Android phone makers allegedly lied about missed security patches

Some major phone makers appear to have missed important security updates from Google

Some of the largest Android smartphone makers are thought to be misleading users about important security updates, according to a report from Wired.

The claim comes from technology analyst firm Security Research Labs, which has reason to believe that Android manufacturers are telling lies about security patches.

Over the past few years, Android manufacturers have built up a reputation of being slow to issue important software updates. Statistics released by Google in February claim that just 1.1 per cent of Android devices are working on the latest Android version.

Clearly, that is a problem in itself. However, SRL researchers Karsten Nohl and Jakob Lell believe that several manufacturers are informing users that their devices have been updated, when they are actually missing important patches pushed out by Google.

The technologists spent two years analysing a range of Android devices, considering if the manufacturer had installed promised updates. Overall, they identified a so-called "patch gap".

In total, Nohl and Lell analysed the firmware of 1,200 phones developed by companies such as Samsung, Google, HTC, Motorola and ZTE.

Based on these findings, the researchers claim that even the biggest Android manufacturers are making misleading promises about security updates.

Unfortunately, they did not explain whether or not these missed updates are intentional. But the worrying thing is that users may not actually be protected like manufacturers make out.

It is worth noting, though, that some manufacturers are apparently better at releasing updates than others. The research shows that Samsung and Sony only missed a few patches over a two-year period.

However, handsets from less known manufacturers like ZTE and TCL have a worse track record at pushing out security patches.

To coincide with the release of the report, SRL has launched an app called SnoopPitch, which it says helps Android users find out if their handsets are neglecting security.

In a statement given to The Verge, Google thanked Karsten Nohl and Jakob Kell "for their continued efforts to reinforce the security of the Android ecosystem".

The firm said: "We're working with them to improve their detection mechanisms to account for situations where a device uses an alternate security update instead of the Google suggested security update.

"Security updates are one of many layers used to protect Android devices and users. Built-in platform protections, such as application sandboxing, and security services, such as Google Play Protect, are just as important.

"These layers of securitycombined with the tremendous diversity of the Android ecosystemcontribute to the researchers' conclusions that remote exploitation of Android devices remains challenging."

Featured Resources

Navigating the new normal: A fast guide to remote working

A smooth transition will support operations for years to come

Download now

Leading the data race

The trends driving the future of data science

Download now

How to create 1:1 customer experiences at scale

Meet the technology capable of delivering the personalisation your customers crave

Download now

How to achieve daily SAP releases

Accelerate the pace of SAP change to support your digital strategy

Download now

Most Popular

Microsoft hints at stand-alone successor to Office 2019 suite
Microsoft Office

Microsoft hints at stand-alone successor to Office 2019 suite

24 Sep 2020
16 ways to speed up your laptop
Laptops

16 ways to speed up your laptop

16 Sep 2020
16 ways to speed up your laptop
Laptops

16 ways to speed up your laptop

16 Sep 2020