Join now - be part of our community!

Security patches is a requirement

AgSv
Visitor

Security patches is a requirement

Bought a Xperia XA2 this year. It's on the same patch level as when it was bought, 50.1.A.13.123, stable and working well, as far as I can tell. As we all know, just after a release there can be some minor things to fix, and those are often included in these updates. Nothing odd.

What is odd, however, is that going forward the only way to get security updates is to, at some point, accept an OS upgrade. Even if this can create new problems, or simply make the phone look less good. (It is possible that there is too much work to create security patches for several Android versions, but releasing a security patch must certainly include less work than a new OS version.)

This is, more or less, what the world have seen for Xperia XA2:
50.1.A.4.76
50.1.A.4.102 1 January 2018 Android security patch
2018-03: 50.1.A.5.59 1 March 2018 Android security patch
2018-06: 50.1.A.10.40 1 June 2018 Android security patch
2018-08: 50.1.A.10.51 1 July 2018 Android security patch
2018-09: 50.1.A.13.83 1 September 2018 Android security patch
2018-12: 50.1.A.13.123 1 December 2018 Android security patch
2019-02: 50.2.A.0.342 Android 9, Didn't work so well.
2019-04: 50.2.A.0.352 Android 9, incl. 1 February 2019 Android security patch
2019-05: 50.2.A.0.379 Security patch: 1 May 2019, for Android 9

Several security patches during 2018, this year not so good ... Sony Mobile's pages says the phone is up to date, with a patch that is 5-6 months old, i.e. December 2018. And if anything arrives, that will probably be together with a system upgrade to 9 incl. blue blobs in the Notification panel.

We can't rely only on updating apps via Google Play to keep a device as secure as possible. Xperia XA2 is, together with a couple other Sony mobiles, on the list of Android Enterprise Recommended devices. With this follows a couple of requirements, among them: Security update support: 90-day security updates. (And that's for a minimum of three years.)

Why even bother participating in the Android Enterprise Recommended programme, if you can't keep security patches comming within 90 days? That's with or without system updates (OS upgrades).

P.S. You have one of the most convoluted log in processes; it is quite common that people block some scripts or cookies when browsing, but, obviously, adding exceptions for sites they visit often (and trust), such at sites they register an account. In this case it was extra hard since one is sent of from sonymobile to sony.com and then back etc.

10 REPLIES 10
jokre
Visitor

Xmas coming up soon and no updates to be seen from Sony. Santa has obviuosly not gotten the list of wishes from Sony customers (that shouldn't need to be wishes at all in the first place). A total disappointment to be honest. When it comes to security updates on a platform/OS that is drenched in vulnerabilities, a major step-up is needed. This, however, is not a specific Sony problem, most Android based smartphone/tablet vendors need to take giant leaps in offering a solid platform when it comes to security. The "release and forget" attitude has to change for such vital and important components in our modern digital ecosystem. And this also without the need of buying premium devices that most people can't afford. I will prolong the device lifecycle by running LineageOS instead. I thought I wouldn't have to do that with this praticular device though, but... wisdom arrives late sometimes...