[FF22]

This is either an ***** or a moron. The response is that Google reveals the needed security patches, the phone manufacturers then create the patch for their version of Android and send it to the carrier who sells the phone to "test" and release to their subscribers.

What Verizon wrote to you, Laura is a smoke screen in the hopes that you will go away. It's a crock! Hope you call them on it by quoting BlackBerry and their releasing of Marshmallow and all security updates to Verizon.

Someone have the link to the BB blog where they announce/show the patches that they've issued?

[Av8orbb]

September 2016 BlackBerry powered by Android Security Bulletin ? September 2016
August 2016 BlackBerry powered by Android Security Bulletin ? August 2016
July 2016 BlackBerry powered by Android Security Bulletin ? July 2016


search for 'security bulletin' on Search Results | BlackBerry Knowledge Base

[Av8orbb]

I can no post URL .. so search for security bulletin on support . blackberry . com/kb/

Article 000038411 -> September 2016
Article 000038360 -> August 2016
Article 000038293 -> July 2016


or go to us.blackberry.com / content / blackberry-com / en_us / enterprise / products / incident-response-team.html
and scroll down

[anon(757282)]

My complaint was strictly on the failure to provide security updates. So they cannot bring up MM since this is not the subject of the complaint.

Stay on VZN with your complaints.

Posted on my Still Awesome Z30

[ggendel]

Verizon responded and the FCC closed my complaint. Here is the key portion of Verizon's response:

"Verizon Wireless does not have any access or authorization to the customer's security updates provided by Google. She would need to contact Google directly regarding any security updates that she believe has been released that she has not received. There is no further action required by Verizon Wireless."

The PDF of the letter had a name and phone number for me to call at Verizon to discuss the issue. When I called the number and extension, I got dropped in voicemail limbo and was unable to leave a message.

I'll try again tomorrow. My ticket number is #1180542.

Laura

Laura,
While you've got them on the phone, read them this:

The list of vulnerabilities that were patched on this device by BlackBerry and distributed globally but Verizon won't provide to their customers:
CVE-2016-1503
CVE-2016-0837
CVE-2016-0838
CVE-2016-0841
CVE-2016-0844
CVE-2016-0846
CVE-2016-0847
CVE-2016-0848
CVE-2016-0849
CVE-2016-0850
CVE-2016-2410
CVE-2016-2411
CVE-2016-2412
CVE-2016-2413
CVE-2016-2414
CVE-2016-2415
CVE-2016-2416
CVE-2016-2417
CVE-2016-2421
CVE-2016-2422
CVE-2016-2423
CVE-2016-2424
CVE-2016-2426
CVE-2016-2427
CVE-2015-1805
CVE-2016-2428
CVE-2016-2429
CVE-2016-2430
CVE-2016-2433
CVE-2016-2438
CVE-2016-2060
CVE-2016-2439
CVE-2016-2440
CVE-2016-2441
CVE-2016-2442
CVE-2016-2447
CVE-2016-2448
CVE-2016-2449
CVE-2016-2450
CVE-2016-2451
CVE-2016-2452
CVE-2016-0705
CVE-2016-2457
CVE-2016-2459
CVE-2016-2460
CVE-2016-0774
CVE-2016-2463
CVE-2016-2464
CVE-2016-2465
CVE-2016-2468
CVE-2016-2062
CVE-2016-2475
CVE-2016-2066
CVE-2016-2469
CVE-2016-2476
CVE-2016-2477
CVE-2016-2478
CVE-2016-2479
CVE-2016-2480
CVE-2016-2481
CVE-2016-2482
CVE-2016-2483
CVE-2016-2484
CVE-2016-2485
CVE-2016-2486
CVE-2016-2487
CVE-2016-2061
CVE-2016-2488
CVE-2016-2489
CVE-2016-2494
CVE-2016-2493
CVE-2016-2495
CVE-2016-2496
CVE-2016-2499
CVE-2016-2500
CVE-2016-2505
CVE-2016-2506
CVE-2016-2507
CVE-2016-2508
CVE-2016-3741
CVE-2016-3742
CVE-2016-3743
CVE-2016-2505
CVE-2016-2506
CVE-2016-2507
CVE-2016-2508
CVE-2016-3741
CVE-2016-3742
CVE-2016-3743
CVE-2016-2108
CVE-2016-3744
CVE-2016-3751
CVE-2016-3745
CVE-2016-3746
CVE-2016-3747
CVE-2016-3748
CVE-2016-3750
CVE-2016-3752
CVE-2016-2107
CVE-2016-3754
CVE-2016-3755
CVE-2016-3756
CVE-2016-3757
CVE-2016-3758
CVE-2016-3759
CVE-2016-3760
CVE-2016-3761
CVE-2016-3762
CVE-2016-3763
CVE-2016-3764
CVE-2016-3765
CVE-2016-3766
CVE-2016-2503
CVE-2016-2067
CVE-2016-2068
CVE-2016-3775
CVE-2015-8816
CVE-2014-9801
CVE-2016-2502
CVE-2016-2501
CVE-2016-3802
CVE-2016-3803
CVE-2016-2068
CVE-2014-9803
CVE-2016-3809
CVE-2016-3811
CVE-2016-3813
CVE-2016-0723
CVE-2016-3819
CVE-2016-3820
CVE-2016-3821
CVE-2016-3822
CVE-2016-3823
CVE-2016-3824
CVE-2016-3825
CVE-2016-3826
CVE-2016-3827
CVE-2016-3828
CVE-2016-3829
CVE-2016-3830
CVE-2016-3831
CVE-2016-3832
CVE-2016-3833
CVE-2016-3834
CVE-2016-3835
CVE-2016-3836
CVE-2016-3837
CVE-2016-3838
CVE-2016-3839
CVE-2016-3840
CVE-2015-2686
CVE-2016-3841
CVE-2016-2504
CVE-2016-3842
CVE-2016-3843
CVE-2016-3857
CVE-2016-2544
CVE-2014-9904
CVE-2016-3849
CVE-2016-3850
CVE-2016-3843
CVE-2014-9903
CVE-2016-4482
CVE-2016-3853
CVE-2016-2497
CVE-2016-4578
CVE-2016-4569
CVE-2016-4578
CVE-2016-3855
CVE-2016-5340

