Android phones with missed security updates still 'more secure' than average PC

Alfred Osborne
April 14, 2018

According to a two-year study conducted by Security Research Labs (SRL) on more than 1,200 Android phones, many are missing security patches. The researchers also found out that the phone makers also sometimes tell customers that the devices are fully updated even though they skipped some security patches.

The vendors of the Android Phones claims that if you are updating your phones regularly then you are having all the latest security patches.

The findings on this security patches come from Karsten Nohl and Jakob Lell at Security Research Labs in Berlin.

It found that in some cases, Android smartphone makers allegedly told users that smartphone's software has been updated with monthly patches when it hasn't. "Probably for marketing reasons, they just set the patch level to nearly an arbitrary date, whatever looks best".

Unlike Apple and iOS, Google has, for years, relied on third-party manufacturers like Samsung, LG, and HTC to produce the hardware for its immensely popular Android operating system.

A Google spokesperson sent us the following statement. Meanwhile companies like Nokia, OnePlus and Xiaomi were missing 1-3 patches on average.

Based RNC Exec Resigns Over Payoff to Playboy Playmate
Cohen has been a staple in headlines since the Federal Bureau of Investigation raided his hotel room and office in NY on Monday. Daniels, whose real name is Stephanie Clifford , has alleged that she had a sexual encounter with Mr.

Ewoks invade Battlefront 2 in the next update, premium currency returns
What makes it worse (for the stormtroopers at least) is that the mode also takes a page out of Halo's "Infection" gametype . I'll admit, as a kid Return of the Jedi was my favorite Star Wars movie, and I have kind of a soft spot for the Ewoks.

Zayn: I won't target Gigi with kiss'n'tell
But this time I really believe in what's going on, so I want to convey that to my fans'. "The food and the accents, the banter", he said.

Because these hardware-level fixes are accounted for in the Android security bulletins, this created situations where OEMs delivered updates claiming to have a "security patch level" but they were actually missing some of the patches for that "level". In the worst cases, Nohl says that phone manufacturers intentionally misrepresented when the device had last been patched. MediaTek chipsets, on the contrary, had an average of 9.7 missing security patches.

There is also the possibility that instead of patching through updates, phone makers simply remove or alter the feature that might have caused the security vulnerability.

Indeed, Google is the source of Android's security patches.

According to SRL, missed security patches were discovered on a wide range of different handsets across manufacturers. It looked at more than a dozen phone manufacturers, including Google, Samsung, HTC, Motorola, and ZTE. These updates even include ones that were considered critical for device safety.

When presented with SRL's findings, Google noted that some of the devices analysed were not Android certified devices, meaning they are not held to Google's standards of security, and also mentioned that modern Android phones usually have security features that make them hard to hack, even when they have unpatched security vulnerabilities. The company tried to do some damage control by listing its mechanisms like Google Play Protect which are being developed to ensure an extra security layer. After their investigation, they found that manufacturers like TCL and ZTE are the biggest offenders as their handsets miss more than 4 patches. And Android's fragmentation is a problem that remains unsolved.

Other reports by

Discuss This Article

FOLLOW OUR NEWSPAPER