Claims Of Android Phone Makers On Latest Patches Are Falling Apart

Researchers say some Android phone makers hide missed updates

An undisclosed list of Android phone makers have been actively deceiving customers about their devices' security against malware and hacking vulnerabilities, according to Wired, which spoke with researchers at the Security Research Lab (SRL) based in Germany.

Most non-Google Android phone makers (except for Sony) were once bad at keeping up with security patches.

That is still a long time away from now and such an outcome will only make it more certain that Google does not care for post-release user experience. Thankfully, there's an app called "SnoopSnitch" that allows you to check if your phone is running the security patches that the phone claims to be running... While the phone's software may claim to be fully up-to-date, the researchers found security patches missing in most devices. What they discovered was something they refer to as "patch gap".

What's The Story Of Android's Security Patches All About?

As of Google's last update in February, only 1.1 per cent of Android users have access to the most recent version of the software, and a study in 2016 found that only 17 per cent of devices were operating on a recent patch level. Despite Google's constant effort most of the vendors tend to skip on the occasional security patch for their devices and a lot of them are specific to the mid-range devices. After their investigation, they found that manufacturers like TCL and ZTE are the biggest offenders as their handsets miss more than 4 patches. "It's small for some devices and pretty significant for others", SRL founder Karsten Nohl was quoted as saying.

"Now that monthly patches are an accepted baseline for many phones, it's time to ask for each monthly update to cover all relevant patches".

Indeed, Google is the source of Android's security patches.

The researchers noted that the SoCs that the smartphones use may be the cause of the issue. For any device that received at least one security patch update since October, SRL wanted to see which device makers were the best and which were the worst at accurately patching their devices against that month's security bulletin.

One of the interesting revelations from the research is that even major vendors such as Xiaomi and Nokia (which promise swifter updates) had on an average between one and three missing patches, whereas HTC, Motorola, and LG had missed between three and four patches.

In a statement provided to TechCrunch, Google pointed to the importance of various different means used to secure the Android ecosystem. We're working with them to improve their detection mechanisms to account for situations where a device uses an alternate security update instead of the Google suggested security update. Other protections include app sandboxing, Google Play Protect, and the Android ecosystem's diversity. Your phone may say it is patched, but in reality, it may not be.

Related:

Comments


Other news