How To Guide September 12, 2022 Verizon factory image (TP1A.220905.004.A1) - PSA about Android 13 in OP - Unlocking the Pixel 6 Pro bootloader & central repository

Search This thread

Lughnasadh

Senior Member
Mar 23, 2015
3,891
4,152
Google Nexus 5
Huawei Nexus 6P
From Nova's Discord chat, for what it's worth...


Screenshot 2022-07-19 142825.png
 

Lughnasadh

Senior Member
Mar 23, 2015
3,891
4,152
Google Nexus 5
Huawei Nexus 6P
Here's some other news...

"DNS-over-HTTP/3 (DoH3) support was released as part of a Google Play system update, so by the time you’re reading this, Android devices from Android 11 onwards1 will use DoH3 instead of DoT for well-known2 DNS servers which support it."


*Hope it's ok to post this in this thread Rode Warrior.

 

MrBelter

Senior Member
Apr 10, 2011
1,557
562
This may be posted elsewhere too but it's important enough. Time to deep-freeze archive Nova Launcher version 7 (and the Prime activator, and even the Nova Google Companion) APKs just in case!

I had talked to Kevin (at)teslacoil / developer of Nova possibly even before Nova was released - I don't remember. At the time I was using his WidgetLocker back on Android 2.1.




I also un-opted out of their Beta program and deselected both apps from auto-updating.
Bugger, i have used Nova for longer than i care to remember, I'll be keeping a close eye on what people are saying about it now :(
 
  • Like
Reactions: roirraW "edor" ehT

hello00

Senior Member
Dec 29, 2009
4,316
3,151
South Miami, FL
Google Pixel 6 Pro
As if your privacy and data is not already shared by other apps like Facebook, WhatsApp, Instagram, etc. What are they gonna share? Texts and pictures of my friends. Share the pictures and texts for all I care
 
Last edited by a moderator:

MrBelter

Senior Member
Apr 10, 2011
1,557
562
As if your privacy and data is not already shared by other apps like Facebook, WhatsApp, Instagram, etc. What are they gonna share? Texts and pictures of my friends. Share the pictures and texts for all I care
It is the principal of it though, people bought / used the app in good faith. If you use Facebook, WhatsApp or Instagram you know exactly what you are letting yourself in for (or you should).
 

roirraW "edor" ehT

Forum Moderator
Staff member
Magisk Stable v25.2 is out.
Direct link to downlod: https://github.com/topjohnwu/Magisk/releases/download/v25.2/Magisk-v25.2.apk


v25.2​

  • [MagiskInit] Fix a potential issue when stub cpio is used
  • [MagiskInit] Fix reboot to recovery when stub cpio is used
  • [MagiskInit] Fix sepolicy.rules symlink for rootfs devices
  • [General] Better data encryption detection
  • [General] Move the whole logging infrastructure into Rust
 

roirraW "edor" ehT

Forum Moderator
Staff member

July 21, 2022 7:38am Comment Skanda Hazarika

Magisk v25.2 marks the beginning of the project’s Rust-ification​

Back in 2021, we saw the first baby steps toward the adoption of the memory-managed Rust programming language into the Android codebase. John Wu, aka XDA Senior Recognized Developer topjohnwu, has apparently been thinking along the same lines for the Magisk Project. As per Wu, the experimentation had already begun after releasing the v25.0 build of Magisk via stable channel. Now, topjohnwu has rolled out a new stable build of Magisk in the form of v25.2, with the whole logging infrastructure transitioned to Rust.
A majority of Magisk’s low level components are written in C++. However, as a nonmemory-managed language, it opens the programmer up to memory leaks and buffer overflows. Rust, on the other hand, provides the raw speed, flexibility, and most of the direct mapping to hardware functionality that C++ would while offering a memory-safe environment. Although we don’t expect to see a full implementation of Magisk in Rust anytime soon, this early work on integrating Rust code into the project’s logging infrastructure is likely to be very important.
Magisk XDA Forums
Notably, an intermediate v25.1 build came out just twelve days after the v25 release went live, but it was a minor bug-fix update. The latest stable release of Magisk, however, is a full-fledged maintenance update that also features a number of MagiskInit-related improvements.
Below you can find the complete changelog for Magisk v25.2:
  • [MagiskInit] Fix a potential issue when stub cpio is used
  • [MagiskInit] Fix reboot to recovery when stub cpio is used
  • [MagiskInit] Fix sepolicy.rules symlink for rootfs devices
  • [General] Better data encryption detection
  • [General] Move the whole logging infrastructure into Rust
If you want to check out the v25.2 release in full detail, go ahead and download it to your device right now from the link below. In case you happen to run into any problems with the latest build, make sure to file a bug report on the “Issues” section of the project’s GitHub repository.
Download Magisk v25.2

Source: John Wu on Twitter
 
  • Like
Reactions: Lughnasadh and jcp2

roirraW "edor" ehT

Forum Moderator
Staff member

Google Camera ‘temporarily disabled’ Frequent Faces on the Pixel



Abner Li
- Jul. 24th 2022 2:56 pm PT
@technacity
google pixel 6a


0




With the Pixel 4, Google Camera gained a “Frequent Faces” feature to “identify and recommend better shots of the faces you photograph or record the most,” but was quietly disabled in recent months.

