Now that mobiles are being used for payment systems, I'm more concerned about the security on my Android device.
I would rather not be the first to be vulnerable to some malicious code that happened to get slipped into the firmware update that the carrier is installing on my Android mobile.
I'm presuming they occasionally are sending fixes/patches over the air (OTA) without me having to give approval before they are installed -- perhaps I'm wrong on that though.
Are firmware updates secure and I'm just being paranoid? Is there any way to block new firmware updates from getting installed right away when everyone else's is?
To detect tampering, firmware updates are signed and (if you're using the recovery program that shipped with the phone) the signature is verified before install. After a mandatory confirmation from you that the installation should start, after a reboot, the recovery program will first verify this signature and only then install the new firmware.
Note that you will always get a prompt for a ROM update. Besides allaying security concerns and giving you a bit more control over the proceedings, this gives you the opportunity to:
- Make sure the battery is charged or that the phone is plugged into the mains.
- Back up any data you fear may be lost should the upgrade go wrong.
- Do a bit of research into the improvements in this firmware version, and decide whether it is worth your time.
So yes, firmware updates are secure and even if you are concerned, an update to the actual OS will not be installed without your confirmation.Tweet