Android phone makers allegedly lied about missed security patches

Some major phone makers appear to have missed important security updates from Google

Some of the largest Android smartphone makers are thought to be misleading users about important security updates, according to a report from Wired.

The claim comes from technology analyst firm Security Research Labs, which has reason to believe that Android manufacturers are telling lies about security patches.

Over the past few years, Android manufacturers have built up a reputation of being slow to issue important software updates. Statistics released by Google in February claim that just 1.1 per cent of Android devices are working on the latest Android version.

Clearly, that is a problem in itself. However, SRL researchers Karsten Nohl and Jakob Lell believe that several manufacturers are informing users that their devices have been updated, when they are actually missing important patches pushed out by Google.

The technologists spent two years analysing a range of Android devices, considering if the manufacturer had installed promised updates. Overall, they identified a so-called "patch gap".

Advertisement
Advertisement - Article continues below
Advertisement - Article continues below

In total, Nohl and Lell analysed the firmware of 1,200 phones developed by companies such as Samsung, Google, HTC, Motorola and ZTE.

Based on these findings, the researchers claim that even the biggest Android manufacturers are making misleading promises about security updates.

Unfortunately, they did not explain whether or not these missed updates are intentional. But the worrying thing is that users may not actually be protected like manufacturers make out.

It is worth noting, though, that some manufacturers are apparently better at releasing updates than others. The research shows that Samsung and Sony only missed a few patches over a two-year period.

However, handsets from less known manufacturers like ZTE and TCL have a worse track record at pushing out security patches.

Advertisement - Article continues below

To coincide with the release of the report, SRL has launched an app called SnoopPitch, which it says helps Android users find out if their handsets are neglecting security.

In a statement given to The Verge, Google thanked Karsten Nohl and Jakob Kell "for their continued efforts to reinforce the security of the Android ecosystem".

The firm said: "We're working with them to improve their detection mechanisms to account for situations where a device uses an alternate security update instead of the Google suggested security update.

"Security updates are one of many layers used to protect Android devices and users. Built-in platform protections, such as application sandboxing, and security services, such as Google Play Protect, are just as important.

"These layers of securitycombined with the tremendous diversity of the Android ecosystemcontribute to the researchers' conclusions that remote exploitation of Android devices remains challenging."

Featured Resources

How inkjet can transform your business

Get more out of your business by investing in the right printing technology

Download now

Journey to a modern workplace with Office 365: which tools and when?

A guide to how Office 365 builds a modern workplace

Download now

Modernise and transform your sales organisation

Learn how a modernised sales process can drive your business

Download now

Your guide to managing cloud transformation risk

Realise the benefits. Mitigate the risks

Download now
Advertisement

Most Popular

Visit/mobile/28299/how-to-use-chromecast-without-wi-fi
Mobile

How to use Chromecast without Wi-Fi

5 Feb 2020
Visit/operating-systems/microsoft-windows/354789/microsoft-pulls-disastrous-windows-10-security-update
Microsoft Windows

Microsoft pulls disastrous Windows 10 security update

17 Feb 2020
Visit/operating-systems/27717/how-to-fix-a-stuck-windows-10-update
operating systems

How to fix a stuck Windows 10 update

12 Feb 2020
Visit/business/business-operations/354790/hp-shareholders-invited-to-come-dine-with-xerox
Business operations

HP shareholders invited to come dine with Xerox

17 Feb 2020