Latest Top Posts

a-new-oneplus-tablet-just-cleared-the-fcc,-but-it’s-not-the-one-we-were-expecting

A New OnePlus Tablet Just Cleared The FCC, But It’s Not The One We Were Expecting

this-perfectly-sized-android-gaming-tablet-might-already-be-getting-a-successor

This Perfectly Sized Android Gaming Tablet Might Already Be Getting A Successor

5-ways-your-smart-home-can-help-you-focus-while-working-from-home

5 Ways Your Smart Home Can Help You Focus While Working From Home

7-easy-steps-to-boost-security-in-your-favorite-messaging-apps

7 Easy Steps To Boost Security In Your Favorite Messaging Apps

6-smart-tv-tips-and-tricks-to-stream-foreign-tv-shows

6 Smart TV Tips And Tricks To Stream Foreign TV Shows

The U.S. Just Defunded A Key Security Database, And Your Android Phone Could Pay The Price

All the latest Android & Tech news Android News Add Comment 3 Min Read
the-us.-just-defunded-a-key-security-database,-and-your-android-phone-could-pay-the-price
The U.S. Just Defunded A Key Security Database, And Your Android Phone Could Pay The Price

Summary: The Trump Administration has abruptly cut funding for the CVE database—a crucial tool used to identify and track software vulnerabilities across everything from Android phones to PCs. Without it, Android security updates could slow down and become less transparent, leaving users more exposed and phone makers scrambling for alternatives.

The Trump Administration has just pulled funding for the Common Vulnerabilities and Exposures Database, also known as CVE. And this is a big deal for your Android phone.

You see, CVE is a critical security program that standardizes the naming and tracking of vulnerabilities. If you’ve ever looked at one of the Google Security Bulletins, you’ll see “CVE” mentioned for each vulnerability that was found and patched. And now, without funding, this is going to make these updates slower, and less transparent.

MITRE, which is the federally funded organization behind CVE, has said that its contract to “develop, operate and modernize” CVE expires on April 16 – that’s today. This program has been around since 1999, and is a vital part of all kinds of electronics in your home. It’s not just used for Android and iOS, but also computers, graphics cards and anything else that could have vulnerabilities.

How will this affect Android Security updates?

As you might expect, Google relies pretty heavily on CVEs in its Android Security updates. And without the working CVE, that could cause delays in identifying and fixing these problems. The numbers and naming of different vulnerabilities is how Google is able to communicate updates about security issues with its hundreds of partners. From Qualcomm to Samsung. And if the system breakdown, that could lead to delayed and missing patches.

See also  Samsung's Website Accidentally Lists Galaxy A56, A36, & A26

Currently, this is a big concern. Because without a central system, Android phone makers might have to develop their own system. The other concern is that without a centralized system, companies could become less transparent about these security issues and fixing them.

The funding was just pulled yesterday, so we don’t know the full-scope of how things will change. But, it’s not good. There is a chance that the Trump Administration will backtrack and give CVE its funding again.

Tags: