Android phone manufacturers lying to users about missed security patches

Ismael LynchApr 15, 2018

The vendors of the Android Phones claims that if you are updating your phones regularly then you are having all the latest security patches. Android has a lot of manufacturers, and hardly any OEM can keep up with Google's pace of releasing security patches.

The researchers Karsten Nohl and Jakob Lell have been working for the past two years to reverse engineer that code running on Android devices and looking if there was some "patch gap". They have examined about 1,200 firmware samples taken from various smartphones which are sourced to various vendors.

SRL found that of the major smartphone manufacturers, Google, Sony and Samsung performed the best, missing up to one patch, OnePlus and Nokia missed between one and three patches, HTC, Huawei, LG and Motorola missed three to four patches, while Chinese manufacturers TCL and ZTE missed more than four.

The way we interact with our Android phones has been changing lately; previously there were hard buttons on the Android phones for navigation. The duo focuses their investigation on patches for critical or high severity bugs which are released during the year 2017. But they're not just flat-out exclusions: it's been found that many manufacturers lie about an update containing a patch when it doesn't.

Phones with Mediatek chipsets are far more likely to deceive users about the latest updates. Google told Wired some of the devices in the report weren't Android certified, and therefore aren't tested for security and performance.

The two discovered that some OEM vendors claim to deliver up-to-date security updates, but many skip installing some patches on users' devices, for unknown reasons. But results could even vary within a brand, as SRL found.

"Security updates are one of many layers used to protect Android devices and users. Unfortunately they can not always decide on the type of device they have, or the kind of connection they are on", said Charles Murito, Google country manager, Kenya.

"We found several vendors that didn't install a single patch but changed the patch date forward by several months", Nohl said.

Nohl said that this "deliberate deception" wasn't as common as vendors simply forgetting to update their devices. The company tried to do some damage control by listing its mechanisms like Google Play Protect which are being developed to ensure an extra security layer. And Android's fragmentation is a problem that remains unsolved.

Related Articles:



Next article »


Popular Pages

2nd dispatcher claims she couldn't hear teen trapped in van
Plush said several times he was "at Seven Hills", though the operator apparently did not hear clearly or understand what he meant. In a letter sent to Seven Hills families Tuesday morning, school spokeswoman Chris Hedges called the death "a tragic accident".

New York Jets mock draft: Finding a franchise quarterback
This is a draft where the Bills can re-shape their roster, or make a big trade to move up on a franchise quarterback. They need to hit on their first round pick, and they should be in position to do that.

Milos Forman, Oscar-winning exiled director
With disdain for the communist bureaucracy that was now in power in his homeland, he made a decision to emigrate to NY . Married three times, Forman met his third wife Martina - a writer three decades his junior - in Prague in the 1990s.

Donald Trump just made the Masters all about him
Never one to back down from a fight, Patrick Reed sure had one on his hands Sunday in the final round of the 82nd Masters . But there's something about the position he's in that can be hard on which to sleep, and the others around him know that.

Critics Sing Praises For New God Of War Game
You're in control of when Atreus fires, and must manage how many arrows he has at his disposal carefully during a lengthy battle. When the original God of War came out in 2005, players were more likely than not to be sprawled in a student bedsit.

New 2019 Chevrolet Camaro Lineup Revealed
It also includes an electronic limited-slip differential, Magnetic Ride Control, and FE4 performance suspension. HSV has already stated that the Camaro will wear the Chevrolet Bow Tie in Australia and not the HSV badge.

Bloomin' Brands; Delta Air Lines; Rite Aid — CORPORATE REPORT
The ratio turned negative due to DAL positioning: 54 sold and 267 reduced. 104 funds opened positions while 251 raised stakes. The transportation company reported $0.74 EPS for the quarter, topping the Zacks' consensus estimate of $0.73 by $0.01.

Netflix Job Posting Calls For Professional Binge Watching
Maryland Capital Management purchased a new position in shares of Netflix in the fourth quarter valued at approximately $249,000. After $0.41 actual EPS reported by Netflix , Inc. for the previous quarter, Wall Street now forecasts 53.66 % EPS growth.

Sea Of Thieves Updates Detailed, Will Bring Free New Content
With the event model, Rare says that there will be rewards that can only be earned by playing the game during the event window. One example mentioned by Rare is underwater caves and reefs where an NPC could send players on a quest to find lost treasure.

Bank of America Corporation (NYSE:BAC)
California State Teachers Retirement System holds 1.1% of its capital in Bank of America Corporation (NYSE: BAC ) for 18.06M shs. It is positive, as 66 investors sold BAC shares while 561 reduced holdings. 162 funds amassed stakes and 585 increased stakes.