Are hardware makers doing enough to keep Android phones secure?

Pat Wise
April 13, 2018

On Friday at the Hack in the Box security conference in Amsterdam, researchers Karsten Nohl and Jakob Lell of the firm Security Research Labs plan to present the results of two years of reverse-engineering hundreds of Android phones' operating system code, painstakingly checking if each device actually contained the security patches indicated in its settings. Security updates are one of many layers used to protect Android devices and users.

According to a report by Wired, such incidents were not one offs either. The "patch gap" varies between device and manufacturer, but given Google's requirements as listed in the monthly security bulletins-it shouldn't exist at all.

A Google spokesperson sent us the following statement.

Even more alarming than the number of missed patches is that Security Research Labs states that some vendors weren't just foregoing the patch updates, but going so far as to actively alter the date and version number of the patch to show as if the security update was applied even when it really wasn't.

It Sequel Potentially Adds James McAvoy And Bill Hader
The first movie tackled the first half of the Losers Club's encounter with Pennywise, in which they defeat him as children. The lone female member of the club, Beverly ends up in an abusive marriage as an adult.

Jessica Jones season 3: Netflix renews acclaimed Marvel drama
Also featured in the first season were Eka Darville, Carrie-Anne Moss, Mike Colter, Rebecca De Mornay, and Rosario Dawson. The news comes after the release of the second season , which launched last month on International Women's Day.

Is the new God of War game open world?
But there is a sense that even Sony Santa Monica has recoiled from some of " God of War's " legacy, and the game is better for it. Some new chest armour I crafted later in my playthrough contained slots for me to put in gems that amplified its defence.

In some cases, the researchers attributed it to human error: Nohl believes that sometimes companies like Sony or Samsung accidentally missed a patch or two. Unsurprisingly, Pixel phones are the best, accurately indicating that they're up to date with security fixes, and devices from Samsung and Sony aren't far behind, maybe only missing one fix out of a larger batch. Outside of the Google Pixel and Google Pixel 2, the tests revealed that even high-end flagship models made by the top manufacturers had Android security patch updates skipped over, even if the update was credited on the phone. It further argued that modern Android phones come with security features that make them hard to hack even when they do have unpatched security vulnerabilities. Does that necessarily mean that TCL and ZTE are at fault? Lesser known manufacturers, on the other hand, missed out on many more. Yes and no. While it's disgraceful for the companies to misrepresent a security patch level, SRL points out that often chip vendors are to blame: devices sold with MediaTek chips often lack many critical security patches because MediaTek fails to provide the necessary patches to device makers.

Due to these findings, SRL has updated its SnoopSnitch app, allowing Android phone users to get an accurate breakdown of which updates have and haven't been installed.

As for Google's response to this research, the company acknowledges its importance and has launched an investigation into each device with a noted "patch gap". The problem with Android is that while Google may push out regular software updates, it is left to these manufacturers to push them out to their devices.

That is still a long time away from now and such an outcome will only make it more certain that Google does not care for post-release user experience.

Other reports by

Discuss This Article

FOLLOW OUR NEWSPAPER