Android phones with missed security updates still 'more secure' than average PC

Alfred Osborne
April 14, 2018

According to a two-year study conducted by Security Research Labs (SRL) on more than 1,200 Android phones, many are missing security patches. The researchers also found out that the phone makers also sometimes tell customers that the devices are fully updated even though they skipped some security patches.

The vendors of the Android Phones claims that if you are updating your phones regularly then you are having all the latest security patches.

The findings on this security patches come from Karsten Nohl and Jakob Lell at Security Research Labs in Berlin.

It found that in some cases, Android smartphone makers allegedly told users that smartphone's software has been updated with monthly patches when it hasn't. "Probably for marketing reasons, they just set the patch level to nearly an arbitrary date, whatever looks best".

Unlike Apple and iOS, Google has, for years, relied on third-party manufacturers like Samsung, LG, and HTC to produce the hardware for its immensely popular Android operating system.

A Google spokesperson sent us the following statement. Meanwhile companies like Nokia, OnePlus and Xiaomi were missing 1-3 patches on average.

President Trump's lawyer is under criminal investigation, Department of Justice says
But he indicated in a late afternoon tweet Tuesday that he and his client would "fully cooperate with any search for the truth". The FBI also seized emails, tax documents and business records, including communications between Trump and Cohen.

Mets Catcher Travis D'Arnaud Opts For Tommy John Surgery
Callaway said it is not clear whether d'Arnaud will be back to 100 percent by the start of spring training next February. A lengthy absence was expected for d'Arnaud, who was diagnosed with a partial tear of his right UCL on Wednesday.

Sell-Side Delving into L Brands, Inc. (NYSE:LB) Stock
Keefe, Bruyette & Woods reiterated a "buy" rating on shares of Wells Fargo in a research note on Tuesday, January 16th. The company had revenue of $22.05 billion during the quarter, compared to analysts' expectations of $22.64 billion.

Because these hardware-level fixes are accounted for in the Android security bulletins, this created situations where OEMs delivered updates claiming to have a "security patch level" but they were actually missing some of the patches for that "level". In the worst cases, Nohl says that phone manufacturers intentionally misrepresented when the device had last been patched. MediaTek chipsets, on the contrary, had an average of 9.7 missing security patches.

There is also the possibility that instead of patching through updates, phone makers simply remove or alter the feature that might have caused the security vulnerability.

Indeed, Google is the source of Android's security patches.

According to SRL, missed security patches were discovered on a wide range of different handsets across manufacturers. It looked at more than a dozen phone manufacturers, including Google, Samsung, HTC, Motorola, and ZTE. These updates even include ones that were considered critical for device safety.

When presented with SRL's findings, Google noted that some of the devices analysed were not Android certified devices, meaning they are not held to Google's standards of security, and also mentioned that modern Android phones usually have security features that make them hard to hack, even when they have unpatched security vulnerabilities. The company tried to do some damage control by listing its mechanisms like Google Play Protect which are being developed to ensure an extra security layer. After their investigation, they found that manufacturers like TCL and ZTE are the biggest offenders as their handsets miss more than 4 patches. And Android's fragmentation is a problem that remains unsolved.

Other reports by

Discuss This Article