Google has declared that Android is evolving, and as part of that evolution, the latest version of the OS that will be launched in just a few weeks’ time will be known as Android 10. “While there were many tempting ‘Q’ desserts out there,” said Sameer Samat, vice president of product management for Android. “We think that at version 10 and 2.5 billion active devices, it was time to make this change.” It was also the time to address a total of 193 Android security vulnerabilities that Google has confirmed require fixing with the Android 10 release.
That surprising Google’s confirmation on security flaws came by way of the official security release notes that were published to the Android Open Source Project (AOSP) security bulletin upgrade on August 20.
What’s bad news is that 193 Android security flaws required to be fixed, covering a broad swathe of promotion of privilege, remote code execution, data disclosure and denial of service categories. Out of these, two are in the Android runtime itself, another two in the library and 24 in the framework. However, the bulk is split between the Android media framework with 68 vulnerabilities and the Android system with 97. All have been marked as “moderate” severity.
Well, what’s good news is that all flaws will be fixed by the default Android 10 patch level of 2019-09-01 on the release of the latest OS. Additionally, on the positive news front, the security bulletin upgrade stated that “we have had no reports of active customer exploitation or abuse of these newly reported issues.”
The good news for 2.5 million Android fans doesn’t stop here. Earlier this year, the director of product management for Android, Stephanie Cuthbertson, stated that the then Android Q would bring “almost 50 new features and modifications focused on privacy and security.” True to her word, a complete host of new privacy and security features are indeed included as part of the Android 10 release.
Resources: Google Blog