FAQ
overflow

Great Answers to
Questions About Everything

QUESTION

Now that mobiles are being used for payment systems, I'm more concerned about the security on my Android device.

I would rather not be the first to be vulnerable to some malicious code that happened to get slipped into the firmware update that the carrier is installing on my Android mobile.

I'm presuming they occasionally are sending fixes/patches over the air (OTA) without me having to give approval before they are installed -- perhaps I'm wrong on that though.

Are firmware updates secure and I'm just being paranoid? Is there any way to block new firmware updates from getting installed right away when everyone else's is?

{ asked by Stephen Gornick }

ANSWER

To detect tampering, firmware updates are signed and (if you're using the recovery program that shipped with the phone) the signature is verified before install. After a mandatory confirmation from you that the installation should start, after a reboot, the recovery program will first verify this signature and only then install the new firmware.

Note that you will always get a prompt for a ROM update. Besides allaying security concerns and giving you a bit more control over the proceedings, this gives you the opportunity to:

So yes, firmware updates are secure and even if you are concerned, an update to the actual OS will not be installed without your confirmation.

{ answered by ctt }
Tweet