mailto: blog -at- heyrick -dot- eu

What's in an update?

The other day, my phone told me that Samsung had made an update available for my phone. This was of interest to me given the recent issues, such as the StageFright vulnerability (that Google screwed up patching - um).

The update, an over-the-air update, was a smidgen under 90MiB and went in effortlessly. Slowly, but without issue. It was downloaded, the phone rebooted, installed, then verified all 121 apps on the phone (slowly!). The update wasn't quick, but given Android's hideous mess of an updater system, this was far far better than an entire firmware update.

To this end, Samsung are to be commended for bothering at all. My Motorola Defy had one FOTA (firmware over the air) update, that it picked up on the day I took it home. My SonyEricsson Xperia Mini Pro has never seen an update. And my Sony Xperia U was running 2.something, a version of Android that was old when I first bought the phone. There is apparently a halfhearted attempt at ICS for it, but it apparently suffers from performance issues. At any rate, it is something Orange never bothered to roll out to customers.
There is a pretty convincing economic reason why all of my other phones are running Android 2.something. The manufacturers don't care, the phone has already been sold, so this won't make them anything extra, better to concentrate on the new models (witness Sony's ICS for the U, and now go ask Cyanogen how they managed to make theirs work...). And if a manufacturer should make an upgrade available, the carriers probably won't...because piling in all that vendor-specific crap on top of the base system is time consuming and needs lots of testing, so simpler to not bother, right?

Problem is, the smartphone of today is not "a telephone". People really need to get out of the mindset of thinking of it as such. My Galaxy S5 Mini is sporting a quad-core ARM clocking between 400MHz and 1.4GHz. It is running a bastardised version of a Unix-like operating system, running "apps" in a processor agnostic language (akin to Java) in private sandboxes. It is a desktop computer, reduced in size to something akin to a pack of cigarettes. It is probably more capable than my PC running Windows (it's a crappy 1.6GHz fake-dual-core Atom). As it stands, the S5 Mini can beat the bejesus out of the lame Mobile Intel 945 Express Chipset that struggles to deal with H.264 at 720P and is totally floored by 1080P.

Anyway. I digress. The point is, a modern phone is a computer, and needs to be treated as such. We are used to regular updates to Windows and Linux, why doesn't the same sort of thing exist for mobile phones? Google needs to pull their fingers out of their asses and change Android so that it can be more easily updated. Core parts of Android that are chipset inspecific ought to be able to be patched without trauma. Certainly without the "Google makes fix -> Manufacturer builds new firmware -> Carrier adds rubbish -> user finally gets upgrade" rigmarole. I am suspecting that Samsung might get this, as the update was pushed out by Samsung without any obvious involvement from Orange.

By the way - that my Xperia U was sold with an outdated OS and no update of any form was forthcoming in the two years that I owned that phone is the reason why I didn't buy a third Sony. That and their infatuation with sticking lots of uninstallable Facebook rubbish into the phone. But, hey, you can't attach a value to alienating the user, can you?

So I wrote to Samsung's customer support to ask what was in the update. I found plenty of copies of the firmware online, it appears to be Android 4.4.2 changelog 5365191 - but can I find one single site telling me what this actually meant had changed?
Could I heck. I noticed an extra clock-like-cog in my AccuWeather app (tapping it does nothing, I wonder if it means "summer time"?).
So I asked Samsung.

The letter begins:

Nous tenons à vous remercier de l’intérêt que vous portez à notre marque et nous sommes heureux de vous compter parmi nos clients.
Basically, thanks for being interested in Samsung and that they are happy to count me as one of their users. As I said in my original review of the S5 Mini, I now understand why Apple wants to take the fight to Samsung's door. This is my fourth Android phone, and the third manufacturer I have tried. I don't have an iPhone but I do have an iPad, and I can sort of see why the Galaxy range might have blown some wind up Apple's skirt. When I first started getting to grips with my Motorola DEFY, I think my first thought was "well, this is better than that Nokia 6230i that I used to use" (that's not a compliment). I could see some potential in the idea of running apps on the device, and it was nice to have a camera better than PAL on an 8mm tape. But it wasn't quite as mind blowing as I was sort of thinking that it should have been. I mean, the ability to look at web pages while nominated driver does 90kph down a 2-by-2 in the back end of nowhere rocks, but Android... just seemed like a platform that other people shovelled crap on to.
Enter the S5 Mini. First thought? A word beginning with F. Long and slow, like Keanu Reeves would say it. This is by far my favourite, and not because it is the most recent, not because it has an ass-kicking AMOLED screen with actual black, and not because it has a quad-core ARM. But a bit of all of that, plus the impression that Samsung wanted to release something that meant something. Like, you know, the whole package. Something that has good functionality out of the box. And, remember, this is the baby S5. The "Master Compact", the "A3000".
Nous vous informons que les mises à niveau des appareils utilisant un système d’exploitation Android apportent toujours des améliorations et des fonctionnalités. Par contre, si la version d’Android n’a pas été modifiée, vous conservez les fonctionnalités et les services que vous connaissez déjà.
Nous nous trouvons dans l’impossibilité de répondre favorablement à votre demande concernant les changements survenues dans le système d’exploitation de votre téléphone.
Basically, they are always making updates to Android on the phones to improve it and expand functionality. On the other hand, she points out, that if I don't upgrade, my phone will have the functionality that I already know (duh much?).
However, they find themselves unable to respond to my demand regarding the specifics of the firmware in my phone.

