Researchers claim some Android vendors are hiding missed security patches from users

Alfred Osborne
Апреля 13, 2018

Meanwhile, Google has responded to the report saying it is working with SRL Labs to further investigate its findings.Google responded to the issue, in an emailed statement to Gadgets 360, "We would like to thank Karsten Nohl and Jakob Kell for their continued efforts to reinforce the security of the Android ecosystem". Google dates the monthly security updates so that users can see if their smartphones have been updated with the latest fixes.

That is still a long time away from now and such an outcome will only make it more certain that Google does not care for post-release user experience. There's no word yet on how exactly Google plans to prevent this situation in the future as there aren't any mandated checks in place from Google to ensure that devices are running the security patch level they claim they are running.

The vendors of the Android Phones claims that if you are updating your phones regularly then you are having all the latest security patches. Most other major Android phone makers fall somewhere in between.

What's The Story Of Android's Security Patches All About? The Berlin-based team found that many Android phone manufacturers were far behind on updates, or even lying about the last security update applied to the phone.

The researchers noted that the SoCs that the smartphones use may be the cause of the issue. One of the lowest performing brands were TCL and ZTE, all of whose phones had on average over four patches that they claimed to have installed, but had not.

Читайте также: Trump May Allow States to Mandate Drug Testing on Food Stamp Recipients

SRL found that Samsung's budget J3 smartphone claimed to have every security patch from 2017 installed, but it was actually missing 12 of the patches released during that year. "Probably for marketing reasons, they just set the patch level to nearly an arbitrary date, whatever looks best", Nohl is quoted as saying.

'We found several vendors that didn't install a single patch but changed the patch date forward by several months. The vendor has to primarily depend on the chipmaker to offer a security patch and not the OS.

Business Insider requested comment from all the Android phone makers in Wired's story, including Samsung, Sony, Wiko, Xiaomi, OnePlus, Nokia, HTC, Huawei, LG, Motorola, TCL, and ZTE. In order to help users tackle the problem, SRL Labs will be releasing an update to its SnoopSnitch Android app that allows users to check their phone's code for the actual state of its security updates.

This deception doesn't just leave phones vulnerable to malware and other malicious tools used by fraudsters and criminals, but also creates a false sense of security, as users may erroneously believe their phone is up to date and fully protected. Built-in platform protections, such as application sandboxing, and security services, such as Google Play Protect, are just as important. Google also reportedly points out that some devices may have had updates skipped due to vendors simply removing a feature that had the vulnerability as opposed to sending out an update, which would likely be a quicker process.

При любом использовании материалов сайта и дочерних проектов, гиперссылка на обязательна.
«» 2007 - 2018 Copyright.
Автоматизированное извлечение информации сайта запрещено.

Код для вставки в блог

Other reports by

Discuss This Article