Published: Sun, April 15, 2018
Tech | By

Smartphone Android Manufacturers Skipping Security Patches and Not Informing Users

Smartphone Android Manufacturers Skipping Security Patches and Not Informing Users

The Android operating system has come a long way since the days of KitKat and the designers continue to make it better. In the end, it falls upon the individual manufacturer, which can often be challenging for many companies. The post, which recaps a security feature, contained a screenshot of the DNS settings with a navigation bar that we hadn't seen before. Several manufacturers only pretended to stay on par with updates without actually putting any work into it.

Two well-known German researchers, Karsten Nohl and Jakob Lell of Berlin's Security Research Labs, plan to release a report today showing that many Android security updates are bogus.

The researchers found patches were missing from a wide range of handsets across a variety of makers. According to the study, phones with Samsung-made chips had much fewer skipped updates.

By analyzing the results of SnoopSnitch reports, the team of at Security Research Labs found that phones developed by Sony, Samsung, and Wiko have between zero and one missed patch, from the samples available.

Google, whose flagship phones, the Pixel and Pixel 2, were in far better shape, noted that not all of the phones examined by SRL were Android-certified devices.

The problem here lies in more than just neglecting updates. If that's the case, then the situation is a little bit of a gray area. While the phone's software may claim to be fully up-to-date, the researchers found security patches missing in most devices.

"We found several vendors that didn't install a single patch but changed the patch date forward by several months", Nohl says."That's deliberate deception, and it's not very common".

It is still a huge problem, as it makes it almost impossible for users to tell the level of security on a device. For our readers who might be anxious about their security, we would like to add on that there is a new app in the market that will let you know if your smartphone manufacturer has missed on any security update. This is the program Google puts in place to ensure vendors stick to Google's security standards.

Keep in mind that security patches have to be executed on multiple individual levels from the phone manufacturer to the OS maker (Google) to the component makers as well. It could also be due to an OEM removing the affected feature rather than patching it. Another table also shows that companies such as MediaTek had missed about 9.7 patches on average, which is quite a lot when you consider that the security updates are being pushed out by Google to its own devices and to vendors on a monthly basis.

Like this: