10

How can I determine the security patch level of an Android device using an API or other mechanism? I'm looking for the same security patch information that can be found manually by clicking the Settings -> About menu on the device.

Google issues security patches every month, for example 2016-12-01.

enter image description here

Yojimbo
  • 23,288
  • 5
  • 44
  • 48
tardis
  • 1,280
  • 3
  • 23
  • 48

5 Answers5

16

In Android SDK 23 (Marshmallow) and later, you can retrieve the security patch date from android.os.Build.VERSION.SECURITY_PATCH. The date is a string value in YYYY-MM-DD form.

In Lollipop, you can use the getprop command to read the value of ro.build.version.security_patch. See this S/O question for how to execute getprop using ProcessBuilder.

Security patches have been released on a monthly basis since October 2015, see Android Security Bulletins for more details.

Yojimbo
  • 23,288
  • 5
  • 44
  • 48
  • have you find any values for "ro.build.version.security_patch" on android 5.0 or below ? – Ando Masahashi Oct 25 '18 at 05:29
  • I think there's no sense to even try to figure out the security patch level for any device that doesn't support `android.os.Build.VERSION.SECURITY_PATCH`. All devices failing to support that API should be just considered stale/unsafe. – Mikko Rantalainen Aug 04 '21 at 13:49
3

I do not think that is possible without root access since the Security Patch Level is stored in ro.build.version.security_patch field inside build.prop which is in /system/ path.

If you have root access, you can just read that file and look for the above mentioned field.

EDIT: as @v6ak mentioned, you access the value of the properly without root too.

Subhrajyoti Sen
  • 1,525
  • 14
  • 18
  • I cannot test it since I have no rooted android device. But it would make sense since it is a kind of security problem since every simple bad app could find out the security patch level and then only use the most easy security hole to to its bad work. – tardis Jan 11 '17 at 10:13
  • 1
    It works without root. Most (maybe all) of the files in /system are publicly readable, so just running the following command does the trick: cat /system/build.prop | grep security – v6ak Oct 08 '17 at 09:37
2

This value is stored in the /system/bin/getprop system file. You can read it in this way:

try {
    Process process = new ProcessBuilder()
            .command("/system/bin/getprop")
            .redirectErrorStream(true)
            .start();

    InputStream is = process.getInputStream();
    BufferedReader br = new BufferedReader(new InputStreamReader(is));
    String line;

    while ((line = br.readLine()) != null) {
        str += line + "\n";
        if (str.contains("security_patch")) {
            String[] splitted = line.split(":");
            if (splitted.length == 2) {
                return splitted[1];
            }
            break;
        }
    }

    br.close();
    process.destroy();

} catch (IOException e) {
    e.printStackTrace();
}
Domenico
  • 1,331
  • 18
  • 22
1

From an adb shell you can execute getprop ro.build.version.security_patch. Hopefully those properties are available to a non-root process on Android.

So in C/C++ I'd try using: system("getprop ro.build.version.security_patch");

Or in Java something like:

import android.os.Bundle;
public static final String SECURITY_PATCH = SystemProperties.get(
            "ro.build.version.security_patch");
AlgebraWinter
  • 321
  • 2
  • 3
0

you can also use the following adb command

adb shell getprop | egrep
Moya.A
  • 25
  • 7