The manufacturers have allegedly been found to be lying to consumers about missed security patches. While some manufacturers only missed at most one patch that SRL was looking for - including Google, Sony, Samsung, and Wiko - other devices, particularly those using MediaTek processors, had far more absences.
When it comes to the consumer, it gets hard to identify if their device has been actually receiving the security update or not.
"Our large study of Android phones finds that most Android vendors regularly forget to include some patches, leaving parts of the ecosystem exposed to the underlying risks", the SRL website preview says.
The researchers told Greenberg that they examined 1,200 handsets for evidence of every Android security patch released in 2017.
Even though Google has managed to establish Android as the top smartphone operating system in the world, it has failed on a major front that ensures the security of your smartphone.
Increased Fire Danger This Afternoon
These dry conditions remove moisture from vegetation, turning it into "fuel" that can burn quickly if ignited. A Red Flag warning is in place from 11 a.m.to 7 p.m. on Wednesday and from 10 a.m.to 9 p.m. on Thursday.
ZTE and TCL appear to be among the worst offenders, while Google, Samsung and Sony are the best at patching. SRL Labs is going to release an update to its Android app SnoopSnitch that will let users check their phone's code for the actual state of its security updates, but it is unlikely that users will manually check for patches.
Now, Wired reports, a team from Security Research Labs plans to reveal a lapse that's arguably even more concerning. According to the firm there have been almost a dozen patches that were skipped by certain OEMs, which means that some users, and likely a large number of them considering how many Android phones are out there and how many vendors weren't applying the patches as regularly as Google intended, were continuing to use phones that weren't up to date and weren't able to protect their users from current (at the time) security risks that Google was pushing out these patches for. Security updates are one of many layers used to protect Android devices and users.
Actually taking advantage of unpatched phones is still a tricky matter, and the security risk is nearly certainly still higher from simply downloading a compromised app. Fast forward till today, there is still no fix for the problem and some users are already hating on Google for not addressing the issue swiftly. It appears Motorola may not be living up to its promises. But that number starts creeping up higher as we look at hardware from LG, HTC, Motorola, and ZTE - the latter's phones averaging four or more absent patches. The results are categorised as Patched, Patch missing, After claimed patch level, Test inconclusive.
But hacking an Android device is harder than it seems, as Android phones come with a broader set of security measures like address space layout randomization and sandboxing. Compared to flagships, cheaper phones are found to be skipping more patches, which also tend to use cheaper chips.