Some Android Smartphone Makers Caught Lying About Missed Security Updates

2fuploads%2fvideo uploaders%2fdistribution thumb%2fimage%2f85462%2f15e3d997 7fbc 4477 8039 27eea2294326

SnoopSnitch - Android Apps on Google Play

A Google spokesperson sent us the following statement.

Some Android OEMs are have reportedly been skipping security patches according to a security research firm called Security Research Labs, which mentioned the issue last week on Friday, April 6 at a conference in Amsterdam. Now it looks like smartphone manufacturers have been lying to users about which security patch update is installed on their phone, even when they had skipped the particular patch. Missed patches refer to those that companies claimed to have installed but were found to be missing. "Probably for marketing reasons, they just set the patch level to nearly an arbitrary date, whatever looks best", Nohl said. "Since then, many device vendors have improved their patching frequency: Phones now receive monthly security updates". And some patches may have been missed, says Google, because the manufacturer removed the offending feature instead of fixing it with the patch.

Samsung's budget J3 smartphone. But results could even vary within a brand, as SRL found.

Conversely, SRL also found that Samsung's mid-range J5 device contained all the advertised security patches. By showing users that these patches were installed when they weren't, owners believe that their handsets are safer than they really are. Nonetheless, it's another sight of the challenge Google faces in trying to elevate Android's security credibility, particularly when it comes to a matter it can only hope to influence, not control.

NHRC slaps notices on Centre, Telangana on sexual harassment in films
Angry MAA announced that it would not give membership to the actress and will also banish anyone who works with her going forward. Thursday took suo motu cognisance of media reports about the alleged sexual exploitation of women in the Telugu film industry.

NOhl and Lell chose to carry out an investigation on the Android smartphones who received and install the latest Android updates. Still, Google has some work to do to get third-parties in line. The problem with Android is that while Google may push out regular software updates, it is left to these manufacturers to push them out to their devices. The team was especially interested on critical security updates that fixed major bugs in 2017. In a somewhat better grouping, each Xiaomi, OnePlus and Nokia phone tested had between one and three missed patches.

"Modern operating systems include several security barriers ... all of which typically need to be breached to remotely hack a phone". Despite Google's constant effort most of the vendors tend to skip on the occasional security patch for their devices and majority are specific to the mid-range devices.

ZTE and TCL are among the worst offenders, followed by HTC, LG, Motorola, and Huawei.

"We would like to thank Karsten Nohl and Jakob Kell for their continued efforts to reinforce the security of the Android ecosystem", the company writes. There's no word yet on how exactly Google plans to prevent this situation in the future as there aren't any mandated checks in place from Google to ensure that devices are running the security patch level they claim they are running. The company tried to do some damage control by listing its mechanisms like Google Play Protect which are being developed to ensure an extra security layer.

Latest News