Some Android Smartphone Makers Caught Lying About Missed Security Updates

Alonzo Simpson
April 14, 2018

An app called SnoopSnitch enables users to check if smartphone is running the security patches which it claims. On a whole, these devices were having 9.7 missing patches.

The company found that some devices suffered a "patch gap" whereby manufacturers altered the date reported to Android - and users - about when security updates were last installed, without actually installing any patches.

The search giant's yearly I/O developers conference gets underway next month and it's likely that more details about this major Android software update will be announced during the big event.

In the end, the researchers found that vendors like Google, Sony, Samsung and Wiko were missing 0-1 patches on average.

Bringing up the rear were ZTE and TCL, whose phones had an average of more than four missed Android security practices. Android has a lot of manufacturers, and hardly any OEM can keep up with Google's pace of releasing security patches. Over the past few years, Google has pushed its OEM partners like smartphone manufacturers to be more aggressive with their updates, but it's been an uphill battle. "We're working with them to improve their detection mechanisms to account for situations where a device uses an alternate security update instead of the Google suggested security update".

Based RNC Exec Resigns Over Payoff to Playboy Playmate
He was also an important figure to Trump during his presidential campaign, as he helped to raise him money. Cohen reached out to me after being contacted by this woman's attorney, Keith Davidson ", Broidy said.

"We found several vendors that didn't install a single patch but changed the patch date forward by several months", Nohl further revealed. "It's small for some devices and pretty significant for others".

"Patching is critically important to uphold the effectiveness of the different security layers already found in Android", the researchers wrote. Companies such as Google, Samsung and Sony had the best record of installing the patches, whereas Chinese vendors including Lenovo's Motorola, TCL and ZTE had trouble rolling them out. By skipping patches, some devices may still be vulnerable to Android attacks, despite the firmware date showing that it shouldn't be an issue. That can mean frustration for those waiting for the latest and greatest feature updates - and in some cases, it can put your phone at risk with delayed or missed security updates.

"Security updates are one of many layers used to protect Android devices and users", said Scott Roberts, security lead for Android products, in a statement to Wired. Each time Google introduces a software update, chipset vendors like Qualcomm and MediaTek test it out, make adjustments, and then hand off the software to Android smartphone makers for integration.

When presented with SRL's findings, Google noted that some of the devices analysed were not Android certified devices, meaning they are not held to Google's standards of security, and also mentioned that modern Android phones usually have security features that make them hard to hack, even when they have unpatched security vulnerabilities.

Other reports by

Discuss This Article