Community

Hi. Yes, I know. That said, I think in some of those markets it was already a bit difficult to buy a Sony mobile. I also know that they have merged the mobile division with TV, audio and camera businesses, hopefully they will gain some strength from this and come back in more markets.

In this case it's also Europe, the Nordic region.

I know they cut a quarter of their workforce here last autumn, but in May this year they mentioned that they will open a global research centre here, patents, 5G, 6G etc. not so much related to this, but they also mentioned they would get global responsibility for software updates, something that has previously been shared with Japan and China. And their CEO has said that Sony smartphones are here to stay.

Five Sony XperiaTM smartphones recognized under Android Enterprise Recommended program

Android Enterprise Recommended requirements

Am from Portugal friend, and sony isn't don't update since dezembre 2018..

Sony have forgotten that some xa2 have not been updated to pie or had security updates since December 2018 

Good question. But it is far too early, in the world outside Google phones, it seems.

I was going to post a follow up to a thread I started here, at the end of this month if Xperia XA2 by then hasn't seen any updates.

Sony mobile doesn't mention what is included in their updates, changes fixes etc., but different sources on the net can usually tell us which Android security patch that has been included.

The first year, 2018, went quite good it seems, not updates every month, but at least trying to stick to the 90 days. As I understand it there were even improvements to the camera in December.

Then came Android 9, Oreo. It didn't go as well; a limited patch for some region in February, major problems for some. Then along came the May update, in late May beginning of June. This was the first contact with Android 9 on XA2 for the many. Some have still experienced one or several problems, some improvements with recorded sound in videos, but several are complaining. (I don't know myself, I'm sticking to Android 8, December security patch for the moment; then I don't know if people have tried a complete reset, when trying solve their phone problems; a new OS isn't just a monthly patch.)

After that silence. They released new phones this year, top segment and middle segment; it started well for them, they have got both the June and the July Android security patches.

I thought, after all the problems reported with Android 9 on XA2, that perhaps they would try to get an update out, and with it include the June security patch, but they didn't. (That said, Sony mobile has had some tough months or years.)

Today the 1 May security patch for Android 9, mentioned above, that was released together with updates from Sony late May/early June, is 101 days old (i.e. 50.2.A.0.379). At the end of the month (30/8), the June update, which XA2 has NOT received this far, will be 90 days old, and then Sony isn't sticking to what they have said.

I agree with you and several others, I would like to see security patches as soon as possible. For a phone such as XA2, which Sony has decided should participate in the Android Enterprise Recommended programme, even if it is a middle segment phone, it isn't enough with a security patch every third month or worse. Even better would be if they fixed their version of Android 9 so it worked with XA2 without problems and with at least as good performance as when it was working late 2018, since upgrading to Android 9 is the only way to get the security patches.

See also this thread:
/t5/Xperia-XA2/Security-patches-is-a-requirement/m-p/1375896

---

@jokre wrote:

When will affected Sony Android based products receive a security patch for the severe QualPwn vulnerability?

https://amp.thehackernews.com/thn/2019/08/android-qualcomm-vulnerability.html

---

Today, 13 August, it is less than 17 days left to 30 August, at which time it would be 90 days since the 1 June Android security patch, that didn't arrive, and the current security patch is 104 days old. During the time since the last update to XA2 from Sony, 50.2.A.0.379 which included the 1 May patch, in late May early June, other phones, "flagships" and middle segment phones, have seen both the June and the July security patches.

According to, for example, the xperia blog Sony has now started to send out new updates to a bunch of phones, including XA2. About time! However, according to them it is still not known, if the new update, 50.2.A.0.400, will include the security patch for August, or if it will be the July update (as is the case for the older phones XZ1 & XZ Prem.); Xperia 1, 10, XZ2, XZ3 and L2 will be receiving an August patch included in the update it seems.

That said, the CVEs discussed in the article that @jokre linked to above (CVE-2019-10538, CVE-2019-10539, CVE-2019-10540) are included in the security patch level of 2019-08-05, not in the 2019-08-01 security patch level. So even if XA2 is to get an August security update (and hopefully some non-security related tweaks to fix issues people have seen), it will probably be at the 2019-08-01 patch level (as Xperia 1, 10, XZ2, XZ3); Xperia L2 for some reason gets the 2019-08-05 patch level (as it did with the May update).

I can confirm my xa2 (customised uk H3113) got the 50.2.A.400 update this morning and its now on security update 1st August 

As per https://source.android.com/security/bulletin/2019-08-01 , Qualpwn isn't patched on the last update available (August 1st). That would leave this phone vulnerable for the next 90 days; my opinion is that it is bad enough to deserve an out of band update (and I am in fact switching phones because of it).

Fwiw I'm on that same August 1st update for a uk dual SIM h4113 xa2.