Navigating the site link I noticed that there are many people making changes to the source code of the Android system. I even know that patch fixes for bugs and vulnerabilities are "committed" there.
I'm trying to make an app that diagnoses a device regarding its vulnerabilities based on device metadata like, android version, kernel version, build number, build timestamp, etc.
There is a vulnerability that affects many versions of android, including my device (Jelly Bean 4.1.2), but according to the "Trustable" application, my device is protected from this vulnerability. The fix patch for this vulnerability was released / committed in 2013, and my device's build time (system build date) is 2014. That is why my device is not susceptible to this vulnerability. But this is just speculation, and I wanted to be sure.
I would like to know how system updates occur; if they occur, for example, at a certain time interval, if these updates modify the build timestamp of the system, and especially if I can guarantee that my device is not susceptible to a certain vulnerability if the build timestamp, ie the date (kernel) is greater than the vulnerability fix release date.
Thank you in advance.