To update or not to update the firmware on a personal phone, everyone decides on their own.
Someone puts CyanogenMod, someone does not feel like the owner of the device without TWRP or jailbreak.
In the case of updating corporate mobile phones, the process should be relatively uniform, otherwise even Ragnarok will seem like fun to IT people.
Read about how this happens in the "corporate" world under the cut.
Brief LikBez
iOS-based mobile devices receive regular updates similar to devices running Windows, but at the same time:
- updates come out less frequently;
- Most devices receive updates, but not all.
Apple releases iOS updates for most of its devices at once, except for those that are being discontinued. Apple also supports its devices for quite a long time. For example, even iOS 14 will receive the update. iPhone 6s, released in 2015. Of course, it's not without its flaws, like forced slowdowns of older devices, which, allegedly, was done not to force you to buy a new phone, but to extend the life of the old battery... But in any case, it's better than the situation with Android.
Android - is essentially a franchise. The original Android from Google is only found on Pixel devices and budget devices that participate in the program Android One. On other devices, only derivatives of Android – EMUI, Flyme OS, MIUI, One UI, etc. This diversity is a major problem for the security of mobile devices.
For example, the "community" finds another vulnerability in Android or the underlying system components. The vulnerability is then assigned a CVE number, the discoverer receives a reward through one of Google's bounty programs, and then Google releases a patch and includes it in the next release. Android.
Will your phone get it if it's not a Pixel or not part of the program? Android One?
If you bought a new device a year ago, then probably yes, but not right away. Your device manufacturer will still need to include Google's patch in their build. Android and test it on supported device models. Top-end models receive slightly longer support. Everyone else should just refrain from reading the CVE database in the morning, lest they ruin their appetite.
The situation with major updates Android, as a rule, it's even worse. On average, a new major version makes it to mobile devices with custom Android no less than a quarter, or even more. So the update Android Google's 10 was released in September 2019, and devices from various manufacturers that were lucky enough to qualify for the update continued to receive it until summer 2020.
Manufacturers can be understood. The release and testing of new firmware is a cost and not a small one. And since we have already bought the devices, we will not receive additional money from us.
It remains ... to force us to buy new devices.
Leaky assemblies Android individual manufacturers caused Google to change its architecture AndroidTo deliver critical updates independently. The project is called Google Project Zero; it was written about on Habr about a year ago. The feature is relatively new, but it has been built into all devices running Google services since 2019. Many people know that these services are paid for by device manufacturers, who pay royalties to Google for them, but few know that it's not limited to commerce. To obtain permission to use Google services on a specific device, the manufacturer must submit its firmware to Google for review. Google, however, does not accept firmware with ancient versions for review. AndroidThis allows Google to push its Project Zero onto the market, which we hope will Android devices more secure.
Recommendations for corporate users
In the corporate world, not only public applications available on Google Play and the App Store are used, but also applications of their own development. Sometimes the life cycle of such applications is terminated at the moment of signing the act of acceptance and transfer and payment for the developer's services under the contract.
In this case, installing a new major OS update often causes such job-is-done applications to stop working. Business processes come to a halt and developers are rehired until the next problem occurs. The same thing happens when corporate developers do not have time to adapt their applications to a new OS in time, or a new version of the application is already available, but users have not yet installed it. In particular, class systems are designed to solve such problems. .
UEM systems provide operational management of smartphones and tablets, timely installing and updating applications on the devices of mobile workers. In addition, they can rollback the application version to the previous one if necessary. The ability to roll back a version is an exclusive feature of UEM systems. Neither Google Play nor the App Store provide such an opportunity.
UEM systems can remotely block or delay mobile device firmware updates. Behavior varies by platform and device manufacturer. On iOS in supervised mode (read about the mode in our ) you can delay updating up to 90 days. To do this, it is enough to configure the appropriate security policy.
For Android On Samsung devices, you can disable firmware updates for free or use the additional paid E-FOTA One service, which allows you to specify which OS updates to install on devices. This allows administrators to pre-test the behavior of corporate applications on new firmware updates for their devices. Understanding the complexity of this process, we offer our customers a service based on Samsung E-FOTA One, which includes testing the functionality of target business applications on the customer's device models.
For Android Unfortunately, other manufacturers' devices do not have similar functionality.
You can prohibit or postpone their update, except perhaps with the help of horror stories, such as:
"Dear users! Don't update your devices. This may cause applications to fail. If this rule is violated, your calls to the technical support service will NOT be considered / listened to!.
One more recommendation
Follow the news and corporate blogs of manufacturers of operating systems, devices and UEM platforms. Just this year, Google decided from supporting one of the possible mobile strategies, namely a fully managed device with work profile.
Behind this long title lies the following script:
Before Android 10 UEM systems fully managed device И the workers profile (container)A that contains enterprise applications and data.
Since Android 11, full control functionality is only possible OR device OR working profile (container).
Google explains the innovations by concern for the privacy of user data and their wallet. If there is a container, then the user's data must be out of sight and control by the employer.
In practice, this means that it is now impossible to find out the location of corporate devices or install applications that the user needs to work, but do not require placement in a container to ensure the protection of corporate data. Or for this you have to abandon the container ...
Google claims that this access to personal space deterred 38% of users from installing UEM. Now UEM vendors are left to “eat what they give”.
We prepared in advance for innovations and this year we will offer a new version , which will take into account the new requirements of Google.
Little known facts
In conclusion, a few more little-known facts about updating mobile OS.
- Firmware on mobile devices can sometimes be rolled back. As search phrase analysis shows, the phrase "how to restore" Android" is searched more often than "update" Android" It would seem impossible to roll back the minced meat, but sometimes it is possible. Technically, rollback protection is based on an internal counter, which does not increase with each firmware version. Within the same value of this counter, a rollback becomes possible. This is what concerns AndroidThe situation is slightly different with iOS. You can download an iOS image for a specific version for a specific model from the manufacturer's website (or countless mirror sites). To install it wirelessly using iTunes, Apple must sign the firmware. Typically, in the first few weeks after the release of a new iOS version, Apple signs previous firmware versions so that users whose devices are experiencing issues after the update can revert to a more stable build.
- At a time when the jailbreak community had not yet spread to large companies, it was possible to change the version of the displayed version of iOS in one of the system plist. So it was possible, for example, to make iOS 6.2 from iOS 6.3 and vice versa. Why this was necessary, we will tell in one of the following articles.
- The general love of manufacturers for the program for flashing Odin smartphones is obvious. The best tool for flashing has not yet been made.
Write, discuss, ... maybe we can help.
Source: habr.com
