In short: The ‘Pixel/Nexus Security Bulletin’ has now been released outlining changes coming with the devices’ update to the October 2018 Android Security patch and apparently no additional security fixes were required this time around. That’s not to say there aren’t any changes at the OS level. There are, in fact, 26 security patches in total to Android itself but there are none that are specific to Pixel and Nexus-branded handsets. Instead, for those Google-made devices, there are four other bug fixes included starting with a fix for all update-eligible devices that modifies call-screening behavior for performance when Maps is in use for navigation. Pixel 2 and Pixel 2 XL users, on the other hand, will see stability improvements for Android Auto and performance improvements during playback of some protected media formats. Original Pixel and Pixel XL owners will see fast-charging behavior improvements.
Background: The biggest changes listed in the latest bulletin for Pixel users are most likely going to be the fixes for fast charging and Android Auto improvements. Both of those features have seen a not-insignificant amount of negative feedback over the past several weeks. Most recently, the quick-charging features found in Google’s original Pixel-branded smartphones stopped working for many users with the installation of Android 9 Pie. Despite promises to fix the problem, made almost immediately after the issue was discovered, no fix has yet been implemented. The nature of the “improvements” listed in the latest bulletin and the specification that those are for the handset in question seems to suggest that is the fix Google is talking about with the October security patch.
Impact: Although Google’s own devices aren’t getting any security patches directly aimed at fixing holes only found in the Pixel or Nexus-branded phones, there are quite a few in the more general Android Security update. All but seven of those are patching vulnerabilities found in Android devices running OS versions from Android 7.0 Nougat through Android 9 Pie. Of the patches designated for those versions, only one is rated as a “moderate” risk level. Three of the patches are for kernel components and are listed as “high” severity while eight of the changes are marked as “critical.” Six of those are remote code execution vulnerabilities that would allow code to be executed on handsets across the board at a distance. Tying into that, the remaining two critical fixes are marked as being related to an elevation of privileges that would let an installed app effectively grant itself permissions in order to take secondary actions or execute further code.