Solved

New Samsung S9, Feb. 1 Android security update???


Okay, this is April 7. My phone says that I'm on the Feb. 1 Android security update. These security updates are important to users, when can we expect the next "monthly" Android security update now that we're 2 months behind?

Should I have gotten the Google Pixel 2 phone instead of this one? I'm starting to feel that way. According to the research that I did before buying this phone, I was under the impression that Samsung had said that they would deliver an Android security update every month. So is it Samsung or T-Mobile that's the hold-up here?

What can I expect? Quarterly is just not good enough, if it even turns out to be quarterly.

Is there a manual method for this, like an image that I can sideload to get the latest security updates? If I unlock my T-Mobile S9 the first opportunity that I get, will that help me be able to install an image that I can get on the internet? Or am I just hosed when it comes to all those Android security exploits that I see are getting fixed every month?

I'm really frustrated...

icon

Best answer by tmo_nic 10 April 2018, 16:24

View original

61 replies

Curious Nic, now was that post supposed to mean that there IS an update getting released this week, that maybe this time around its looking like a release is underway, or was it just a means of pacifying us? With an unlocked variant I don't even know if I'm able to get any update from you regardless. However, if Samsung is really going by some rule that once all of the carriers have certified/approved an update only then will those of us with unlocked variants will get updated, it puts us one step closer to getting something. Since all we are asking for are security patches and the only two major GSM carriers ar still stuck on February patches while the CDMA variants are doing fine, it has me thinking something is wrong with these phones on networks that are primarily GSM. We would all be on the same variants as Europe with the Exxynos chips (all of which are getting updated) if it weren't for the CDMA carriers here. Correct me if I'm wrong. After reading this...

https://www.google.com/amp/s/www.sammobile.com/2018/06/18/galaxy-s8-galaxy-a6-j7-pro-update-june-patch/amp/

... I can't help but wonder what is wrong with our phones.

Will those of us with the unlocked US versions get this update too and if so when?

According to this page:

Samsung Mobile Security

the Samsung S9 is supposed to be getting monthly Android security updates from Samsung. And if you want to know how important that this is to you, click on the "Details" tab and you'll see the long list of security fixes for each month.

From this, I'm concluding that T-Mobile is the bottleneck for these updates getting to us, since T-Mobile is supposed to be getting monthly updates from Samsung. So where are they?

Not sure what I'm going to do at this point. I like my Samsung S9 and I like T-Mobile, but I really don't like this situation.

I feel your pain. I have a Galaxy Note 8 and not only have I not received Oreo, I haven't received a security update since January! If you check Android's security update page, it shows that Samsung does roll out monthly updates, so I think T-Mobile is to blame. This is really frustrating and I recommend getting your phone unlocked - straight from the Samsung website. At least then you get the update when Samsung rolls it out and not T-Mobile.

I’ve got about 20 days before I can unlock my phone, but it that looks like the right answer at the moment. Funny thing, I pre-ordered an unlocked S9 directly from Samsung, then cancelled it to get a T-Mobile S9 because I read that the unlocked phones didn’t get updated. Now I’m seeing the exact opposite. So it goes...

I’m going to do my due diligence and then decide where to go from there.

Thanks.

Badge +1

Hi mrdoh,

The Samsung S9 was released on March 16, so the S9 wouldn't receive a February or March security update because the launch occurred after the security releases. The release software should have those security vulnerabilities covered in the version at launch. The April security update was just released by Samsung on April 2, I believe. From there it takes up to two weeks to turn around the security patch due to optimizing the OS build for on network performance based on carrier settings. Unless some flaw is discovered (which happens) and it is kicked back to Samsung, I suspect you'll see the first security update for the S9 in the next week or so. You'll be able to track when the security patch becomes available for the S9 here: Software updates: Samsung Galaxy S9

Hi Themax123,

I have the Note8, and it has been receiving regular updates. Oreo was pushed from T-Mobile to Note8 users on April 2. Since you're replying on April 7, I suspect you have your automatic software updates turned off. I recommend you turn them on. You won't get a notification that a new software update is available with it turned off. Unless you remember to go in and do a manual check around the 15th of every month you're not going to know when updates are available. You can find the Note8 software version release history for the T-Mobile Note8 here: Software updates: Samsung Galaxy Note8​.