As of 9/6, Blackberry has added the following 41 new patches which brings the total to 211 unpatched vulnerabilities by Verizon:
CVE-2016-3861
CVE-2016-3862
CVE-2016-3863
CVE-2016-3870
CVE-2016-3871
CVE-2016-3872
CVE-2016-3875
CVE-2016-3899
CVE-2016-3878
CVE-2016-3879
CVE-2016-3880
CVE-2016-3881
CVE-2016-3883
CVE-2016-3884
CVE-2016-3885
CVE-2016-3888
CVE-2016-3889
CVE-2016-3890
CVE-2016-3895
CVE-2016-3897
CVE-2016-3898
CVE-2016-5570
CVE-2013-7446
CVE-2016-3134
CVE-2016-3951
CVE-2016-3953
CVE-2016-2053
CVE-2016-3864
CVE-2016-3858
CVE-2016-4805
CVE-2016-3865
CVE-2016-3859
CVE-2016-3866
CVE-2016-3867
CVE-2016-3868
CVE-2016-3869
CVE-2016-1583
CVE-2016-3839
CVE-2016-3892
CVE-2016-4998
CVE-2016-2469

[1linuxfreak]

My complaint was strictly on the failure to provide security updates. So they cannot bring up MM since this is not the subject of the complaint.

Stay on VZN with your complaints.

Posted on my Still Awesome Z30

Mine as well, made sure to stay on topic about critical security updates not Marshmallow.

[FF22]

I can no post URL .. so search for security bulletin on support . blackberry . com/kb/

Article 000038411 -> September 2016
Article 000038360 -> August 2016
Article 000038293 -> July 2016


or go to us.blackberry.com / content / blackberry-com / en_us / enterprise / products / incident-response-team.html
and scroll down

Thanks - removed the spaces

Incident Response Team - United States

And I used the Report Security Problem to complain about Verizon.

[FF22]

My complaint was strictly on the failure to provide security updates. So they cannot bring up MM since this is not the subject of the complaint.

Stay on VZN with your complaints.

Posted on my Still Awesome Z30

That was my mistake. Even though the Subject Matter and heading on the FCC email back to me says Security Update Delay, Verizon honed in on my comments about Marshmallow. And I did mention that MM does close some security holes since you can separately deal with Permissions.

In my latest reply I linked to the BB Blog and Security announcements and quoted the dates issued part.

As I said to my friend at diner tonight, I have to keep this going without blowing my blood pressure. Accepting that I will get nowhere against Verizon.

[smasha132]

Sent my complaint. this thread needs to be announced on the front page to get frustrated verizon users to issue individual complaints as well.

[Mr.mister]

Not even on verizon nor an American and I will fill it up gladly!

I don't have patience to sugarcoat things.

[ahooks4]

Been through two rounds of FCC filings an Verizon finally stated, the software for the blackberry failed when testing. No answer if they are attempting to work with android / blackberry on correction. Still smells of bs, but they are sending me a s7 edge at no charge to have with case and other accessories. Can keepy priv also. Not ending I wanted but guess will try s7 edge and if don't like, will go back to priv and keep other as backup

[Uzi]

Been through two rounds of FCC filings an Verizon finally stated, the software for the blackberry failed when testing. No answer if they are attempting to work with android / blackberry on correction. Still smells of bs, but they are sending me a s7 edge at no charge to have with case and other accessories. Can keepy priv also. Not ending I wanted but guess will try s7 edge and if don't like, will go back to priv and keep other as backup

I wonder if the s7 edge has the latest security patch?

[FF22]

Been through two rounds of FCC filings an Verizon finally stated, the software for the blackberry failed when testing. No answer if they are attempting to work with android / blackberry on correction. Still smells of bs, but they are sending me a s7 edge at no charge to have with case and other accessories. Can keepy priv also. Not ending I wanted but guess will try s7 edge and if don't like, will go back to priv and keep other as backup

So you got a free phone? New or refurbished? And you can keep the Priv? I might go for that unhappily. Then sell the Edge!!!

[ahooks4]

So you got a free phone? New or refurbished? And you can keep the Priv? I might go for that unhappily. Then sell the Edge!!!

Assuming new, but not sure. Executive Relations stated they had phones in Stock and could send me what I had iny notes from when I purchased the phone. I had them note back in the spring about lack of support from Verizon for software upgrade for BlackBerry and if not updated in reasonable time I wanted it relaxed with the s7 edge as it was the other phone I would have purchased. This was within the 14 day new phone trade in period. They stated the software was being supported and would be upgraded and have patches sent to us on timely manner. Well with that not being true, I elected to have the the new phone and trade in thr priv. They told me no but would give me the s7 edge. I am not sure if they more willing to do this as I had called Verizon weekly for a couple months, then by weekly and also had them note all this back when I first purchased it and could have returned it for the samsung.
I not completely happy as the priv is a great phone, just tired of quick discharge of battery, overheating, no software patches available for security, issue with Internet or fb browsing (browser routed to another Web page), no support fromm BlackBerry or Verizon on browser issue, lack of support by BlackBerry to update phone outside of Verizon. Was told even if I unlocked phone and left Verizon for another carrier, BlackBerry could not update phone with patches and software upgrade (gtfo!)

[ahooks4]

Not sure, will know when I get it today or friday

[ggendel]

So you got a free phone? New or refurbished? And you can keep the Priv? I might go for that unhappily. Then sell the Edge!!!

Whatever the outcome, it was great to see you give it the good fight. Keep us informed. If nothing else we can all demand new phones. I understand that Verizon got their crummy paws on the s7 and "customized" it too. I guess updates may be out of the question for that device too.

[newcollector]

I think you will find that Verizon is lousy about updates for all phone manufacturers except the iPhone. And if you buy a Motorola, that company has publicly stated they will not be issuing security patches at all. So at least with them, Verizon has an excuse.

[anon(757282)]

Thank you for the list of vulnerabilities, ggendel. I added the entire list to my FCC complaint and said that FCC needs to conduct their own investigation and not just allow Verizon to reply to me.

I will not accept "test failure" as an excuse if it is offered. Every other carrier uses these updates, and this is the same phone, so that explanation is BS.

Posted on my Still Awesome Z30

[zephyr613]

Incoming......

Verizon data overages, other charges hit Florida mom for $9,100 | cleveland.com

[crucial bbq]

Thank you for the list of vulnerabilities, ggendel. I added the entire list to my FCC complaint and said that FCC needs to conduct their own investigation and not just allow Verizon to reply to me.

I will not accept "test failure" as an excuse if it is offered. Every other carrier uses these updates, and this is the same phone, so that explanation is BS.

