Motorola Community

Moto G Phonesmoto g7 play / moto g7 / moto g7 power / moto g7 plus
All Forum Topics
Options

25 Posts

12-15-2014

US

34 Signins

405 Page Views

  • Posts: 25
  • Registered: ‎12-15-2014
  • Location: US
  • Views: 405
  • Message 1 of 3

Motorola Android Update Policy? Security nightmare?!?!

2019-04-06, 1:50 AM

I keep being notified by my existing Motorola Moto G6 that the Moto G7 is now available.   But my experience with the Moto G6 leads me wondering if the Moto G7 really worth getting.

 

Let me explain in detail:

 

On March 2018, Google started providing the official Android Pie (version 9.0) and the next month on April 2018 the Motorola Moto G6 was released with what seem like a promise that it would come with updates including being able to update to Android Pie.

 

It is now a year later and the phone says that the "Device is up-to-date" with "Android version: 8.0.0" and "Security patch level: January 1, 2019"

 

If I check Google for security update information for Android 8.0, they indicate there is at least 13 Critical/High fixes in the February 2019 update, at least 24 Critical/High fixes in the March 2019 update and at least 11 Critical/High fixes in the April 2019.

 

The Motorola "Device is up-to-date" status seems to indicate that not only have I still gotten access to Android Pie but three months of critical/high security updates including vulnerabilities that allow remote code execution have not been provided either.

 

This is on a phone purchased directly as an unlocked phone without any changes to the firmware installed by any carrier.  The updates should be coming direct from Motorola but they just aren't available,

 

So what will the situation for the Motorola Moto G7 look like in April of 2020?

 

Google already has Android Q in beta testing but based on my experience with the Moto G6 it is not clear when Moto G7 will ever get Q.

 

But even more important, it is not clear why three months of critical/high security patches are missing in the Motorola "Device is up-to-date" and if the situation will be just as problematic for Moto G7 owners in April 2020.

Reply
Options

94 Posts

04-02-2019

US

316 Signins

2338 Page Views

  • Posts: 94
  • Registered: ‎04-02-2019
  • Location: US
  • Views: 2338
  • Message 2 of 3

Re: Motorola Android Update Policy? Security nightmare?!?!

2019-04-06, 2:07 AM

The G7 currently sits at January 1, 2019 security bulletin, with a few patches which appear to have caused as many problems as they have solved ( who needs LTE anyways ).

 

I should have bought a pixel.

Reply
Options

25 Posts

12-15-2014

US

34 Signins

405 Page Views

  • Posts: 25
  • Registered: ‎12-15-2014
  • Location: US
  • Views: 405
  • Message 3 of 3

Re: Motorola Android Update Policy? Security nightmare?!?!

2019-04-06, 3:19 AM

The Pixel 2 was available for $400 at some locations in the USA recently.  I didn't get it because it is still twice the price of the Moto G7.  On the GSM Arena website, the technical specifications of the Motorola Moto G7 lines up well.  It is really disappoint that Motorola would gut the NFC just for the USA market but they made the same policy mistake with the Moto G6.  The improved 15 Watt charging of the Moto G7 over the Pixel 2's charging capped at 10.5 Watts seems like a huge win for Motorola.

 

But then there is the "little" issue of Android security and if people that pay for the Moto G7 are really the owners of the phone.  If someone else can easily control what the phone does, then aren't they also the "owner."

 

The February 2019 security bulletin includes: "The most severe vulnerability in this section could enable a remote attacker using a specially crafted PNG file to execute arbitrary code within the context of a privileged process."

 

I am tempted to try to create proof of concept vCard for a fake person named "Hello Pwned-Moto" with an avatar picture that generates an email to all of the Moto user's contacts that the phone has been Pwned.  The idea someone could potentially do that and not result in Motorola expediting releasing a fix is chilling.

 

I was really hoping Lenovo would be extra careful to avoid another "Superfish" style reaction from their customers but I guess not.  Or maybe they just are making a calculated guess that leaving Motorola phones wide open to malicious PNG images won't impact their brand?

 

At this point, however, I am also regretting not having jumped on the Pixel 2 deal.  :(

 

Reply
Forum Home

Community Guidelines

Please review our Guidelines before posting.

Learn More

Check out current deals!

Go Shop
X

Save