Concept

The security patch is an important concept of Android OS security. The more recent the patch is, the more secure the device is and the less exposed the device is to attacks such as escalation of privileges.

The secure client performs a first step of verification during run time. Currently, a security patch older than 2021/07 will trigger a remediation action. The secure backend, through monitoring, will perform a second verification based on the settings provided by the integrator in the database.

Configuration

The security patch level verification can be configured through the database seeds or by any direct access to it.

The element to update is table sm_criteria, smcrId number 4, “Minimum SDK security patch”. The verification is made through a PHP script contained in column smcrScript which should be updated according to your internal rules.

Recommendations

Current recommendation is to limit the security patch to 2022/06 and higher.