Posted on my Still Awesome Z30

As far as Android security updates are concerned, the whole program is what, only a year old? And as far as I know only Goolge (Nexus), Samsung, LG, and BlackBerry have agreed to do them. Google writes the updates for ASOP, tests them on Nexus handsets, then sends that code to manufacturers (if they want it) who must also tweak the code for their own customized layers. For U.S. customers, the update is then sent to the carriers who of course must also test (bundled app compatibility). So the security updates, the code anyways, is not the same across handsets even if they are all branded with the Verizon logo. Because of Verizon's own layer, meaning apps, no, our Privs are not the same across the World.

From Feb. 2016, Android Central:

Monthly security patches are the most important updates you'll never get | Android Central

As far as I know, U.S. carriers have only agreed to fast-track the updates, but recieve the updates a month in advance (they got the September update at the beginning of August, for example). If I remember correctly, someone mentioned back when we got our first update that Verizon plans to bundle and release them every three months or so. The only way this will change in the U.S. is when policy forces U.S. carriers to change their practices. I say this because there will be no mass exudus, a change in public opinion, any time soon. These FCC, FTC, and other complaints are a step in the right direction and unfortunately (or furtunately, depending on perspective) it will take an Act of Congress to illicit any change.

For Marshmallow, I am confident that we are getting it. Why? Because it was publically announced four months ago by Verizon that it was currently undergoing feild testing, which, obligates them to release it. They can stall, sure, but they have no reason to do so indefinitely outside of conspiracy.

[ggendel]

As far as Android security updates are concerned, the whole program is what, only a year old? And as far as I know only Goolge (Nexus), Samsung, LG, and BlackBerry have agreed to do them. Google writes the updates for ASOP, tests them on Nexus handsets, then sends that code to manufacturers (if they want it) who must also tweak the code for their own customized layers. For U.S. customers, the update is then sent to the carriers who of course must also test (bundled app compatibility). So the security updates, the code anyways, is not the same across handsets even if they are all branded with the Verizon logo. Because of Verizon's own layer, meaning apps, no, our Privs are not the same across the World.

From Feb. 2016, Android Central:

Monthly security patches are the most important updates you'll never get | Android Central

As far as I know, U.S. carriers have only agreed to fast-track the updates, but recieve the updates a month in advance (they got the September update at the beginning of August, for example). If I remember correctly, someone mentioned back when we got our first update that Verizon plans to bundle and release them every three months or so. The only way this will change in the U.S. is when policy forces U.S. carriers to change their practices. I say this because there will be no mass exudus, a change in public opinion, any time soon. These FCC, FTC, and other complaints are a step in the right direction and unfortunately (or furtunately, depending on perspective) it will take an Act of Congress to illicit any change.

For Marshmallow, I am confident that we are getting it. Why? Because it was publically announced four months ago by Verizon that it was currently undergoing feild testing, which, obligates them to release it. They can stall, sure, but they have no reason to do so indefinitely outside of conspiracy.

Of course you're right that this is a David and Goliath situation. However, I've asked all the way up the chain for a simple declaration that they are still working on it. You would think that Verizon would want to placate us by simply stating that they are, but they claim that information is proprietary. If they said they were working on it before, why be silent now? I have no conspiracy predilections other than they are conspiring to keep us in the dark. A simple yes or no would make my choices easier (Yes, I'll wait it out; No, goodbye Verizon).

[bobshine]

Did Verizon offered the Note 7? If they did, I'll be curious to see what will happen with the September 20th update for the battery issue...

[1linuxfreak]

As far as Android security updates are concerned, the whole program is what, only a year old? And as far as I know only Goolge (Nexus), Samsung, LG, and BlackBerry have agreed to do them. Google writes the updates for ASOP, tests them on Nexus handsets, then sends that code to manufacturers (if they want it) who must also tweak the code for their own customized layers. For U.S. customers, the update is then sent to the carriers who of course must also test (bundled app compatibility). So the security updates, the code anyways, is not the same across handsets even if they are all branded with the Verizon logo. Because of Verizon's own layer, meaning apps, no, our Privs are not the same across the World.

