Some Android phone makers have lied about having fully update security patches

Alfred Osborne
April 13, 2018

The results are startling-the researchers found a significant "patch gap" between what many phones report as the security patch level and what vulnerabilities these phones are actually protected against.

Clearly, Google, Sony, Samsung, and the lesser-known Wiko are at the top of the list, while TCL and ZTE are at the bottom.

After conducting a research that spanned two years on Android devices, Security Research Labs (SRL), a German security firm claims that many devices had what SRL call a "patch gap". According to the study, phones with Samsung-made chips had much fewer skipped updates. Most other major Android phone makers fall somewhere in between.

"Sometimes these guys just change the date without installing any patches", Nohl was quoted as saying.

Speaking to Wired, SRL researchers Karsten Nohl and Jakob Nell said they found several vendors that had not installed a single patch. You go out of your way to keep your data safe, protecting your handset with a strong passcode, paying close attention to the permissions you grant apps, and making sure that your phone is always running the latest security updates available to it.

Veere Di Wedding Trailer: Kareena Kapoor Khan & Team To Arrive Next Week
The trailer launch will not just be a digital release but the makers are also expected to host a press conference. Each report suggests a different location and timeframe of the wedding, which is keeping fans confused.

Man Regrets Calling Police After They Shoot Unarmed Man
California's attorney general and the police department are conducting an investigation into what happened that night. Police commission member Mario Guerrero said he is "hoping we really take a look at that policy".

Parus Finance Uk LTD Has Increased Holding in Amazon Com INC
This stock has garnered attention of analysts and investors over the past few weeks as the stock has come into mainstream focus. For those keeping score at home, Amazon.com, Inc. $18.50 million worth of Amazon.com, Inc. (NASDAQ: AMZN ) or 129,233 shs.

Nohl and Lell plan to present their findings at the Hack in the Box security conference in Amsterdam tomorrow, and post their full paper online after their presentation. SRL Labs is going to release an update to its Android app SnoopSnitch that will let users check their phone's code for the actual state of its security updates, but it is unlikely that users will manually check for patches.

Google has long struggled with how best to get dozens of Android smartphone manufacturers - and hundreds of carriers - to regularly push out security-focused software updates.

Security researchers have accused some Android device makers of misleading users about whether or not devices are being patched. However, does this excuse manufacturers who say their devices are fully updated when they are not?

Most non-Google Android phone makers (except for Sony) were once awful at keeping up with security patches. Those with Samsung processors skipped over few patches while models using MediaTek chips missed nearly 10 patches, on average. It appears Motorola may not be living up to its promises. But that number starts creeping up higher as we look at hardware from LG, HTC, Motorola, and ZTE - the latter's phones averaging four or more absent patches. At least, you think your phone is patched against the most recent security exploits, but is it really? In a somewhat better grouping, each Xiaomi, OnePlus and Nokia phone tested had between one and three missed patches. MediaTek chipsets, on the contrary, had an average of 9.7 missing security patches.

Other reports by

Discuss This Article

FOLLOW OUR NEWSPAPER