Home - , , - Android Phone Makers Found to Be Lying About Missed Security Updates

Android Phone Makers Found to Be Lying About Missed Security Updates

android-patch-gap-security-research-labs
For the longest time, Android users have always had an issue with how long their device gets updated to the latest software update. While some are willing to wait for this development, there are others who give up and decide to switch to a newer device with an up-to-date software running behind it.

This is an issue that Google knows too well. As a matter of fact, Google's latest OS version, Android 8.0 Oreo, is still not being implemented across devices. It was even reported that only 1.1 percent of Android device users have access to this software version. And with the volume of Android users, this needs to be improved.

A recent finding by research firm Security Research Labs, however, shows that the issue is not as simple as it looks. As reported by Wired, researchers from the research firm claimed that there has been some missed security patches that Android manufacturers lied to its users about.

The finding was discovered by Karsten Nohl and Jakob Lell, a couple of researchers from Security Research Labs who dedicated a couple of years analyzing Android devices. Throughout this duration, the researchers checked whether or not these phones actually had the security patches that its software claimed it came with upon installation.

The researchers discovered that there were a number of devices with software updates that missed security patches even though the software said it had them. The pair referred to this as a "patch gap", which did not just occur in an isolated incident.

The firmware of a total of 1,200 phones were tested by the researchers for every Android patch released last year. These phones included specific models launched by Google, Samsung, Motorola, HTC, TCL, and ZTE. What's surprising about this is that the researchers discovered that major flagship models from Sony and Samsung had a missed patch every now and then.

Of course, no smartphone user wants to be using a device susceptible to security threats; especially since they've been guaranteed that this is something that has been included in their software update already. It gives them a false sense of security thinking their device is fully protected, which could cause more damage in the long run.

To help with this issue, SRL has announced a new tool that will be available on the Play Store. Called SnoopSnitch, this tool analyzes the firmware of your phone for any missing or installed Android security patches to verify whether or not you are really safe.

It's unfortunate that it has come to this-- that users need to have a third-party tool to help them verify whether or not their phone truly has the security patches that its software says it has. But it's also important to note that not all phone manufacturers are the same with their missing security patches.

Based on the findings of the SRL researchers, Samsung, Google, and Sony tend to miss occasional patches. TCL and ZTE, however, performed worse than the big manufacturers by having four or more patch gaps.

Google has responded to the article and has assured its users that they have launched investigations into each instance. The tech giant has also mandated each OEM to "bring their certified devices into compliance." The company did, however, explain that some of the patch gaps were due to the lack of Google's official Android security certification or that they've been removed entirely from the device. Despite this, Google promises they will be doing more investigations to address the issue.


Source: Wired

Tags: , ,

16 comments:

Comment Page :
  1. Corporations LIE? Surprise? Really? Corporations LIE all the time. Always have. Always will. They just tend towards the truth when they get punished for it which isn't often enough or severe enough. Want to get a corporation to be straighter. ? Hit then will billion dollar fines and threaten govt investigations.

    ReplyDelete
  2. To no one's surprise Alcatel, ZTE and Huawei were at the bottom of these list for providing security updates. It is surprising that Motorola, HTC and LG were almost as bad as the junk Chinese brands.

    Google, Sony and Samsung were best at updates but still lag far behind Iphones in timely security updates.

    ReplyDelete
    Replies
    1. If I was paying $1k+ for an Android, I'm sure they'd update faster as well.

      Delete
    2. Agreed. If you sell low end phones, don't expect updates.

      Delete
    3. Motorola (Mobility) is now owned by Lenovo, so it's pretty much Chinese too now.

      Delete
    4. A free MetroPCS iPhone will get its updates just as fast as the $1,200 iPhone X, and you will get an update about every month, not once or twice per year.

      Delete
  3. And thus the 3-4 missing patches for Moto! Some lawfirm is already salivating over a 'class-action', which too serves them more than the intented victims...

    ReplyDelete
  4. People just want to hate something or someone, Xiaomi and OnePlus are Chinese brands and did better than HTC (Taiwanese) and LG (South Korean).

    Google has few handsets, so it's easier to manage updates, same goes for Sony. And when it come to Samsung I'd like to know how many low end phones from this manufacturer where included in the study.

    ReplyDelete
  5. My Alcatel 4S has received 3 updates since I bought it in January.
    Win10 Mobile updates arrive and install automatically.

    ReplyDelete
  6. Lying is free. But so is telling the truth.

    ReplyDelete
  7. Google needs to get its house in order and start penalizing manufacturers who don't add timely updates within 3 months.

    ReplyDelete
  8. "Google's latest OS version, Android 8.0 Oreo, is still not being implemented across devices. It was even reported that only 1.1 percent of Android device users have access to this software version. And with the volume of Android users, this needs to be improved."

    Apparently the writer does not know why there is such a slow uptake rate for new Android OS versions.
    Hint: Perhaps it has something to do with the large fees a manufacturer has to pay an third-party test lab before Google will grant them a Google Mobile Services license to install their apps like Play and GMAIL? This fee can be up to 6 figures per phone model.

    ReplyDelete
    Replies
    1. Google does require manufacturers to pass certification testing using a Google sipplied test suite at an approved lab for both new devices and for software updates. Major manufacturers like Samsung run their own approved labs in-house. Smaller manufacturers use independent labs which charge $40,000 and up for initial certification of a new device. I suspect recertification for after an update costs less.

      Apparently the test suite doesn't test whether devices have all the security updates that they claim to have. Hopefully, Google will add that sort of testing to the suite.

      Delete
  9. My Moto has had one security update in the year since I purchased and that was last August. There are two things I want in a service provider, regular updates and the ability to create/change my pin through my account. Who bears the responsibility with an unlocked phone, Moto, or the carrier?

    ReplyDelete
    Replies
    1. Updates to factory unlocked phones come from the manufacturer, not the carrier.

      Delete
  10. What I don't get is Google doesn't just take over updates itself! Alas they no Apple I guess, but I don't trust either company as far as I can throw them.

    ReplyDelete
Comment Page :


All comments must be approved before they will appear. The following types of comments will not be approved: off topic comments, insults or personal attacks directed at other commenters, bigotry, hate, sexism and profanity.