From Feb. 2016, Android Central:

Monthly security patches are the most important updates you'll never get | Android Central

As far as I know, U.S. carriers have only agreed to fast-track the updates, but recieve the updates a month in advance (they got the September update at the beginning of August, for example). If I remember correctly, someone mentioned back when we got our first update that Verizon plans to bundle and release them every three months or so. The only way this will change in the U.S. is when policy forces U.S. carriers to change their practices. I say this because there will be no mass exudus, a change in public opinion, any time soon. These FCC, FTC, and other complaints are a step in the right direction and unfortunately (or furtunately, depending on perspective) it will take an Act of Congress to illicit any change.

For Marshmallow, I am confident that we are getting it. Why? Because it was publically announced four months ago by Verizon that it was currently undergoing feild testing, which, obligates them to release it. They can stall, sure, but they have no reason to do so indefinitely outside of conspiracy.

Kernel level patches does not affect the GUI or apps, the patches are for vulnerabilities in the kernel, unless the security update targets a layer where and app uses that layer there is no need for tweaking. Android AOSP is the base, the GUI, drivers are added and or apps. Android kernel is android kernel across all devices here or world wide. Only thing different in the VzW Priv and others is the VzW bloatware and radio bands as seen here --
CARRIER NETWORK 3G BANDS 3G FREQUENCIES 4G LTE BANDS 4G LTE FREQUENCIES
AT&T GSM/UMTS/HSPA+ 2, 5 1900, 850 2, 4, 12, 17 1900, 1700 abcde, 700 bc
VERIZON CDMA 0, 1 850, 1900 2, 4, 13 1900, 1700 f, 700 c
T-MOBILE GSM/UMTS/HSPA+ 2, 4 1900, 1700/2100 2, 4, 12 1900, 1700 def, 700 a
SPRINT CDMA 10, 1 800, 1900 25, 26, 41 1900 g, 850, 2500
US CELLULAR CDMA 0, 1 850, 1900 5, 12 850, 700 ab
Qualcomm still makes the radio chips and still writes their own drivers. Don't be spreading F.U.D. about how different the VzW Priv is than any other carrier, it is not that different.
Trust me in Linux proper a kernel level patch is the same across all distributions only thing different is the form of delivery, .deb, .rpm.
There is something not right with this VzW update fiasco.
Use to in custom ROMs you could flash a new kernel tweaked with new additions and not harm any app running, then the locked bootloader occurred stopping the kernel tweaking by Devs. You must have never done any kernel tweaking or ROM flashing.

[crucial bbq]

They did. They are no longer offering it for sale until new units ship in. The same dude who tweeted Priv was in testing (MM) four months ago had also tweeted that those who purchased a Note 7 from Verizon can return them. The tweet is still up but oddly the "page" has been removed. Verizon's website says they have until Sept. 30 to return or exchange.

For what it's worth, from what I see it seems that those who purchased a Note 7 from Verizon are getting the same run-around as we are.

But hey, at least with Note 7 out of the way perhaps they will resume testing MM on Priv? Sarcasm. Maybe.

[FF22]

As far as Android security updates are concerned, the whole program is what, only a year old? And as far as I know only Goolge (Nexus), Samsung, LG, and BlackBerry have agreed to do them. Google writes the updates for ASOP, tests them on Nexus handsets, then sends that code to manufacturers (if they want it) who must also tweak the code for their own customized layers. For U.S. customers, the update is then sent to the carriers who of course must also test (bundled app compatibility). So the security updates, the code anyways, is not the same across handsets even if they are all branded with the Verizon logo. Because of Verizon's own layer, meaning apps, no, our Privs are not the same across the World.

From Feb. 2016, Android Central:

Monthly security patches are the most important updates you'll never get | Android Central

As far as I know, U.S. carriers have only agreed to fast-track the updates, but recieve the updates a month in advance (they got the September update at the beginning of August, for example). If I remember correctly, someone mentioned back when we got our first update that Verizon plans to bundle and release them every three months or so. The only way this will change in the U.S. is when policy forces U.S. carriers to change their practices. I say this because there will be no mass exudus, a change in public opinion, any time soon. These FCC, FTC, and other complaints are a step in the right direction and unfortunately (or furtunately, depending on perspective) it will take an Act of Congress to illicit any change.

For Marshmallow, I am confident that we are getting it. Why? Because it was publically announced four months ago by Verizon that it was currently undergoing feild testing, which, obligates them to release it. They can stall, sure, but they have no reason to do so indefinitely outside of conspiracy.

I have no such confidence. NONE at all.