Android security patches out of date

Under Trust menu, it says I need to make sure I am on latest /e/ build and ensure vendor image up to date.

What is “vendor image”? Is there something else I need to do other than keep /e/OS up to date to make my phone secure?

I’m on: /e/OS 1.10 Teracube 2e emerald

Regain your privacy! Adopt /e/ the unGoogled mobile OS and online servicesphone"

I don’t remember seeing anything of that nature on my T2e. May have come up once at some point.

As vendor is concerned, there hasn’t been an Android 11 update from Teracube since early 2022 I think. Nothing can be done on that end.
They are currently working on A12.

The nature of Android.
I don’t think you need to worry about or do anything here. Acknowledge the Trust notice and practice safe computing.

By the way, check Settings → About phone → Android version.
There is info for ‘Vendor security patch level’. For me it says ‘Unknown’.

Yeah I see the same for vendor security patch level.

So if I understand correctly, hardware security patches are something that the hardware vendor- in this case Terracube- need to submit to the AOSP, and they probably won’t because they don’t have Linux devs working for them. Which I guess is why some people buy Pixels, because Google will hire Linux devs to write and submit AOSP kernal/driver patches for their phones.

No, this all happens with Google official.

By way of example the vendor may address vulnerabilities or, as a new Android version comes along, they may be able to make changes to optimise behaviour with the new Android version.

These changes are validated in “cooperation” with Google, then are released by the vendor in the form of a software revision. The date of this revision is represented by the Vendor Security Patch Level.

1 Like

No, this all happens with Google official.

So how to alternative Android projects like LineageOS, /e/OS, GrapheneOS, get those vendor security patches?

In a very few cases (just like /e/OS relationship with Fairphone) as I understand there is real sharing so that vendor parts can be published with the /e/OS release.

But this is one of a small sub section.

Generally the alternative builds do not include the vendor parts in the release. Generally /e/ will aim to replace Recovery and system but the vendor parts will remain on the phone or else be refreshed by flashing the updated manufacturer ROM.

However the ROM builder or dev team have to have access to the proprietary parts / vendor blobs, so that the release “matches” and works correctly with the manufacturer’s current “foundation”. On a typical /e/OS build

Include proprietary files, downloaded automatically from and

This topic was automatically closed after 90 days. New replies are no longer allowed.