Okay, here are my expectations for monthly Android security updates...by the way, my last phone was a Pixel, so I know how and when these updates are delivered. Monthly. When I got my S9, there was an update waiting which I applied. My S9 is now at Feb. 1 security update level as a result of applying that update. There should also be a security updated dated Mar. 1 and Apr. 1. Neither of these has been delivered. It may be early for the update dated "Apr. 1", but it is late for the update dated "Mar. 1".

I did look into this on the web in the Samsung security updates pages and found that Samsung has skipped 2 months of security updates following the one that was dated Feb. 1 (security updates for January). Which would be the Android security updates for February and March. If Samsung doesn't pass along the monthly Android security updates, then we don't see them (of course).

My hope is that Samsung has not gone to a quarterly update model. My research showed before I bought the S9, that they were committed to monthly security updates. I'm not sure that seeing quarterly updates would have stopped me from buying the S9, since I was looking for both "bezel-less" and band 71 support, which is the S9...I didn't want the LG V30. But I would have known what I was getting into up front, which is a good thing.

Badge +1

Hey there mrdoh,

I wanted to follow up with you regarding software updates for your S9. I did some more research for you. I was wrong in my assumption that the March security pack was included in the launch software. I have good news though! The March security pack was approved last night, my team updated our content which is live now in the S9 and S9+ spaces. We are launching the March security update tonight around 10 PM PT. Depending on the amount of customers with devices it may take a while for the system to push the OTA out to everyone, so be patient if you don't get it right away.

On the topic of Software Updates across all the carriers, AT&T launched their March security update on 3/31, Verizon and Sprint haven't launched theirs yet. In case you want to verify my sources, I got them directly from those carriers. Here are the links if you're interested:

AT&T - https://www.att.com/devicehowto/tutorial.html#!/stepbystep/id/stepbystep_KM1253489?make=Samsung&model=SamsungG965U

Verizon - Samsung Galaxy S9 Software Update | Verizon Wireless

Sprint - https://community.sprint.com/t5/Samsung-Galaxy-S-Series/Software-Updates-and-known-issues-Galaxy-S9-9/td-p/997470#

The S9 and S9+ are on Samsung's monthly updates list so your concern about quarterly updates should get resolved. It looks like everyone is behind. I know we have plans to catch up as rapidly as possible here at T-Mobile. Looks like it's a race! I know I'm betting T-Mobile wins. We have a pretty awesome team working on this stuff, and we take our customers security very seriously.

We appreciate you here at T-Mobile. Let us know if there are any other concerns we can help with.

Well, thanks very much for the update! Much appreciated. Like the news about monthly updates, makes me happy *smile*.

Thanks again!

Sorry, but the "whataboutism" of this post is too much. I don't care about what Verizon and Sprint, or any other carrier has or hasn't done. I care about T-Mobile and what updates I'm going to get from them. As far as I'm concerned, it's May. Pixels and even the Essential Phone, a phone that has no affiliation with Google, has the May security patch, and the S9/+ status on T-Mobile is that the March patch has been pulled due to issues with the update.

So, like I said, it's now May, and T-Mobile S9s are stuck on the February security patch, going on 3 months old at this point.

Samsung promised monthly security updates for the flagship phones, S9 included. We're 3 months late and no one to answer for it. Neither Samsung, nor T-Mobile. I want information on how we can get faster updates.

And please don't give me stock answers like "we need to test updates" or "talk to samsung." There's always an answer to fixing these problems, and if that means T-Mobile or Samsung needs to take a monetary hit to achieve the things that were originally promised *before* people bought these devices, then that's what you have to do.

Okay, almost the end of May, and my T-Mobile Samsung S9 phone still has the "March 1" updates.

How about "April 1"? Is that ever coming? I'm pretty frustrated at this point. Samsung promises monthly updates, T-Mobile (see tmo_nic posting above) promises that the updates are coming.

So when are they coming? Can't wait until the next generation (3) of Pixel phones comes out, looks like i may well be going there. Google delivers their Android security updates monthly as they promise. Samsung and T-Mobile seem to be big on promises, short on delivery.

Well its June 7th and we are STILL on the February security patch T-Mobile. Reading the responses from the moderators just makes me laugh. Verizon got the patch for May. Is it time to leave you guys and take the 4 lines I pay for every month along with me because by keeping us in the dark about any serious issue preventing your customers from receiving security patches with a major flagship device leaves very little room for trust and you've already lost my respect  At this point in time we deserve a detailed explanation of what has clearly went wrong. No more scripted excuses. This is very bad.

