support needs to be fixed, and soon. I have ideas about this, but whether they'll be listened to, is another thing.

I think it's Google's job to persuade OEM's to change their ways. I feel this is the banking crisis all over again. Screw up royally, but yet carry on as if nothing happened...

Kind Regards,

Matthew

There's been loads of discussion about it since August it's just the forum search function is broken.

As per previous comment it's been discussed plenty.

Google provide raw android. It's up to the handset makers to decide how much to mess with it. Android is trying to move more to a place where major changes can be rolled out via apps rather than relying on OS updates but that can only go so far.

App makers such as Delicious Inc. released a stagefright workaround for their SMS apps within days of it being announced, in that case the OS didnt even need patching to carry on safely even though the underlying exploit was still present.

The vulnerability is used when the OS reads media file metadata, so fixing an SMS app is only a part of the solution. I think Alphabet needs to make most of the OS non-modifiable by OEMs and leave only skins for them. Yes, that's what made Android so popular in the first place, but one has to change their thinking if there's a billion of devices with your OS on them and you have no way of patching them.

What's it got to do with Alphabet?

I call them Alphabet now, since they own Google or whatever their relationship is.

I didn't even call it a solution, i said workaround, i made it quite clear the problem was still present.

The whole Stagefright 2.0 thing is very quiet compared to the original Stagefright 1.0 back a few months ago. It's like the media have 'reported that' and there's no more to see... Although this vulnerability is much easier to exploit and therefore worse than 1.0.

This app detects if your device is vulnerable. Zimperium are the guys who originally discovered the issue and reported it to Google back in Aug.

https://play.google.com/store/apps/d...detector&hl=en

I also find it strange that my handset manufacturer rushed out a fix for 1.0 but so far hasn't indicated anything about a fix for 2.0....

I don’t know much, if anything about Stagefright but yesterday the OH had a system update for Stagefright on her Moto G 3G Gen 1 but I have had nothing on my Moto G 4G Gen 1.

I assume this is for version 2 but like I said, I know nothing.

I suppose the bright side of this, it doesn't involve patching 950 million devices. Hopefully it will be fixed soon.


It's an oversight on Google's part (putting it politely). I feel far from in a polite mood on this issue. As it's more a case of how much crapware, and what little they have to do in order to put a device out there. Yes, it's a terribly competitive market. But few people want to make a considerable purchase and then 18 months down the line. Make another one. Not because there's anything wrong with the phone, but because the manufactures don't have the resources and / or money to support it.

A company as large as Google should be doing more to convince / persuade manufactures to do the right thing.

Unless we all make a stand together, then this mess will continue. I for one won't be buying another Android phone until it has.


Yes thinking needs to change. It's ashame and unforgivable that this wasn't done beforehand though.

Sure, it's happened now. Yet it is disappointing to see companies not showing any will to do the right thing, and look after their customers. After all they wouldn't have any profit without us.

I know it's had ample media coverage but no one has been forthcoming with providing a solution.

Makes you wonder how bad things can get before someone decides enough is enough...

Surely if this was Microsoft or Apple, there would be lawsuits flying around.

You buy an Apple or Microsoft computer. Then 18 months down the line. Nearly all models are affected. And they turn round and give you the middle finger?

The answer is simple they say, just buy another one.

It wasn't aan update for Stagefright but a newer version of Lollipop (from 5.0.2 to 5.1).

There is no sign of it now it’s been installed but I’m 90% certain it said something about Stagefright in the update and both my Moto G’s have had 5.1 along long time now and there both still 5.1 now.

Does anyone know a way of checking what system updates have taken place on Android phones ?

Check the Build number in the About page.

My Moto G 4G 1st edition is build LPB23.13-17 on Android 5.1 and IS vulnerable to Stagefright 1 and 2.