Google Pixel XL has been end-of-life since November 2019. It hasn't received security updates for almost a year. It's not an indicator of what has been fixed in the monthly security updates and it's strange to be testing the impact of updates on a device not receiving them.
Conversation
Replying to
It’s not at all strange to test devices that are still in widespread use.
Users still need to be warned of their exposure. Mitigations can often still be provided, even in the absence of official support.
A device that went out of support recently absolutely falls in that group
1
2
Replying to
> It’s not at all strange to test devices that are still in widespread use.
That's not what I said. I pointed out that it hasn't received OS security updates for almost a year, and it's illogical to use it to test what was fixed in those OS security updates. Doesn't make sense.
1
> Users still need to be warned of their exposure. Mitigations can often still be provided, even in the absence of official support.
It's vulnerable to many far more serious issues since it hasn't received the monthly Android security updates since way back in November 2019.
1
Replying to
Then I don’t understand the point you came to make & I still don’t.
You were saying it didn’t make sense to test against a device that was out of support.
I still disagree with that assertion for the reasons I gave.
No idea what you’re nitpicking at in 2 separate tweets.
GIF
read image description
ALT
1
Replying to
You posted a tweet stating that the issue isn't fixed on Android, based on it not being fixed on an end-of-life device which doesn't receive the security updates. The paper doesn't say it wasn't fixed on Android. It says it wasn't fixed on their EOL Google Pixel XL device.
2
android.googlesource.com/platform/syste was a recent Bluetooth security fix related to the pairing process. Google Pixel XL isn't ever going to receive this since it's end-of-life and not receiving the security updates. Testing on it can't determine if this issue was fixed in Android.
1
1
1
Replying to
Next time try posting the fix if that’s the message.
Otherwise, it was just you being argumentative with no useful purpose.
Your whole tweet could have been:
It’s fixed in the latest supported Android: [URL]
I would have retweeted it, and that would have saved us both energy.
GIF
read image description
ALT
1
Replying to
I'm not familiar enough with the issue to be sure that android.googlesource.com/platform/syste is the commit fixing it. The Android security bulletins don't include as much information as they used to and the researchers don't provide the CVE assigned by Google. Article is making an assumption.
2
I was concerned about this and wanted to know whether it was fixed in Android. The article seems to be assuming it fixed because the paper determined that it wasn't on an end-of-life device in June. Even if they'd tested a Pixel 2 on the latest update, it's already September.
1
So, I'm interested to know if there's really a reason to think that it wasn't fixed. I'm not familiar enough with the Bluetooth stack to know if that pairing security fix is a fix for the same issue or another issue that seems similar. Does seem *likely* that it's a fix for this.