AnsweredAssumed Answered

Who must create an android security patch?

Question asked by Takayuki Ishii on Jul 10, 2018
Latest reply on Apr 2, 2019 by Richard Andersen

Hello community,


In  Android Security Bulletins, it have 3 type of security information.


  • Android platform fixes are merged into AOSP 24–48 hours after the security bulletin is released and can be picked up directly from there.
  • Upstream Linux kernel fixes are linked to directly from the bulletin on release and can be picked up from there.
  • Fixes from SOC manufacturers are available directly from the manufacturers.

My understanding that who must apply patches for this 

About "Fixed from SOC manufacturers" will be released some patches from NXP.

Others, "Android platform fixes" and "Upstream Linux kernel fixes", customer must get fixed code for each 

security Bulletins and apply it by themselves.


Is it correct?


Best regards,