Claims Of Android Phone Makers On Latest Patches Are Falling Apart

Adjust Comment Print

Android handset manufacturers may not be telling the whole truth about security updates, according to two well-known German researchers.

Over 1200 random devices were tested, and several devices were found to be lacking multiple security updates, which is critical for the phone's security, making it vulnerable to multiple hacks. And it's time to start verifying vendor claims about the security of our devices.

Some Android vendors are purposefully lying about the latest security update on their phones.

The patch gaps and bugs are found in the chips rather than in its operating system. SRL checked out the firmware on 1,200 Android handsets and looked for every patch disseminated in 2017. But keeping these devices secure requires regular patches.

Google has released a set of new wallpapers
Can You Safely Use The Android App ShowBox

The research spanned every Android security patch released in 2017, and utilised 1,200 different makes of device, including items from major manufacturers such as Samsung, Motorola and HTC, as well as Google's own devices. The devices which use the processors from Taiwan's MediaTek miss out 9.7 patches from their phones. On the other hand, Samsung, Qualcomm, and HiSilicon were far less likely to miss providing security patches for devices running on their chipsets. "Probably for marketing reasons, they just set the patch level to nearly an arbitrary date, whatever looks best", Nohl is quoted as saying. Outside Google's flagship phones like the Pixel and Pixel 2, even top-tier manufacturers sometimes claimed that patches were installed when they weren't, and with lower-end producers like LG, TCL and ZTE, four or more patches were often absent. "We found several vendors that didn't install a single patch but changed the patch date forward by several months". The vendor has to primarily depend on the chipmaker to offer a security patch and not the OS. However, does this excuse manufacturers who say their devices are fully updated when they are not?

TCL and ZTE were the worst offenders, missing more than four, while HTC, Huawei, LG, and Motorola were missing between three and four.

The next version of Android will prevent apps from using unencrypted, cleartext connections by default to better protect users, Google has said. Google says that some of the devices in the study may not have been Android certified devices, which means that Google's standards of security would not apply to them. This can be seen in the image of the table below which lists off what OEMs were missing patches and how many of them were missed. Built-in platform protections, such as application sandboxing, and security services, such as Google Play Protect, are just as important.

The company has moved towards encrypting all data that leave and enter Android devices with the industry-standard Transport Layer Security (TLS) protocol, and is further tightening the requirements in Android P, which is now in developer preview.

Student wins Gold medal at Commonwealth Games 2018!
Kyle Chalmers (AUS, swimming) - Four gold (men's 200m freestyle, 4x100m freestyle, 4x100m medley, 4x200m freestyle), one silver. He won bronze in the 2008 Beijing Olympics becoming the first Indian to win a wrestling medal at the Olympics since 1952.