Agreed, this very bad. Sad to hear that Verizon is doing better, I guess that’s where I belong, too. Been checking every day for a security update from T-Mobile...I’ve read about the many fixed security exploits in the updates that we’re missing. I’ll be looking into other cellular providers. Disappointing! Especially since I got the S9 specifically because of band 71 coverage. An expensive mistake on my part.

What did the tmo_nic guy say about a 2 week turnaround with Samsung? It's almost the middle of June and the S9 and S9+ are on February security patches. I noticed they abandoned this "answered" question once the May and June comments started sprouting up. TMobile and Samsung are so lucky most people are ignorant when it comes to how important these patches are. It's in the news now though.

Badge +1

Hi Landeus,

Who's abandoned the post? Not this guy...

It's important to get these things right. I don't know what the hang up is, but if every carrier in the US holds updates for months it's a pretty strong indicator that something very important was discovered and is being scrutinized thoroughly. This is the most popular selling device in the world, which stands to impact the most people if something happens.

We appreciate your patience, and understanding.

Then, as the interface between us and Samsung (who refuses to give us information), it's up to T-Mobile to push for these things for us. It's not good enough to just throw your hands up and feign ignorance.

>We appreciate your patients, and understanding.

And we appreciate a bit of proofreading.

I agree, T-Mobile owes it to their customers to get these updates to us, and to keep us informed about what's going on if there are problems. Especially as far behind as T-Mobile has been all along. You can help your customers be more patient if they're informed and know that they're waiting for a reason, not just because T-Mobile doesn't intend to pass along any more updates. Without communication from T-Mobile, there's no difference to the user between T-Mobile just not feeling like passing along the updates, or there actually being a reason why they're not doing that. At this point, I'm not feeling that T-Mobile gives a fig about these updates. I do.

I have read that Verizon (at least) is able to pass along the updates for the S9, so this isn't "all carriers". And I hate to read that Verizon users are getting updates, while all that we're getting is silence in lieu of updates. Don't know if I've said it here, but the Pixel 3 or the next round of iPhones are going to get all of my attention. And if T-Mobile doesn't deliver the updates for the Pixel 3 (assuming that they don't come directly from Google), then no more T-Mobile, as well.

I really like the S9, and T-Mobile is okay in general, too, but I'd like both a lot better if I felt that I had a secure phone. Lots of security exploits in the Samsung bulletins that go along with these updates...

Personally, I'll keep trying to communicate my dissatisfaction with T-Mobile about this, but I'll only do that for so long. Then I'll take my business elsewhere.

Badge +1

Hi Mr. Doh,

I appreciate your more professional approach to the conversation. We don't just throw our hands up and wave 'em like we just don't care. 😉

T-Mobile isn't going to produce a sub-par product. If other carriers wish to do so that is their prerogative. We also aren't going to advertise why updates aren't being rolled out as the result is making those who shall not be named aware of additional things to exploit that they may not have been aware of previously. In this case, as in many others in life, a lack of information keeps people safer. I know that's not the answer you want to hear, but, we're going to operate from the position of having the responsibility of needing to protect millions of people (because we do).

We appreciate your patience, and understanding.

That's a pretty poor defense. You don't have to give any *details* of what the update is delayed, a simple "we're working on it, but there was a flaw discovered that needs to be addressed" would definitely suffice with trying to appease customers. Hiding behind "security" doesn't help anyone.

Ok well first off T-Mobile Support RUDE AF 😠 . Secondly do you realize WE paid or are paying for a phone ergo a service FROM T-Mobile? The "I Don't Know Whats Wrong" is utter garbage. It's BEEN 61 DAYS since the march patch was pulled. If there is a problem so severe that they can not seem to correct it with any builds that have been compiled then T-Mobile needs to be forth coming with such information. You are treating your customers as if we are moronic little white snowflakes. Tell us the truth so WE can make an informed decision weather to give up hope and find a new phone/carrier or tell us that there is something in the works. If we don't get anything by the end of June we should just pull the plug on this nightmare and move on.