When your camera finds and recommends other shots within your photos or quick videos, your camera recognizes which shots include the faces you capture often. Then, your camera recommends better photos of those faces.
Frequent Faces works by saving “data about the faces you photograph or record.” It functions on-device and no data is sent to Google. You have to manually enable (on Pixel 4 and newer), while turning it off will delete any saved face data. This could be done from the main Camera settings list in-between “Gestures” and “Device storage.”
On the Pixel 6 and 6 Pro, Google uses Frequent Faces to “help the camera show skin tones more accurately” as part of Real Tone, while better auto-white balance for recognized people is another benefit.
Google-Camera-astrophotography-timelapse-2.png

Google Camera Pixel Frequent Faces

As spotted today on Reddit, there’s a thread on the Pixel help forum from May that confirms (per a Product Expert) that Frequent Faces was “temporarily disabled.” There are no details on why the capability was pulled, or when it will return.
This feature was temporarily disabled, and a fix for it is forthcoming. There is no time frame on the release yet. I will keep you updated as more information becomes available.
It’s still not available as of Google Camera 8.5 from June on both Android 12 (including the Pixel 6a) and 13 Pixel phones. Overall, the situation appears different from when the Pixel 5 and 4a 5G’s ultrawide lens was disabled for astrophotography in 2020.
Frequent Faces is still advertised as one of the Pixel 6a’s “Camera Features” in the Google Store specs list. Meanwhile, the Pixel Camera page advertises it as letting you “get more smiles and fewer blinks.”
Google Camera Pixel Frequent Faces
 
Last edited:

The MAZZTer

Member
Feb 1, 2015
20
20
So with June 2022 and Magisk 24.1 and previous on my Pixel 6 Pro I have been using --disable-verify and --disable-verification as I thought they were needed (and I have had MULTIPLE factory resets needed when I thought I had done everything correctly).

For some reason with July 2022 and Magisk 25.2 if I disable verify and verification my phone does NOT boot with either Magisk patched or stock kernel. Probably something changed in July 2022 Android?

Anyway I kept them enabled as per the suggestion in the first post of the thread and everything is fine and dandy now. Still not sure what changed.
 
  • Wow
Reactions: roirraW "edor" ehT

biTToe

Senior Member
So with June 2022 and Magisk 24.1 and previous on my Pixel 6 Pro I have been using --disable-verify and --disable-verification as I thought they were needed (and I have had MULTIPLE factory resets needed when I thought I had done everything correctly).

For some reason with July 2022 and Magisk 25.2 if I disable verify and verification my phone does NOT boot with either Magisk patched or stock kernel. Probably something changed in July 2022 Android?

Anyway I kept them enabled as per the suggestion in the first post of the thread and everything is fine and dandy now. Still not sure what changed.
See the second post in this series

---

Disabling Verity and Verification isn't required except for use with some custom kernels, but just rooting those custom kernels with the latest Magisk Stable v24.1 or higher should make them not require disabled Verity and Verification anymore.

A reminder that disabling Verity and Verification, at least if you've never disabled them before, will cause you to need to factory reset the device otherwise there will be corruption.

if you didnt disable before then it is enabled since the beginning. Disabling requires a full wipe.
It will show this image if you try to disable.

You can also verify it using adb shell with:
adb shell
su
avbctl get-verity
avbctl get-verification

1636658711744-png.5455805



Click to expand...

The usefulness of having Verity and Verification enabled (now that it's not needed for root but IS still required for some custom kernels):

1. DM-Verity ( VB 1.0 ) verifies /system and /vendor - it was introduced with Android 4.4, modified with Android 7
2. Android Verified Boot ( VB 2.0 aka AVB ) additionally verifies /boot - it was introduced with Android 8, works on Project Treble enabled devices

Both are running a hash on the memory blocks mentioned of your device to ensure the integrity of your software and help prevent rootkits and the like.

If you disable VB 1.0 and/or VB 2.0 your Android device becomes vulnerable to malware of any type: IMO only those do it who do not care about the built-in protection.

Click to expand...

Yes - this is covered on Android Source.

The basics:
Android Verified Boot ensures that the boot code is legitimate, by using a boot image "signature" compared to a signature stored in the key registry.

Dm-verity is a method by which the code on the block devices is hashed; this hash is then compared to a reference hash to determine its authenticity before the image is loaded, thereby preventing rootkits from declaring themselves legitimate.

Vbmeta verification is a method of storing those reference hashes to which the generated hashes are compared. This can be and often is used for any critical partition, such as /boot and /system.

These aren't new concepts and indeed have been integral to Android for some time. What is new is how the Android 12 AVB headers were handled.

We still don't know exactly where in the process the problem occurred when trying to run custom boot images with Android 12. I suspect that the issue wasn't custom software itself - after all, you could still flash a custom ROM and run it without issues - but rather, trying to use a modified boot image with otherwise stock Android 12 system. Don't take my word for it, though, because I don't know for sure.

Click to expand...
 
Last edited:

Lughnasadh

Senior Member
Mar 23, 2015
3,891
4,152
Google Nexus 5
Huawei Nexus 6P
So with June 2022 and Magisk 24.1 and previous on my Pixel 6 Pro I have been using --disable-verify and --disable-verification as I thought they were needed (and I have had MULTIPLE factory resets needed when I thought I had done everything correctly).

For some reason with July 2022 and Magisk 25.2 if I disable verify and verification my phone does NOT boot with either Magisk patched or stock kernel. Probably something changed in July 2022 Android?

Anyway I kept them enabled as per the suggestion in the first post of the thread and everything is fine and dandy now. Still not sure what changed.
The user in the post above this had no problems using Magisk 25.2 on the July build with verity and verification disabled, and I haven't seen anyone else have problems when verity and verification were disabled on the July build (or Android 13 betas for that matter), so the problem you encountered may have stemmed from something else.

It would also seem kind of strange that Google would change something on the July build (likely last build of Android 12) that would affect being able to boot with verity and verification disabled but not have those same changes incorporated in the Android 13 betas.

I think something else unrelated to disabling verity and verification was going on.
 

roirraW "edor" ehT

Forum Moderator
Staff member
Update not quite here yet, but here's the Pixel Update Bulletin—August 2022:


Pixel Update Bulletin—August 2022​


Published August 1, 2022
The Pixel Update Bulletin contains details of security vulnerabilities and functional improvements affecting supported Pixel devices (Google devices). For Google devices, security patch levels of 2022-08-05 or later address all issues in this bulletin and all issues in the August 2022 Android Security Bulletin. To learn how to check a device's security patch level, see Check and update your Android version.
All supported Google devices will receive an update to the 2022-08-05 patch level. We encourage all customers to accept these updates to their devices.
Note: The Google device firmware images are available on the Google Developer site.

Announcements​

  • In addition to the security vulnerabilities described in the August 2022 Android Security Bulletin, Google devices also contain patches for the security vulnerabilities described below.

Security patches​

Vulnerabilities are grouped under the component that they affect. There is a description of the issue and a table with the CVE, associated references, type of vulnerability, severity, and updated Android Open Source Project (AOSP) versions (where applicable). When available, we link the public change that addressed the issue to the bug ID, like the AOSP change list. When multiple changes relate to a single bug, additional references are linked to numbers following the bug ID.


Kernel components​


CVEReferencesTypeSeverityComponent
CVE-2021-3609A-223967238
Upstream kernel
EoPModerateKernel
CVE-2021-39714A-205573273
Upstream kernel [2] [3] [4] [5] [6]
EoPModerateKernel
CVE-2022-0435A-228560328
Upstream kernel
EoPModerateKernel
CVE-2022-0995A-227638011
Upstream kernel [2] [3] [4] [5] [6] [7] [8]
EoPModerateKernel
CVE-2022-1011A-226679409
Upstream kernel
EoPModerateKernel
CVE-2022-1055A-228390920
Upstream kernel
EoPModerateKernel
CVE-2022-20158A-182815710
Upstream kernel [2]
EoPModerateKernel
CVE-2022-20368A-224546354
Upstream kernel
EoPModerateKernel
CVE-2022-20369A-223375145
Upstream kernel
EoPModerateKernel
CVE-2022-20371A-195565510
Upstream kernel
EoPModerateKernel
CVE-2022-20382A-214245176
Upstream kernel
EoPModerateKernel
CVE-2022-27666A-227452856
Upstream kernel
EoPModerateKernel
CVE-2022-29581A-233075473
Upstream kernel
EoPModerateKernel

Pixel​


CVEReferencesTypeSeverityComponent
CVE-2022-20237A-229621649 *RCECriticalModem
CVE-2022-20400A-225178325*RCECriticalModem
CVE-2022-20402A-218701042 *RCECriticalModem
CVE-2022-20403A-207975764 *RCECriticalModem
CVE-2022-20180A-212804042*EoPHighKernel
CVE-2022-20377A-222339795*EoPHighTrusty
CVE-2022-20380A-212625740 *IDHighModem
CVE-2022-20365A-229632566 *EoPModerateUserland
CVE-2022-20366A-225877745 *EoPModerateKernel
CVE-2022-20367A-225877459*EoPModerateKernel
CVE-2022-20372A-195480799 *EoPModerateKernel
CVE-2022-20373A-208269510*EoPModerateKernel
CVE-2022-20374A-201078231*EoPModerateModem
CVE-2022-20376A-216130110*EoPModerateKernel
CVE-2022-20378A-234657153*EoPModerateModem
CVE-2022-20379A-209436980 *EoPModerateKernel
CVE-2022-20381A-188935887*EoPModerateKernel
CVE-2022-20383A-222408847*EoPModerateCamera
CVE-2022-20384A-211727306*EoPModerateModem
CVE-2022-20405A-216363416*EoPModerateModem
CVE-2022-20370A-215730643 *IDModerateModem
CVE-2022-20401A-226446030*IDModerateModem
CVE-2022-20404A-205714161*IDModerateModem
CVE-2022-20406A-184676385*IDModerateModem
CVE-2022-20408A-204782372*IDModerateModem
CVE-2022-20375A-180956894*DoSModerateModem
CVE-2022-20407A-210916981*DoSModerateModem

Common questions and answers​

This section answers common questions that may occur after reading this bulletin.


1. How do I determine if my device is updated to address these issues?


Security patch levels of 2022-08-05 or later address all issues associated with the 2022-08-05 security patch level and all previous patch levels. To learn how to check a device's security patch level, read the instructions on the Google device update schedule.


2. What do the entries in the Type column mean?


Entries in the Type column of the vulnerability details table reference the classification of the security vulnerability.



AbbreviationDefinition
RCERemote code execution
EoPElevation of privilege
IDInformation disclosure
DoSDenial of service
N/AClassification not available

3. What do the entries in the References column mean?


Entries under the References column of the vulnerability details table may contain a prefix identifying the organization to which the reference value belongs.



PrefixReference
A-Android bug ID
QC-Qualcomm reference number
M-MediaTek reference number
N-NVIDIA reference number
B-Broadcom reference number
U-UNISOC reference number

4. What does an * next to the Android bug ID in the References column mean?


Issues that are not publicly available have an * next to the Android bug ID in the References column. The update for that issue is generally contained in the latest binary drivers for Pixel devices available from the Google Developer site.


5. Why are security vulnerabilities split between this bulletin and the Android Security Bulletins?


Security vulnerabilities that are documented in the Android Security Bulletins are required to declare the latest security patch level on Android devices. Additional security vulnerabilities, such as those documented in this bulletin are not required for declaring a security patch level.


