Android Phone Makers Found to Be Lying About Missed Security Updates

  • android-patch-gap-security-research-labs

    For the longest time, Android users have always had an issue with how long their device gets updated to the latest software update. While some are willing to wait for this development, there are others who give up and decide to switch to a newer device with an up-to-date software running behind it.

    This is an issue that Google knows too well. As a matter of fact, Google’s latest OS version, Android 8.0 Oreo, is still not being implemented across devices. It was even reported that only 1.1 percent of Android device users have access to this software version. And with the volume of Android users, this needs to be improved.

    A recent finding by research firm Security Research Labs, however, shows that the issue is not as simple as it looks. As reported by Wired, researchers from the research firm claimed that there has been some missed security patches that Android manufacturers lied to its users about.

    The finding was discovered by Karsten Nohl and Jakob Lell, a couple of researchers from Security Research Labs who dedicated a couple of years analyzing Android devices. Throughout this duration, the researchers checked whether or not these phones actually had the security patches that its software claimed it came with upon installation.

    The researchers discovered that there were a number of devices with software updates that missed security patches even though the software said it had them. The pair referred to this as a “patch gap”, which did not just occur in an isolated incident.

    The firmware of a total of 1,200 phones were tested by the researchers for every Android patch released last year. These phones included specific models launched by Google, Samsung, Motorola, HTC, TCL, and ZTE. What’s surprising about this is that the researchers discovered that major flagship models from Sony and Samsung had a missed patch every now and then.

    Of course, no smartphone user wants to be using a device susceptible to security threats; especially since they’ve been guaranteed that this is something that has been included in their software update already. It gives them a false sense of security thinking their device is fully protected, which could cause more damage in the long run.

    To help with this issue, SRL has announced a new tool that will be available on the Play Store. Called SnoopSnitch, this tool analyzes the firmware of your phone for any missing or installed Android security patches to verify whether or not you are really safe.

    It’s unfortunate that it has come to this– that users need to have a third-party tool to help them verify whether or not their phone truly has the security patches that its software says it has. But it’s also important to note that not all phone manufacturers are the same with their missing security patches.

    Based on the findings of the SRL researchers, Samsung, Google, and Sony tend to miss occasional patches. TCL and ZTE, however, performed worse than the big manufacturers by having four or more patch gaps.

    Google has responded to the article and has assured its users that they have launched investigations into each instance. The tech giant has also mandated each OEM to “bring their certified devices into compliance.” The company did, however, explain that some of the patch gaps were due to the lack of Google’s official Android security certification or that they’ve been removed entirely from the device. Despite this, Google promises they will be doing more investigations to address the issue.

    Source: Wired

  • Leave a Reply

    Your email address will not be published. Required fields are marked *