On Wed, 8 Nov 2017 14:46:32 +1300, Peter Reutemann wrote:
'On Nov. 6, Google released an Android update patching a vulnerability that IT vendors have known about for months.'
-- source: https://www.esecurityplanet.com/mobile-security/google-patches-krack-wifi-fl...
From <https://arstechnica.com/gadgets/2017/11/pixel-wont-get-krack-fix-until-december-but-is-that-really-a-big-deal/>: “...the KRACK vulnerability won't be patched on Google-branded devices until December. That's right, Pixel and Nexus owners will have to survive a whole extra month being vulnerable to KRACK. But this isn't as huge of a problem as you might imagine.” “KRACK is a big deal for some devices, but it's mainly those that use WPA2 as their primary form of security. A lot of times this is IoT stuff like video cameras or "dumber" devices like a printer. On Android, killing WPA2 security is no different from logging in to an open coffee shop Wi-Fi with 25 other random people. Android is used to this, and the OS and apps generally take the right precautions.” As has been said before, end-to-end security is the vital thing. If “insecure” wi-fi is a problem for your application, then you’re doing it wrong.