I have gone back to using my iPhone 8...I didn't mention that, but I feel that the security updates are put out for a reason, and if I'm not getting them, then I'm not using that phone. Pretty close to being a quarter behind at this point, which is worse than I'm willing to live with.

As has been said, you don't have to discuss the specific issues when communicating, just that you're still working on it, and a possible ETA if one's available. For example, if you've encountered a boot loop when an update is applied that is tough to fix, you can say that, that doesn't tell a hacker anything that they can use. I agree that you don't want to discuss specifics with security issues, but for heaven's sake, once Samsung issues their bulletin with all the vulnerabilities that are fixed, you could say that the cat's out of the bag. And a hacker can find out what the security update level of a T-Mobile S9 is pretty easily.

Anyways, I don't find "security by obscurity" to be the issue here, it's more like allowing customers to make informed decisions about their futures. If you don't keep us informed, we'll wander off, I guarantee it *smile*. May do that anyways, but one might stay around longer if there's an end in sight.

Badge +1

I do understand where you're coming from MrDoh. There have been extenuating circumstances that have prevented the security updates from rolling out as advertised. When I first engaged with you the solution seemed very imminent. I was also under the impression I would receive notifications, so I focused on other things. I was unaware responses were being sent to the dreaded pit of despair. As it turns out, additional things were found, and it's been delayed... ALOT. I would have engaged sooner had I realized. My apologies. I've changed my notification preferences to make sure things I engage on are no longer routed to the pit. Let's not blame the Support team. They're incredible people. I'm working to give better communication around Software Updates. This large wrinkle has given us some things we need to figure out.

At this point, I'm a bit hesitant to provide much more than, "We are very aware of how critical this is and we are working on it as quickly as possible." I've set a calendar reminder to check back on 6/15. Hopefully I'll have an update.

Thank you nic for at least saying as much as your allowed to say. The short "we will be with you as soon as Haiti freezes over so keep on checking the update website to see that it hasn't changed " you know, stuff that T-Mobile and Samsung love to throw at us because we're morons... (btw, everyone making comments here who doesnt work for T-Mobile is a very informed, very concerned, and highly intelligent individual in regards to understanding soke degree of software development, the securiry patches, software updates, etc... which is the main reason short answers are extreamely insulting...) so thanks. However, similar to a comment someone else on here said about dumping Tmobile and leaving, I'm right there with them. Say by some miracle we get a security update (say mid June) after waiting so long and we do not begin to receive *monthly* updates, I'm gone along with the $200+ I shove into T-mobile's enormous mouth every month. All 4 lines plus the watch (5 lines?) will be dropped and I will go some to anyone else whom during the same time period managed to get regular monthly updates. I will happily pay off any EIP and drop tmo like a stone. The atrocious new T-Mobile app alone is enough for me to consider leaving lol. It tells me something about what might be in charge of software development and that's scary. I hope our security isn't being sacrificed due to some issue with the new bands nobody is using anyway yet. Smh in shame.

Badge +1

You're welcome, Landeus.

I really appreciate you and Mr. Doh forging that delicate balance between frustration and communication. It's very helpful. We have a strong Support team on these forums, and they're incredible. However, we also have a lot of other people paying attention. Most prefer to lurk but some of us are a little more comfortable on a forum. I think some of the more difficult responses are a barrier to entry for most, because let's face it, this is very public. Hopefully over time people will realize T-Mobile is truly different than other carriers. I think they'd be surprised if they were aware who in the company leverage this Support community to drive improvement and amplify issues on the regular. So coming full circle, thanks! Your approach is to be applauded. I hope more follow your lead. It helps.

As for people jumping ship, I hope not. I also hope my participation (or gap in) hasn't irritating an open wound. I completely admit I dropped the ball in my follow up. I won't make that mistake again. Hopefully, most of you can forgive my 'live & learn' moment. I, and others, do listen to how Software Updates are going across all OEMs. We leverage your voices to emphasize the impact these things have.  If you can't hang around, and you need to jump to protect yourself and the three other users on your account, I understand. I might not like it, but, I get it. As of right now I'll be checking back on Friday, and setting a regular touch base going forward.

TTYS!

tmo_nic, apppreciate your sincerity and re-dedication to keeping us poor users informed *smile*. Hopefully there will be news in a couple of days, and hoping that it will be good news, as well.

Hang in there, we're all counting on you *smile*.

Reply