Critical Chipset Bugs Open Millions of Android Devices to Remote Spying

Discuss The Products
39

I think overall some can agree to disagree and thats fine in my eyes, there is no need to always agree and we need to stand different opinions. We always need to consider that there is different level of knowledge around and when we want to help others to understand better, its always good to stick to facts and elaborate them a bit.

As I think the discussion revealed some important information maybe I try to summarize the facts I get out of this and which are in my eyes important to understand

  1. Qualcomm stops support for chipsets after a few years, I think it was 3 in the past and recently expanded to 4 or 5? So FP2 is out of support since many years already and FP3 as well mostlikely is since last year, because although FP3 was published around sep 2019 the chipset used, was already around a year old at this time.
  2. When support stops, normally the security issues listed under “Qualcomm” in the Android monthly security bulletin are mostlikely not patched to chipsets which no longer have official QC support , i.e. just because I see security update date of 05th Feb 22 on my FP2 it, it does not automatically mean I have the QC updates on my device.
  3. The Qualcomm security bulletin has a section named “affected chipsets” which seem to be misleading as it does not list chipsets affected by the issue, but those who got the fix. Scrolling down there is some hint * The list of affected chipsets may not be complete. For latest information, device OEMs can contact QTI directly at [www.qualcomm.com/support](http://www.qualcomm.com/support) .
  4. For some reason, several months after the issue was detected and “fixed” several IT/tech plattforms are now “reporting” about this issue and also give false feeling of safety by stating e.g. (as Heise did) “if you own an Android device ensure your security patch level date is at least Dec 21”
  5. thats all for sure important to know because
  1. Even if this issue could be fixed on the FP2 and FP3 as well by Fairphone we need to see that

and Fairphone

  1. What are we doing with all this information? Can we do anything to improve and get all stakeholders like chipset manufacturer, smartphone manufacturer and IT/Tech News Plattforms to be more transparent about this topic, because without a change of behaviour at all ends it remains difficult to keep a smartphone longer when you want a real secure device.
4 Likes
Qualcomm Security Hole
FP's affected by CVE-2026-21385?