What gives with the lack of security patches for the galaxy S9?
ACRA42
Enthusiast - Level 2

What gives with the lack of security patches for the galaxy S9? It's now May 29th and we're still stuck with the February 1st security patch. This is not cool at all! This is a recently released flagship phone for godsakes! There needs to be monthly patches. The list of vulnerabilities that Google has patched is crazy! Verizon needs to step up fast. At least let us know the reason for the hold up - and not just some canned answer either. If Verizon can't deal with the pace, then quit adding the bloatware, get out of the way, and let Google handle it.

0 Likes
Re: What gives with the lack of security patches for the galaxy S9?
Ann154
Community Leader
Community Leader

SAMSUNG is the one writing the updates not Verizon Wireless. VZW can only release the update when it has been completed by Samsung.

You could have avoided this issue if you had chosen to purchase a a Pixel phone instead.

I'm most definitely NOT a VZW employee. If a post answered your question, please mark it as the answer.

Re: What gives with the lack of security patches for the galaxy S9?
ACRA42
Enthusiast - Level 2

Galaxy S9 phones in European markets are receiving security updates and more. As far as I know it's just the US customers not getting the patches. On samsung's website they list the galaxy S9 updates. So I would have to say the carriers here are at fault. The patches are available, but the carriers have yet to push them for whatever reason. It's asinine.

0 Likes
Re: What gives with the lack of security patches for the galaxy S9?
Ann154
Community Leader
Community Leader

Samsung writes the updates for each of their device models separately. Just because they have completed the European version of the phone doesn't mean they are completed with the US models.

I'm most definitely NOT a VZW employee. If a post answered your question, please mark it as the answer.

Re: What gives with the lack of security patches for the galaxy S9?
vzw_customer_support
Customer Service Rep

@Ann154, we truly appreciate you taking the time to help out our fellow community members.

 

@ACRA425,

 

Making sure your phone has the latest updates is vital, so I understand your concern. 

 

Once any new update is available, it is systematically pushed to all devices. You can view the most current software version for all devices here http://spr.ly/6584D9hkC. I show that the most recent update for the S9 was on 3/10/18. Visit http://spr.ly/6585D9hkh for more info. 

 

Are you having any issues with the phone? 

 

JohnB_VZW

Follow us on TWITTER @VZWSupport

If my response answered your question please click the _Correct Answer_ button under my response. This ensures others can benefit from our conversation. Thanks in advance for your help with this!!

0 Likes
Re: What gives with the lack of security patches for the galaxy S9?
TheS1R
Contributor - Level 2

Unfortunately, VZW is not pushing out security updates for the Samsung Galaxy S9/S9+ in a timely manner. The "latest" firmware for my Galaxy S9+ is dated 10 March 2018, which includes Android® Security Patch Level of 2018-02-01 (nearly four months old). Samsung has released three (3) subsequent security updates since the 1 February baseline (dated 1 March, 1 April, and 1 May 2018 since that time, and the 1 June update will be released in a few days) -- each of these updates addresses multiple Critical (as well as additional High, Moderate, and Low) level Common Vulnerabilities and Exposures (CVEs). Unfortunately, security updates are more than just "everything (being) okay with your phone" or noticeable performance issues. They are just as important as (and probably more important than) functional updates affecting the usability of the device. Just ask Equifax about the effect of unpatched systems on their customers, their reputation, their stock value, etc.

Samsung releases security updates for Android OS related security issues released by Google as well as patches for Samsung-specific security issues on a monthly basis for "current" models (defined as Galaxy S series (S9, S9+, S8, S8+, S8 Active, S7, S7 edge, S7 Active, S6 edge+, S6 Active), Galaxy Note series (Note 8, Note 5), and Galaxy A series (A5 (2016), A5 (2017), A8 (2018)). The updates are dated the first day of each month, and they are typically released (i.e., made available to carriers) by Samsung within a few days (reference https://security.samsungmobile.com/workScope.smsb).

Verizon definitely has the latest (dated 1 May 2018) as they have already released updates on 23 May 2018 for both the Galaxy S8 and S8+ including Android® Security Patch Level of 2018-05-01:

(https://www.verizonwireless.com/support/software-updates/)

The security updates released by Samsung to the carriers are OS-specific, not device specific. Every other "current" Samsung device supported by Verizon Wireless has security updates newer than those on the Galaxy S9 and S9+ (dated 1 February 2018).

Re: What gives with the lack of security patches for the galaxy S9?
TheS1R
Contributor - Level 2

More specifically, US Verizon customers are not receiving security updates. Other carriers have released more recent security updates to their customers.

Re: What gives with the lack of security patches for the galaxy S9?
bsykes76
Enthusiast - Level 1

Verizon should be embarrassed that as of tomorrow (June 1st), Verizon S9s will still be on a security patch from 4 months ago. 4 more patches have been released by Samsung since then and Verizon still has yet to push any of them to their customers.

Re: What gives with the lack of security patches for the galaxy S9?
bsykes76
Enthusiast - Level 1

Samsung HAS released monthly security patches fella. In fact, tomorrow should be June's security patch. It is Verizon who is not pushing them to customers 

Re: What gives with the lack of security patches for the galaxy S9?
ACRA42
Enthusiast - Level 2

Thank you TheS1R for the excellently supported responses. It's plain as day the US carriers are not up to the task of managing the security updates of the devices in their lineup. The update cycle needs to move on from what is an outdated model that relies on the carriers branding the phones. Security updates are serious business.