Published: Sat, April 14, 2018
IT | By Lester Massey

Some Android Manufacturers Reportedly Skipping Security Patches

Some Android Manufacturers Reportedly Skipping Security Patches

SRL has updated its SnoopSnitch app to show authentic patch information for your phone, and will issue a bug-squashing release at the end of the week, Nohl explains. It was discovered that the smartphones tested have missed or lacked the security patch which the company claims that they have rolled out.

Your Android phone may not be on the level when it tells you it's up to date on software, with security researchers warning that even device-makers releasing relatively timely updates could in fact be missing out security updates.

SRL noted that missed patches doesn't necessarily mean that hackers have an easy time breaking into Android phones. Companies like Sony and Samsung only missed between 0 and 1, but TCL and ZTE were found to be skipping 4 or more.

A possible theory for vendors to skip on patches could be attributed to the chipsets they make use of in their devices. Android has a lot of manufacturers, and hardly any OEM can keep up with Google's pace of releasing security patches.

Android smartphone manufacturers appear to have been misleading users into thinking their devices have the latest security patches.

iPhone X Style Navigation Gestures may arrive in Android P

"Google Go is created to address these issues and provide a seamless experience irrespective of the device or network the user is on", she said. If that's the case, then the situation is a little bit of a gray area. Nohl and Lell examined the software of 1200 Android phones from Google, Samsung, OnePlus, ZTE, and others, and upon doing so, found that some of these companies change the security patch appearance when updating their phones without actually installing them. "Sometimes these guys just change the date without installing any patches", Nohl says. The less you have, the more vulnerable your device can be to certain attacks, Nohl said. But the Samsung J3 (2016) claimed to have every 2017 Android patch installed when in truth it had missed 12 updates, including a pair that were considered "critical" to keeping the handset safe and secure.

What's The Story Of Android's Security Patches All About?

Every patch in the update works as a layer of protection, The more you have, the better for your device.

Google on Thursday unveiled Google Go, a new app built to support Android devices with one gigabyte Random Access Memory (RAM) and below. Out of the 1,200 phones that were tested by the firm, including devices from Google (the primary source for updates to Pixel phones), Samsung, HTC, Motorola, and TCL, the issue impacted even the flagship models from the likes of Samsung and Sony.

When presented with SRL's findings, Google noted that some of the devices analysed were not Android certified devices, meaning they are not held to Google's standards of security, and also mentioned that modern Android phones usually have security features that make them hard to hack, even when they have unpatched security vulnerabilities.


Like this: