Published: Fri, April 13, 2018
IT | By Lester Massey

Android Phone manufacturers could be lying about Security Updates

Android Phone manufacturers could be lying about Security Updates

An undisclosed list of Android phone makers have been actively deceiving customers about their devices' security against malware and hacking vulnerabilities, according to Wired, which spoke with researchers at the Security Research Lab (SRL) based in Germany. The smartphones with regular security patches and OS update are a big hit among the user and attracts the potential buyers. And it's time to start verifying vendor claims about the security of our devices.

Android and missing security patches: A report claim OEMS have been lying to users about which security patch update is installed on their phone. What they discovered was something they refer to as "patch gap".

Some devices even lied to their users about being updated to the latest versions of software and firmware available, meaning users could have been left at risk of attack. Out of the 1,200 phones tested by SRL, which included devices from Google, Samsung, HTC, Motorola and TCL, the firm found that even flagship devices from Samsung and Sony missed a patch. The devices which use the processors from Taiwan's MediaTek miss out 9.7 patches from their phones. Other manufacturers like Xiaomi, OnePlus, and Nokia skipped between one and three security updates, on average. "The lesson is that if you go for a cheaper device, you end up in a less well maintained part to this ecosystem", said Nohl. Unfortunately, it looks like many manufacturers are doing a poor job of it, with security researchers this week saying that many vendors simply skip patches and tell users that they are up to date.

"We found several vendors that didn't install a single patch but changed the patch date forward by several months", Nohl further revealed.

The AI butler that is programmed inside Android 8.1 Oreo has gone through great lengths in improving its services but a bug has prevented it from executing one particular task - playing a song from your Google Music library.

Every now and then Android comes with its new updates or patches that is said to secure your smartphone. Google says that some of the devices in the study may not have been Android certified devices, which means that Google's standards of security would not apply to them.

Motorola was joined in the three-to-four-missed-patch purgatory by HTC, Huawei and LG. Despite Google's constant effort most of the vendors tend to skip on the occasional security patch for their devices and majority are specific to the mid-range devices. And some patches may have been missed, says Google, because the manufacturer removed the offending feature instead of fixing it with the patch.

Users who want to monitor the patch state of their device can use SRL's free patch verification app, SnoopSnitch.

In a statement given to The Verge, Google thanked Karsten Nohl and Jakob Kell "for their continued efforts to reinforce the security of the Android ecosystem".

Like this: