10

How can I determine the security patch level of an Android device using an API or other mechanism? I'm looking for the same security patch information that can be found manually by clicking the Settings -> About menu on the device.

Google issues security patches every month, for example 2016-12-01.

enter image description here

Improve this question
0

5 Answers 5

Reset to default
18

In Android SDK 23 (Marshmallow) and later, you can retrieve the security patch date from android.os.Build.VERSION.SECURITY_PATCH. The date is a string value in YYYY-MM-DD form.

In Lollipop, you can use the getprop command to read the value of ro.build.version.security_patch. See this S/O question for how to execute getprop using ProcessBuilder.

Security patches have been released on a monthly basis since October 2015, see Android Security Bulletins for more details.

Improve this answer
2
  • have you find any values for "ro.build.version.security_patch" on android 5.0 or below ?
    – Ando Masahashi
    Commented Oct 25, 2018 at 5:29
  • I think there's no sense to even try to figure out the security patch level for any device that doesn't support android.os.Build.VERSION.SECURITY_PATCH. All devices failing to support that API should be just considered stale/unsafe.
    – Mikko Rantalainen
    Commented Aug 4, 2021 at 13:49
3

I do not think that is possible without root access since the Security Patch Level is stored in ro.build.version.security_patch field inside build.prop which is in /system/ path.

If you have root access, you can just read that file and look for the above mentioned field.

EDIT: as @v6ak mentioned, you access the value of the properly without root too.

Improve this answer
2
  • I cannot test it since I have no rooted android device. But it would make sense since it is a kind of security problem since every simple bad app could find out the security patch level and then only use the most easy security hole to to its bad work.
    – tardis
    Commented Jan 11, 2017 at 10:13
  • 1
    It works without root. Most (maybe all) of the files in /system are publicly readable, so just running the following command does the trick: cat /system/build.prop | grep security
    – v6ak
    Commented Oct 8, 2017 at 9:37
2

This value is stored in the /system/bin/getprop system file. You can read it in this way:

try {
    Process process = new ProcessBuilder()
            .command("/system/bin/getprop")
            .redirectErrorStream(true)
            .start();

    InputStream is = process.getInputStream();
    BufferedReader br = new BufferedReader(new InputStreamReader(is));
    String line;

    while ((line = br.readLine()) != null) {
        str += line + "\n";
        if (str.contains("security_patch")) {
            String[] splitted = line.split(":");
            if (splitted.length == 2) {
                return splitted[1];
            }
            break;
        }
    }

    br.close();
    process.destroy();

} catch (IOException e) {
    e.printStackTrace();
}
Improve this answer
1

From an adb shell you can execute getprop ro.build.version.security_patch. Hopefully those properties are available to a non-root process on Android.

So in C/C++ I'd try using: system("getprop ro.build.version.security_patch");

Or in Java something like:

import android.os.Bundle;
public static final String SECURITY_PATCH = SystemProperties.get(
            "ro.build.version.security_patch");
Improve this answer
0

you can also use the following adb command

adb shell getprop | egrep
Improve this answer

Not the answer you're looking for? Browse other questions tagged or ask your own question.