She then tells me to look on their website. When there is an update, the user guide may be updated to reflect what is new. Well, no, the user guide was last updated 2014/07/11 (French), and two weeks earlier for the English version.


En ce qui concerne les éventuelles vulnérabilités sur Android (StageFright, Certifi-gate), nous n’avons aucune information à ce sujet. Nous avons toutefois bien pris en compte vos remarques et commentaires.
You might be able to translate that for yourself.

Essentially, a 90MiB upgrade was installed on my phone, and she cannot tell me what was upgraded, nor if any of the contemporary vulnerabilities have been addressed. I have no reasonable choice except to assume my phone is vulnerable. This is somewhere that Samsung is letting the side down. I'm not that bothered if this was just a set of updates to Samsung specific stuff, I would like to know so I can make some judgements as to what the state of the internal firmware is. I have turned off automatic fetching of MMS (I don't use it), and I am inclined to delete without looking at any MMS that I may receive. But that's only one of the potential vectors. I would talk about Certifi-gate, but the whole certificate authority scheme is such a mess that it isn't funny.

The message continues asking me to periodically check for over-the-air firmware, and contains this (Google translation as I'm lazy):

If there is an official update and available for your product, it will be proposed after following the steps above. If "All updates have already been installed" appears, it means you already have the latest version of Android compatible with your device. In the latter case, please try again periodically or check the automatic update of the device, which will allow you to receive notification once the update available for the device in question.
I think we are reaching the crux of the matter. This Samsung bod is probably more used to answering questions that could be resolved by the user reading the instructions. How do I turn on the flash? That sort of thing. I suspect the specifics of my question might have been something better aimed at a techie.

Hey - Samsung - you know that ARM processor inside your phone? I program stuff like that for fun.

Just to hit the point home, I go to work and wash up stuff (practically zero stress, but...practically zero pay...) then I come home and have this sort of stuff in front of my eyes when I'm not watching animé...

        ; This is it. Pulse the power to hard reset.
        STMFD    R13!, {R0-R3, R14}
        ADR      R0, msg_reset_now
        SWI      OS_Write0
        MOV      R0, #IIC_Write
        ADR      R1, reset_parameters
        MOV      R2, #2                      ; 2 bytes to write
        BL       iic_transfer
        ; set up a safety net
        MOV      R0, #100                    ; 1 second
        ADR      R1, reset_safety_net
        MOV      R2, R12
        SWI      OS_CallAfter
        LDMFD    R13!, {R0-R3, PC}

        ; in case the call to hard reset failed or was otherwise rejected
        SWI      OS_Reset
        ; could care less about preserving registers (^_^)


The tl;dr version? Easy: Samsung - if you make an update (and thank you for doing so), please put up a web page saying what is new/changed, and highlight any specific issues (vulns, bugs, crashiness) that has been resolved.
That's all.
Thank you.



Your comments:

Please note that while I check this page every so often, I am not able to control what users write; therefore I disclaim all liability for unpleasant and/or infringing and/or defamatory material. Undesired content will be removed as soon as it is noticed. By leaving a comment, you agree not to post material that is illegal or in bad taste, and you should be aware that the time and your IP address are both recorded, should it be necessary to find out who you are. Oh, and don't bother trying to inline HTML. I'm not that stupid! ☺ ADDING COMMENTS DOES NOT WORK IF READING TRANSLATED VERSIONS.
You can now follow comment additions with the comment RSS feed. This is distinct from the b.log RSS feed, so you can subscribe to one or both as you wish.

VinceH, 18th August 2015, 10:59
1. Samsung "are always making updates to Android on the phones to improve it and expand functionality" 
So why has it been so long since I last saw an update for my S3, Samsung? 
2. "could care less about preserving registers" 
I'll let David Mitchell comment on that:
Rick, 18th August 2015, 11:32
Given that call is intended to reset the machine and thus never returns, he'll have to have a pretty convincing reason why performing code that will never be executed is important. I'll watch the video this evening.
Rob, 25th August 2015, 01:57
"could care less". So you do care!
Rick, 17th September 2015, 14:37

Add a comment (v0.11) [help?] . . . try the comment feed!
Your name
Your email (optional)
Validation Are you real? Please type 42624 backwards.
Your comment
French flagSpanish flagJapanese flag
«   August 2015   »

(Felicity? Marte? Find out!)

Last 5 entries

List all b.log entries

Return to the site index



Search Rick's b.log!

PS: Don't try to be clever.
It's a simple substring match.


Last read at 04:24 on 2024/05/25.

QR code

Valid HTML 4.01 Transitional
Valid CSS
Valid RSS 2.0


© 2015 Rick Murray
This web page is licenced for your personal, private, non-commercial use only. No automated processing by advertising systems is permitted.
RIPA notice: No consent is given for interception of page transmission.


Have you noticed the watermarks on pictures?
Next entry - 2015/08/19
Return to top of page