Welcome to our peer-to-peer forums, where owners help owners. Need help now? Visit eSupport here.

English Community

Yoga Book CommunityYoga Book (Android)
All Forum Topics
Options

8 Posts

12-04-2017

Belgium

20 Signins

170 Page Views

  • Posts: 8
  • Registered: ‎12-04-2017
  • Location: Belgium
  • Views: 170
  • Message 1 of 5

Security updates for Yoga Book (Android)

2017-12-04, 17:59 PM

A week ago, I have purchased a Yoga Book (Android version) from my country's Lenovo webshop. It is my first Lenovo product (and my first 10" tablet), which also means I am new to this forum (hi all!). So far my impressions are quite good, and the Yoga Book seems to be a very versatile device.

 

After the initial exploration, I have of course proceeded to update the operating system. I had to go through no less than 6 update steps (each of which went very smooth, though) but in the end I arrived at the latest system version (171013), which corresponds to Android 7.1.1 Nougat with a security patch level of August 1, 2017.

 

In the "Android Upgrade Matrix" (https://pcsupport.lenovo.com/be/en/solutions/ht501098), I see that the Yoga Book is listed as "Complete", i.e. no more upgrades are planned beyond Android 7 Nougat. While regrettable, this is to some extent understandable as providing an upgrade to a new Android version requires additional resource investment from Lenovo (or any other manufacturer). So we'll have to accept Nougat as the final destination for the Yoga Book, I guess.

 

However, I hope "no more upgrades" does not also mean "no more [critical] security updates"?? In particular, in the past months some critical vulnerabilities have been publicized, including (but not limited to) the KRACK vulnerability in the WiFi WPA[2] protocol (https://en.wikipedia.org/wiki/KRACK) and the BlueBorne vulnerability in the BlueTooth protocol (https://www.armis.com/blueborne/). As both affect the actual communication protocols, users are vulnerable even if they stick to safe apps and safe websites. The good news is that at least KRACK should be easy to patch, because as far as I understand only a single Linux component needs to be updated (which is the reason that LineageOS was able to release a patch in a matter of days, even ahead of Google).

 

All of which brings me to my questions. In general: what is the Lenovo policy in this matter, i.e. how long are devices still eligible to receive security patches after their final Android upgrade? And specifically, can we still expect security patches for the Yoga Book - even if not all, at least the most critical patches (including against KRACK and BlueBorne)? Thanks a lot in advance for any information/feedback!!

Reply
Options

26 Posts

05-24-2017

United States of America

46 Signins

397 Page Views

  • Posts: 26
  • Registered: ‎05-24-2017
  • Location: United States of America
  • Views: 397
  • Message 2 of 5

Re: Security updates for Yoga Book (Android)

2017-12-04, 21:13 PM

I'd be curious to hear Lenovo's answer also, but FWIW the date on this article is 11/28/17, and the latest update I'm not even sure if it was available then? I think it actually might have come out after that - I hadn't heard about it till today. (Also FWIW Android Police basically derided the Android O updates on that matrix as utterly unrealistic).

Reply
Options

8 Posts

12-04-2017

Belgium

20 Signins

170 Page Views

  • Posts: 8
  • Registered: ‎12-04-2017
  • Location: Belgium
  • Views: 170
  • Message 3 of 5

Re: Security updates for Yoga Book (Android)

2017-12-04, 21:55 PM
Hi mkrishnan, thanks for the reply and the link! The date on the Upgrade Matrix article looks to me not to refer to the date the article was first created, but last modified - so it probably will keep changing e.g. as new devices are added. But given that the Yoga Book is mentioned as "Complete", I fear that it is rather unlikely that will change upgrade-wise. Hence Nougat will probably be the final Android version for the Yoga Book.

However, manufacturers can (and should) still provide Google's security patches even for older Android versions. In fact, Google provides security patches for versions as old as Android 4.4 KitKat (https://en.wikipedia.org/wiki/Android_version_history). I'm no expert, but I would think that for manufacturers, the effort (in development and testing) to incorporate Google-provided patches in their update delivery mechanism is magnitudes lower than the effort for actual Android version upgrades. And for the users, having the latest Android version is just nice-to-have (more features, more capabilities), whereas having a secure device is fairly essential (even if we don't always realize it).
Reply
Options

8 Posts

12-04-2017

Belgium

20 Signins

170 Page Views

  • Posts: 8
  • Registered: ‎12-04-2017
  • Location: Belgium
  • Views: 170
  • Message 4 of 5

Re: Security updates for Yoga Book (Android)

2017-12-19, 0:43 AM

Hi Lenovo, can you reply please? My questions can only be answered by Lenovo itself, not by other users. To summarize, my questions are: what is the Lenovo policy regarding how long devices are still eligible to receive security patches after their final Android upgrade? And specifically, can we still expect security patches for the Yoga Book - even if not all, at least the most critical patches (including against KRACK and BlueBorne)? Thanks a lot for your reply.

Reply
Options

41 Posts

11-21-2014

Netherlands

105 Signins

722 Page Views

  • Posts: 41
  • Registered: ‎11-21-2014
  • Location: Netherlands
  • Views: 722
  • Message 5 of 5

Re: Security updates for Yoga Book (Android)

2018-09-23, 6:40 AM

Yes please send us our security patches

Reply
Forum Home

Community Guidelines

Please review our Guidelines before posting.

Learn More

Check out current deals!

Go Shop
X

Save

X

Delete

X

No, I don’t want to share ideas Yes, I agree to these terms