Android phone makers allegedly lied about missed security patches

Some major phone makers appear to have missed important security updates from Google

Some of the largest Android smartphone makers are thought to be misleading users about important security updates, according to a report from Wired.

The claim comes from technology analyst firm Security Research Labs, which has reason to believe that Android manufacturers are telling lies about security patches.

Over the past few years, Android manufacturers have built up a reputation of being slow to issue important software updates. Statistics released by Google in February claim that just 1.1 per cent of Android devices are working on the latest Android version.

Clearly, that is a problem in itself. However, SRL researchers Karsten Nohl and Jakob Lell believe that several manufacturers are informing users that their devices have been updated, when they are actually missing important patches pushed out by Google.

The technologists spent two years analysing a range of Android devices, considering if the manufacturer had installed promised updates. Overall, they identified a so-called "patch gap".

Advertisement
Advertisement - Article continues below

In total, Nohl and Lell analysed the firmware of 1,200 phones developed by companies such as Samsung, Google, HTC, Motorola and ZTE.

Based on these findings, the researchers claim that even the biggest Android manufacturers are making misleading promises about security updates.

Unfortunately, they did not explain whether or not these missed updates are intentional. But the worrying thing is that users may not actually be protected like manufacturers make out.

It is worth noting, though, that some manufacturers are apparently better at releasing updates than others. The research shows that Samsung and Sony only missed a few patches over a two-year period.

However, handsets from less known manufacturers like ZTE and TCL have a worse track record at pushing out security patches.

To coincide with the release of the report, SRL has launched an app called SnoopPitch, which it says helps Android users find out if their handsets are neglecting security.

In a statement given to The Verge, Google thanked Karsten Nohl and Jakob Kell "for their continued efforts to reinforce the security of the Android ecosystem".

The firm said: "We're working with them to improve their detection mechanisms to account for situations where a device uses an alternate security update instead of the Google suggested security update.

"Security updates are one of many layers used to protect Android devices and users. Built-in platform protections, such as application sandboxing, and security services, such as Google Play Protect, are just as important.

"These layers of securitycombined with the tremendous diversity of the Android ecosystemcontribute to the researchers' conclusions that remote exploitation of Android devices remains challenging."

Featured Resources

The essential guide to cloud-based backup and disaster recovery

Support business continuity by building a holistic emergency plan

Download now

Trends in modern data protection

A comprehensive view of the data protection landscape

Download now

How do vulnerabilities get into software?

90% of security incidents result from exploits against defects in software

Download now

Delivering the future of work - now

The CIO’s guide to building the unified digital workspace for today’s hybrid and multi-cloud strategies.

Download now
Advertisement

Most Popular

Visit/cloud/microsoft-azure/354230/microsoft-not-amazon-is-going-to-win-the-cloud-wars
Microsoft Azure

Microsoft, not Amazon, is going to win the cloud wars

30 Nov 2019
Visit/cloud/amazon-web-services-aws/354223/what-to-expect-from-aws-reinvent-2019
Amazon Web Services (AWS)

What to expect from AWS Re:Invent 2019

29 Nov 2019
Visit/hardware/354232/raspberry-pi-4-owners-complain-of-broken-wi-fi-when-using-hdmi
Hardware

Raspberry Pi 4 owners complain of broken Wi-Fi when using HDMI

29 Nov 2019
Visit/mobile/google-android/354189/samsung-galaxy-a90-5g-review-simply-the-best-value-5g-phone
Google Android

Samsung Galaxy A90 5G review: Simply the best value 5G phone

22 Nov 2019