1
Browsing the site https://android.googlesource.com/ I realized that there are many people making changes to the source code of the Android system. I even know that bug fix patches and vulnerabilities are "commited" there.
I’m trying to make an application that diagnoses a device as to its vulnerabilities based on device metadata like, android version, kernel version, build number, build timestamp, etc.
There is a vulnerability that affects several versions of android, including my device (Jelly Bean 4.1.2), but according to the application "Trustable", my device is protected against this vulnerability. The patch to fix this vulnerability was released/commited in 2013, and the build timestamp (system build date) of my device is 2014. Maybe that’s why my device isn’t susceptible to such vulnerability. But this is just speculation, and I wanted to make sure.
I would like to know how system updates occur; if they occur, for example, in a certain time interval, if these updates modify the build timestamp of the system, and mainly, if I can ensure that my device is not susceptible to a certain vulnerability if the build timestamp, ie the date of compilation of my system (kernel) is higher than the date of release of vulnerability correction.
Thanks in advance.
If anyone can quote a source so that I can obtain such information I would greatly appreciate.
– Breno Macena