Android Phones Claiming to Have Latest Patches Don't Always Do

Sheri Evans
April 14, 2018

The research firm reveals that many a times the smartphone maker informs the users that their device has the latest security patch but that is not the case often they are lying about it.

Some of the largest Android smartphone makers are thought to be misleading users about important security updates, according to a report from Wired. Nohl and Lell examined the software of 1200 Android phones from Google, Samsung, OnePlus, ZTE, and others, and upon doing so, found that some of these companies change the security patch appearance when updating their phones without actually installing them.

Google told Wired, "some of the devices SRL analyzed may not have been Android certified devices, meaning they're not held to Google's standards of security". "Probably for marketing reasons, they just set the patch level to nearly an arbitrary date, whatever looks best", Nohl said. Google also reportedly points out that some devices may have had updates skipped due to vendors simply removing a feature that had the vulnerability as opposed to sending out an update, which would likely be a quicker process. For example, Samsung's 2016 J3 claimed to have every 2017 Android patch installed but in fact when 12 weren't actually installed. The worst offenders were said to be ZTE and TCL, which skipped over four patches in their smartphones. It also reassured that even with patches missing, it would be hard for a bad actor to hack an Android device. A big reason why is the Android ecosystem; it's spread across a whole throng of manufacturers and mobile carriers, each of which is tweaking the Android operating system to help make their phones unique. On average, these phones had 9.7 missing patches.

Scott Roberts, Android's product security lead also noted that security patches are only one level of protection built into Android devices.

Former Stillwater mayor admits to child pornography charges
Powers is already on the sex offender registry after a 2011 conviction for fourth-degree criminal sexual conduct. District Judge Charlene Honeywell, after pleading guilty on November 6, 2017, to child pornography charges.

USA says it has 'proof' Syria's Assad used chemical weapons
In any event, the United States, under my Administration, has done a great job of ridding the region of ISIS. Trump said the operation would be conducted in cooperation with the militaries of France and Britain.

Homeless Girl Scout troop holds first-ever cookie sale
Burgess was originally "a bit worried" when she started the troop with only eight members, including three of her daughters. For starters, they have set up a cookie stand at Kellogg's NYC , a cereal cafe located in Manhattan's Union Square.

For their research, SRL tested firmware from 1,200 phones from manufacturers including Samsung, HTC, Motorola, Huawei and even Google itself, checking for every Android patch released in 2017.

"Most patching gaps are probably the result of genuine difficulties to keep track of all necessary patches in Android, the Linux kernel, the chipset, and hardware drivers", SRL founder and study co-author Karsten Nohl told Android Authority in an email. The company tried to do some damage control by listing its mechanisms like Google Play Protect which are being developed to ensure an extra security layer. "Consumers can take comfort in the thought that an Android phone with a few patch gaps is still more secure than the average Windows computer". "These layers of security-combined with the tremendous diversity of the Android ecosystem-contribute to the researchers' conclusions that remote exploitation of Android devices remains challenging".

In several cases, the chip makers were found to be the main culprits.

Other reports by

Discuss This Article

FOLLOW OUR NEWSPAPER