Versions​


VersionDateNotes
1.0August 1, 2022Bulletin Published
 

Lughnasadh

Senior Member
Mar 23, 2015
3,891
4,152
Google Nexus 5
Huawei Nexus 6P

hpower1

Senior Member
Jan 24, 2012
194
78
I'm going to keep trying these updates, and A13 when it drops but for now I have finally had to move off my pixel 6 pro. I lose connectivity every time I leave my house, at least once, and one place I do some work 2x per week my phone doesn't work there at all. I have moved back to my pixel 4 XL but also got a One Plus to use too. I really want to love my pixel 6 but it just doesn't work for me. I even bought a regular pixel 6 to try, same thing.
 
  • Wow
Reactions: roirraW "edor" ehT

Top Liked Posts

  • There are no posts matching your filters.
  • 5
    FYI: Even though Android Flash Tool does not flash the whole image to both slots, they have added an option to flash the A13 bootloader to the inactive slot. This may be the easiest option to use when updating to A13 from A12.

    Just to be clear, when updating to A13 from A12 a prompt will show up asking whether you want to also flash the bootloader to the inactive slot as well. It doesn't show up in the regular tick boxes.


    Screenshot from 2022-08-24 14-39-11.png
    5
    This thread confuses me. Can one root a device that is currently sim locked?
    SIM locking, which locks your SIM card to your device, i.e. can't move that same SIM card with another device, is not the same as being Carrier locked. The ability to lock your SIM card to your device is controlled by you only - by default, SIM cards are not locked to the device. You can use the search field in the device Settings to find "SIM card lock", which is in the "More security settings" submenu.

    As the others have said, Carrier unlocking and having the ability to bootloader unlock are two separate things, but typically if a device is not carrier unlocked, then you are also not able to unlock the bootloader. Being carrier unlocked does not necessarily mean you can unlock the bootloader. Example 1: Verizon. Example 2: All Samsung devices bought in the United States that can have mobile data connections. Samsung WI-Fi-only tablets can be bootloader unlocked (at the cost of tripping KNOX permanently), but obviously, in that case, there's no carrier involved.
    5
    Looks like they finally updated the "Updating Pixel 6, Pixel 6 Pro, and Pixel 6a devices to Android 13 for the first time" section on the download page to include the correct command for Option 2 (adb reboot bootloader rather than adb reboot fastboot).
    5

    BulletinLanguagesPublished dateSecurity patch level
    September 2022Coming soonSeptember 6, 20222022-09-05

    Pixel Update Bulletin—September 2022​


    Published September 6, 2022
    The Pixel Update Bulletin contains details of security vulnerabilities and functional improvements affecting supported Pixel devices (Google devices). For Google devices, security patch levels of 2022-09-05 or later address all issues in this bulletin and all issues in the September 2022 Android Security Bulletin. To learn how to check a device's security patch level, see Check and update your Android version.
    All supported Google devices will receive an update to the 2022-09-05 patch level. We encourage all customers to accept these updates to their devices.
    Note: The Google device firmware images are available on the Google Developer site.

    Announcements​

    • In addition to the security vulnerabilities described in the September 2022 Android Security Bulletin, Google devices also contain patches for the security vulnerabilities described below.

    Security patches​

    Vulnerabilities are grouped under the component that they affect. There is a description of the issue and a table with the CVE, associated references, type of vulnerability, severity, and updated Android Open Source Project (AOSP) versions (where applicable). When available, we link the public change that addressed the issue to the bug ID, like the AOSP change list. When multiple changes relate to a single bug, additional references are linked to numbers following the bug ID.

    Kernel components​

    CVEReferencesTypeSeverityComponent
    CVE-2022-28388A-228694483
    Upstream kernel
    EoPModerateKernel

    Pixel​

    CVEReferencesTypeSeverityComponent
    CVE-2022-20231A-211485702*EoPCriticalTrusty
    CVE-2022-20364A-233606615*EoPCriticalKernel

    Qualcomm components​

    CVEReferencesSeverityComponent
    CVE-2022-25654A-223230190
    QC-CR#3075470
    ModerateKernel

    Qualcomm closed-source components​

    CVEReferencesSeverityComponent
    CVE-2022-25653A-223230071*ModerateClosed-source component

    Functional patches​

    For details on the new bug fixes and functional patches included in this release, refer to the Pixel Community forum.

    Common questions and answers​

    This section answers common questions that may occur after reading thisulletin.
    1. How do I determine if my device is updated to address these issues?
    Security patch levels of 2022-09-05 or later address all issues associated with the 2022-09-05 security patch level and all previous patch levels. To learn how to check a device's security patch level, read the instructions on the Google device update schedule.
    2. What do the entries in the Type column mean?
    Entries in the Type column of the vulnerability details table reference the classification of the security vulnerability.
    AbbreviationDefinition
    RCERemote code execution
    EoPElevation of privilege
    IDInformation disclosure
    DoSDenial of service
    N/AClassification not available
    3. What do the entries in the References column mean?
    Entries under the References column of the vulnerability details table may contain a prefix identifying the organization to which the reference value belongs.
    PrefixReference
    A-Android bug ID
    QC-Qualcomm reference number
    M-MediaTek reference number
    N-NVIDIA reference number
    B-Broadcom reference number
    U-UNISOC reference number
    4. What does an * next to the Android bug ID in the References column mean?
    Issues that are not publicly available have an * next to the Android bug ID in the References column. The update for that issue is generally contained in the latest binary drivers for Pixel devices available from the Google Developer site.
    5. Why are security vulnerabilities split between this bulletin and the Android Security Bulletins?
    Security vulnerabilities that are documented in the Android Security Bulletins are required to declare the latest security patch level on Android devices. Additional security vulnerabilities, such as those documented in this bulletin are not required for declaring a security patch level.

    Versions​

    VersionDateNotes
    1.0September 6, 2022Bulletin Published
  • 59
    SURPRISE new Factory Image:


    13.0.0 (TP1A.220905.004.A1, Sep 2022, Verizon, Verizon MVNOs)FlashLink5e431fe5b488b48c4543a22f18356d1ad45c04fdab07bfe451ca13bdf08d0039

    I see the September update for the 6a also came out. :)

    September 2022 factory image is available:

    13.0.0 (TP1A.220905.004, Sep 2022)FlashLink4dba4ced0ea829e3d334dee55d8b15daa4cd1b57848417a8787d68a0b6ce3793

    Kush M.
    Community Manager•Original Poster

    Google Pixel Update - September 2022​

    Announcement
    Hello Pixel Community,

    We have provided the monthly software update for September 2022. All supported Pixel devices running Android 13 will receive these software updates starting today. The rollout will continue over the next week in phases depending on carrier and device. Pixel 6a devices will receive the update later this month. Users will receive a notification once the OTA becomes available for their device. We encourage you to check your Android version and update to receive the latest software.

    Details of this month’s security fixes can be found on the Android Security Bulletin: https://source.android.com/security/bulletin

    Thanks,
    Google Pixel Support Team


    Software versions

    Global
    • Pixel 4 (XL): TP1A.220905.004
    • Pixel 4a: TP1A.220905.004
    • Pixel 4a (5G): TP1A.220905.004
    • Pixel 5: TP1A.220905.004
    • Pixel 5a (5G): TP1A.220905.004
    • Pixel 6: TP1A.220905.004
    • Pixel 6 Pro: TP1A.220905.004

    What’s included

    The September 2022 update includes bug fixes and improvements for Pixel users – see below for details.

    Battery & Charging
    • Fix for issue occasionally causing increased battery drain from certain launcher background activities
    • Fix for issue preventing wireless charging mode to activate in certain conditions *[1]

    Biometrics
    • Additional improvements for fingerprint recognition and response in certain conditions *[2]

    Bluetooth
    • Fix for issue occasionally preventing certain Bluetooth devices or accessories from connecting

    User Interface
    • Fix for issue occasionally causing notifications to appear truncated on the lock screen
    ---------------------------------------------------------------

    Device Applicability

    Fixes are available for all supported Pixel devices unless otherwise indicated below.

    *[1] Included on Pixel 4, Pixel 4 XL, Pixel 5, Pixel 6 & Pixel 6 Pro
    *[2] Included on Pixel 6a


    Details
    Other

    BulletinLanguagesPublished dateSecurity patch level
    September 2022Coming soonSeptember 6, 20222022-09-05

    Pixel Update Bulletin—September 2022​


    Published September 6, 2022
    The Pixel Update Bulletin contains details of security vulnerabilities and functional improvements affecting supported Pixel devices (Google devices). For Google devices, security patch levels of 2022-09-05 or later address all issues in this bulletin and all issues in the September 2022 Android Security Bulletin. To learn how to check a device's security patch level, see Check and update your Android version.
    All supported Google devices will receive an update to the 2022-09-05 patch level. We encourage all customers to accept these updates to their devices.
    Note: The Google device firmware images are available on the Google Developer site.

    Announcements​

    • In addition to the security vulnerabilities described in the September 2022 Android Security Bulletin, Google devices also contain patches for the security vulnerabilities described below.

    Security patches​

    Vulnerabilities are grouped under the component that they affect. There is a description of the issue and a table with the CVE, associated references, type of vulnerability, severity, and updated Android Open Source Project (AOSP) versions (where applicable). When available, we link the public change that addressed the issue to the bug ID, like the AOSP change list. When multiple changes relate to a single bug, additional references are linked to numbers following the bug ID.

    Kernel components​

    CVEReferencesTypeSeverityComponent
    CVE-2022-28388A-228694483
    Upstream kernel
    EoPModerateKernel

    Pixel​

    CVEReferencesTypeSeverityComponent
    CVE-2022-20231A-211485702*EoPCriticalTrusty
    CVE-2022-20364A-233606615*EoPCriticalKernel

    Qualcomm components​

    CVEReferencesSeverityComponent
    CVE-2022-25654A-223230190
    QC-CR#3075470
    ModerateKernel

    Qualcomm closed-source components​

    CVEReferencesSeverityComponent
    CVE-2022-25653A-223230071*ModerateClosed-source component

    Functional patches​

    For details on the new bug fixes and functional patches included in this release, refer to the Pixel Community forum.

    Common questions and answers​

    This section answers common questions that may occur after reading thisulletin.
    1. How do I determine if my device is updated to address these issues?
    Security patch levels of 2022-09-05 or later address all issues associated with the 2022-09-05 security patch level and all previous patch levels. To learn how to check a device's security patch level, read the instructions on the Google device update schedule.
    2. What do the entries in the Type column mean?
    Entries in the Type column of the vulnerability details table reference the classification of the security vulnerability.
    AbbreviationDefinition
    RCERemote code execution
    EoPElevation of privilege
    IDInformation disclosure
    DoSDenial of service
    N/AClassification not available
    3. What do the entries in the References column mean?
    Entries under the References column of the vulnerability details table may contain a prefix identifying the organization to which the reference value belongs.
    PrefixReference
    A-Android bug ID
    QC-Qualcomm reference number
    M-MediaTek reference number
    N-NVIDIA reference number
    B-Broadcom reference number
    U-UNISOC reference number
    4. What does an * next to the Android bug ID in the References column mean?
    Issues that are not publicly available have an * next to the Android bug ID in the References column. The update for that issue is generally contained in the latest binary drivers for Pixel devices available from the Google Developer site.
    5. Why are security vulnerabilities split between this bulletin and the Android Security Bulletins?
    Security vulnerabilities that are documented in the Android Security Bulletins are required to declare the latest security patch level on Android devices. Additional security vulnerabilities, such as those documented in this bulletin are not required for declaring a security patch level.

    Versions​

    VersionDateNotes
    1.0September 6, 2022Bulletin Published

    Regarding Developer Support Android 12 images, see @Lughnasadh's post here.

    I am not linking directly to the Developer Support Android 12 images because I don't want them to be confused with Stable Android 12, and since the Developer Support images won't receive any OTAs...ever. They likely also will never be manually updated on the Developer Support images site, so they will forever be stuck with the security patch level they're currently on, which will become further out of date every month. You can Google search Developer Support Android images if you want to find them.

    Platform Tools has been updated slightly to v33.0.3:

    Windows: https://dl.google.com/android/repository/platform-tools-latest-windows.zip

    Mac: https://dl.google.com/android/repository/platform-tools-latest-darwin.zip

    Linux: https://dl.google.com/android/repository/platform-tools-latest-linux.zip

    Release Notes https://developer.android.com/studio/releases/platform-tools:

    33.0.3 (Aug 2022)​

    • adb
      • Don't retry adb root if first attempt failed.
      • Fix track-devices duplicate entry.
      • Add receive windowing (increase throughput on high-latency connections).
      • More specific error messages in the "more than one device" failure cases.
      • Reject unexpected reverse forward requests.
      • Fix install-multi-package on Windows.
    • fastboot
      • Remove e2fsdroid as part of SDK platform-tools.
      • Print OemCmdHandler return message on success.

    TL;DR regarding the PSA. If you update one slot to Android 13, you can fastboot reboot bootloader after and then fastboot --set-active=other to change slots in order to flash Android 13 to the new slot, but IF you have Android 13 on one slot and still have Android 12 (including Android 12 bootloader) on the other slot and you try to fully boot into Android 12, you will be permanently bricked and have to seek repair from Google. No one has yet found a way to repair this on our own. I will update if there is any progress. At least a small handful, and probably more, people have done this already.

    At a minimum, do this first: fastboot flash bootloader --slot all bootloader-devicename-slider-1.2-3456789.img (change the name of the bootloader file to the one for your device), then you *should* be much safer than without doing that first. Also note that the bootloader is NOT the same as boot.img (kernel). The bootloader image file has "bootloader" in the filename.

    IF you have already bricked your phone and the screen is blank - there is likely nothing we can do to help. You should seek to get a repair from Google, possibly under warranty.


    You CANNOT go back to Android 12 Stable. It *seems* as if you can, but Android 12 will not work 100% correctly after updating to the Android 13 bootloader.

    My tiny, early, very mini-review of Android 13 is here.

    Note that this is mainly for the officially listed "Unlocked" Pixel 6 Pro, available directly from the Google Store. All of this will also apply to any other (carrier-specific) variant of the Pixel 6 Pro which you can achieve an unlocked bootloader on. This includes T-Mobile and AT&T variants. It's likely Verizon variants will never be able to unlock their bootloader, or if so it will require paying the right person to do so.

    Feel free to ask about general questions, but for anything that's specific to your variant, you should use one of the other already existing threads. You'll find Verizon, AT&T, and T-Mobile-related threads in those respective search results.

    Here there be dragons. 🐉 I am not responsible for anything at all. 😹

    Unlocking or locking the bootloader will wipe the device every single time, so be sure to have your data backed up before doing so, or better yet, just unlock it as soon as you get the device.


    Keep in mind that unlocking the bootloader or rooting might affect your phone's capability to use banking apps such as Google Pay, your local bank's app, or even the ability to install some apps like NetFlix. See @Pekempy's thread Working SafetyNet with Pixel 6 Pro Android 12

    If you're going to re-lock the bootloader, make sure the ROM you have on your phone is completely stock (by flashing the latest official firmware) BEFORE re-locking it.

    There are no negative consequences if you unlock or re-lock the bootloader other than it will wipe your phone, and while unlocked you get a brief screen when you boot the phone telling you (and anyone who sees your phone at the time) that the bootloader is unlocked. You will also continue to receive updates (if you've merely unlocked the bootloader, you can take updates as normal) unlike Samsung, Sony, et cetera, which have permanent major consequences with reduced functionality even if you un-root and re-lock your bootloader. If you're actually rooted (not just bootloader unlocked), you'll have to perform extra steps to manually update each month, and to keep root/re-root.


    All posts about Google Pay or banking will be reported to be deleted. Please keep this thread on-topic. There are at least one or two other How To Guide threads in this section in which folks discuss how to get around banking app restrictions when you're rooted or just have an unlocked bootloader. See @Pekempy's thread Working SafetyNet with Pixel 6 Pro Android 12
    If users persist in discussing banking apps in this thread, I will have this thread locked and only update this first post when there is new and updated information regarding the subjects of the title of the thread: Unlocking the Pixel 6 Pro bootloader, rooting, and TWRP. See @Pekempy's thread Working SafetyNet with Pixel 6 Pro Android 12

    Honorable mention to @Jawomo's aodNotify - Notification Light / LED for Pixel 6 Pro! (XDA link) / Notification light / LED for Pixel - aodNotify (Play Store link), which in my opinion restores useful functionality missing in most phones these days. It also solves some subjective issues some folks have with AOD (Always On Display), and/or solves/works around the problem where AOD is required for the optical fingerprint reader to work without the screen being on.​


    Check warranty status - *may* reveal if a phone is refurbished, only if the phone was refurbished through Google - thanks to @Alekos for making me aware of the site.
    Official Google Pixel Update and Software Repair (reported as of January 23, 2022 to still not be updated for the Pixel 6/Pro yet)

    Google's Help Page for Find problem apps by rebooting to safe mode - this can be a lifesaver and keep you from having to do a restore to 100% complete stock or even from having to do a factory reset. This will deactivate all Magisk modules, and they'll remain deactivated even after you boot normally after briefly booting to safe mode. You can reenable the Magisk modules as you wish to try to narrow down the problem if it was caused by a Magisk module. This can even get things working again after a Magisk Module wasn't finished installing and potentially causing a bootloop.

    Official Google Pixel Install fingerprint calibration software (also available at the bottom of the Update and Software Repair page above) - I believe this is only helpful if you've replaced the screen
    Official Google Android Flash Tool (OEM Unlocking needs to be toggled on - you may not have to manually unlock the bootloader - the "site" will do that on its own)
    OEM unlocking in developer options needs to be toggled on. I don't "believe" you have to actually do the "fastboot flashing unlock" command.

    ADB/Fastboot, Windows Drivers, and unlocking the bootloader (thanks @sidhaarthm for confirming unlocking the bootloader works as intended, be sure to thank him in his post)
    • You'll need this if you're going to unlock the bootloader on your Pixel 6 Pro: SDK Platform Tools (download links for Windows, Mac, and Linux). Note that you can find links to download the tools elsewhere, but I wouldn't trust them - you never know if they've been modified. Even if the person providing the link didn't do anything intentionally, the tools could be modified without them being aware. Why take a chance of putting your phone security further at risk?
    • For Windows, get Google's drivers here Get the Google USB Driver (ADB will likely work while the phone is fully booted, but if you're like me, you'll need these drivers for after you "adb reboot-bootloader", to be able to use ADB and Fastboot.
    • Thanks to @96carboard for posting the details of unlocking the bootloader, be sure to thank him in his post. Unlocking or locking the bootloader will wipe the device every single time, so be sure to have your data backed up before doing so, or better yet, just unlock it as soon as you get the device. Keep in mind that unlocking the bootloader or rooting might affect your phone's capability to use banking apps such as Google Pay, or your local bank's app. If you're going to re-lock the bootloader, make sure the ROM you have on your phone is completely stock (by flashing the latest official firmware) BEFORE re-locking it. My experience on my Pixel 1 was that there were no negative consequences if you unlock or re-lock the bootloader other than it will wipe your phone, and while unlocked you get a brief screen when you boot the phone telling you (and anyone who sees your phone at the time) that the bootloader is unlocked. All of this should still be the case. You will also continue to receive updates. Unlike Samsung, Sony, et cetera, which have major consequences with reduced functionality even if you un-root and re-lock your bootloader. If you're actually rooted (not just bootloader unlocked), you'll have to perform extra steps to keep root/re-root.:


      The unlock process works like this:

      1) Take brand new fresh phone out of box. Do NOT put sim card in it, just power it on (you can put a SIM card if you want, you just don't have to).
      2) When it starts harassing you to join Google, hit "skip" and "remind me tomorrow" as applicable until you reach home screen. YOU DO NOT need to plug in a google account.
      3) Settings --> About --> Build number. Repeatedly tap it until it says you're a developer.
      4) Back --> Network --> WiFi and connect it.
      5) Back --> System --> Developer --> OEM unlocking (check), USB debugging (check), plug in USB, authorize on the phone when requested.

      Using the Platform Tools previously mentioned in command line/terminal:
      6) #
      Code:
      adb reboot-bootloader
      7) #
      Code:
      fastboot flashing unlock

      Now that you've unlocked it, it has been wiped, so repeat 1-4, then disable all the google spyware, and go ahead and start using it while waiting for aosp and root.

      Official Instructions for Locking/Unlocking the Bootloader
    Personally, I would always use the official drivers Google provides unless they just don't work for whatever reason: Get the Google USB Driver (this is for Windows). They work for me. They are rarely updated, but they are every once in a great while, sometimes years in-between.
    I agree with this. be careful using drivers or adb/fastboot tools. Some are fine, but there's no need for it really anymore. Google has made it very easy to install drivers and Platform-Tools (adb/fastboot tool).

    Google provides the Fastboot/ADB tool (Platform-Tools) and Google USB Drivers (adb/fastboot interface). This will allow any Pixel to interface with Windows using the fastboot/adb protocol. Official Google USB Driver includes support for both the Fastboot and ADB driver interface. There are 3 main drivers (Fastboot, ADB and MTP/Portable File Transfer). The MTP/Portable File Transfer driver is built-in to Windows 7-11.

    Fastboot/ADB Driver Interface - Official Download Link:
    When flashing a full image or unlocking your bootloader, the fastboot interface is being used.

    First Download official Google USB Drivers (it's a zip file). Extract the zip (important!). Right-click on the android_winusb.inf file and hit install. You can then restart your phone to the Bootloader Screen (hold vol-down while it restarts or turns on). When you plug in your phone, Windows Device Manager will show a new device at the top: Android Device: Android Bootloader Interface.

    Using the ADB interface: It's the same driver. Enable USB Debugging on your phone, then plug it in to your computer. A prompt will appear on your phone (to allow USB Debugging). The driver in Device Manager will appear as Android Device: Android Composite ADB interface.

    Now you can download and use Platform-Tools to flash an Android Image, OTA or run adb/fastboot commands.
    Official Download Page
    "Android SDK Platform-Tools is a component for the Android SDK. It includes tools that interface with the Android platform, such as adb, fastboot, and systrace"

    It's best to make Platform-Tools available system-wide. Download Platform-Tools from the above link and extract it to your C:\ drive - that way you will have a folder to add to the PATH Environment under Window System Properties Menu, Advanced, Environment Variables, System Variables, PATH (google how to do this, very easy). What this does is allow adb/fastboot commands to be run from anywhere in the system, so you don't have to be in the platform-tools folder to run adb/fastboot commands and flash an Android Image (Official or Android Fork such as ProtonAOSP).

    Rooting-related


    No longer applies - Things that make rooting more complicated on Android 12
    @V0latyle posted a new thread with some very important and fascinating information about the increased difficulty to root Android 12: Read this before rooting. Be sure to thank him there.

    A list of the other important guides - be sure to thank the respective OPs
    For all relevant guide threads just click the yellow "How To Guide" quick filter above the list of threads in the Pixel 6 Pro section.


    TWRP (not made for the Pixel 6 Pro yet - will update when it has)
    I would guess that this should be the appropriate URL for official TWRP custom recovery for the Pixel 6 Pro, but who knows when/if that will actually be made available, and it may become available unofficially in these forum sections before being made official. I'll adjust this URL as needed. https://twrp.me/google/googlepixel6pro.html.

    Custom kernels for stock ROM(s)

    Factory Images (requires an unlocked bootloader)
    It's also handy to have to the full official firmware available, whether it's to recovery from accidents or for actual development. Note the official link to the general Factory Images for Nexus and Pixel Devices page. The following link goes directly to the Pixel 6 Pro (Raven) section: Pixel 6 Pro Factory Images. I prefer to actually bookmark a link to the device listed immediately below the device I want the firmware for, because Google dumbly (in my opinion) puts the latest firmware at the bottom of the list for each particular device, and that ends up making you scroll a lot after a year or two of monthly updates.

    Note: You can still get the December 2021 Factory Images and OTA from this thread, if you need them for any reason: Alternate links to December - all full factory images and OTAs available

    Full OTA Images (doesn't require an unlocked bootloader)

    The usefulness of having Verity and Verification enabled (now that it's not needed for root) - post #2 below.

    Regarding P6P 5G model numbers and capabilities - post #3 below.

    List of all Pixel monthly security bulletins and Play System Updates - post #4 below.

    How I root and update (which is identical whether rooting the first time or updating):
    • Use the latest Magisk Stable (in my case, I keep the app "hidden" / renamed)
    • Used the full firmware zip, extracted to the same folder as the latest Platform Tools (S:\platform-tools)
    • Extracted the new boot.img
    • Copied new boot.img to the phone
    • Patched the new boot.img with Magisk Stable
    • Renamed Magisk'd boot.img so I know what version of firmware it's for
    • Copied the Magisk'd boot.img back to the computer
    • Disabled all my Magisk Modules
    • Removed the "-w " from the flash-all.bat
    • Re-edited the flash-all.bat to verify I saved it with the "-w " taken out
    • Open a Command Prompt, navigated to S:\platform-tools
    • adb reboot bootloader
    • flash-all.bat
    • Let phone boot, unlock it, check that it's working, allow the update process to finish (gave it five minutes or so)
    • adb reboot bootloader
    • fastboot flash boot kernel.img (renamed Magisk'd boot.img)
    • fastboot reboot
    • Unlock, check everything's working
    • Re-enabled the most basic Magisk Modules which I was sure wouldn't cause a critical issue
    • Reboot, unlock, made sure everything's working
    Back to modding!

    I may append these first four posts with further useful information or links as needed.
    15
    The unlock process works like this;

    1) Take brand new fresh phone out of box. Do NOT put sim card in it, just power it on.
    2) When it starts harassing you to join google, hit "skip" and "remind me tomorrow" as applicable until you reach home screen. YOU DO NOT need to plug in a google account.
    3) Settings --> About --> Build number. Tap it until it says you're a developer.
    4) Back --> Network --> Wifi and connect it.
    5) Back --> System --> Developer --> OEM unlocking (check), USB debugging (check), plug in USB, authorize when requested.
    6) # adb reboot-bootloader
    7) # fastboot flashing unlock

    Now that you've unlocked it, it has been wiped, so repeat 1-4, then disable all the google spyware, and go ahead and start using it while waiting for aosp and root.
    15
    SDK Platform Tools updated to v33.0.1 (March 2022):

    33.0.1 (March 2022)​

    • adb
      • Fixes Windows mdns crashes.
      • Fixes enable-verity/disable-verity on old devices.
      • Fixes "install multiple" on old devices
      • Improves the help output to include all supported compression methods.
    13
    Just to let everyone know, updating to .037 and re-rooting (without wiping anything) worked with no problems. My method is to just replace -w with --disable-verity --disable-verification in the flash-all.bat file and run the flash-all command. I then let it reboot, patch the boot image, return to bootloader and flash the patched boot image.

    Canary 23014

    EDIT: Thank you @ipdev for confirming my inquiry that this method would work back on Nov. 4 👍
    11
    SDK Platform Tools have been updated to v32.0.0 (January 2022). Update now before you forget and flashing the February update on the 7th gives you hassles. :)

    Direct download for Windows: https://dl.google.com/android/repository/platform-tools-latest-windows.zip

    Revisions​

    32.0.0 (January 2022)​

    • adb
      • Fixed adb w/o args SEGV regression.
    • fastboot
      • Reinstated recovery execution from b/158156979 (removal of preprocessor guards for root/secure).