There's no time to waste on this. Now that knowledge of the vulnerability has exploded, it won't take long before we start seeing cases of hacks. (So far, no known user hacks have occured.)
Google has provided patches. Now it's up to Verizon to distribute them. Even if it's a stand-alone patch, it needs to get pushed out ASAP.
I'm going to call them, even though I know what they'll tell me. If we start clogging up the support lines, hopefully it'll let them know their cust base really cares about this.
Actually, that's not how it works. With Verizon, at least, system updates come from Verizon once they've been reviewed or tested or something which is frequently months after Google has released them.
No that's not how it works... When it comes to CRITICAL updates. There's multiple examples like Heartbleed, Rage in the Cage, and the Samsung keyboard exploits to name a few. All those were updated without carrier involvement.
To top it off if stuff doesn't start working right people would blame the carrier when it comes to basic releases or OS upgrades. Catch 22 if you ask me. They'll get blamed no matter what they do. In Europe surprisingly they blame the manufacturer and pressure manufacturers and they get better support. And yes they sign contracts for their phones and yes carriers do testing too. Go figure?
Also Verizon is NOT a manufacturer. They are a distributor if anything. Manufacturers have to test the patch against their devices then push them out. No manufacturer to date has pushed out a fix. Also Google only patched 1 of their devices which is the Nexus 6 Nexus 4 and Nexus 5 are vulnerable.
The articles I've read say that Google releases upgrades to Android which are then released by the carrier when it is ready. In my own experience, I've only gotten upgrades from the manufacturer for apps with its brand.
Carriers do not touch code. Manufacturers do. Google released them to OEMs(manufacturers) which they need to incorporate the code into their code.