Android Phone Makers Caught Fibbing About Security Patches

Share
Android Phone Makers Caught Fibbing About Security Patches

In a recent report by a German security firm, it was found that several Android phones missed multiple security patches leaving these devices vulnerable to a broad collection of known hacking techniques.

Android phones usually get the latest security patches months after Google releases them.

In the findings due to be presented at the Hack in the Box security conference in Amsterdam on Friday, the researchers said of the 1,200 smartphones tested, some manufacturers may miss one or two patches from the monthly security updates, but others may miss many more.

Security patches for Android phones have been historically hard for Google to deploy, due to the plethora of smartphone manufacturers using the OS. "Probably for marketing reasons, they just set the patch level to nearly an arbitrary date, whatever looks best".

Google's Pixel devices are the only ones that contained every security patch that it advertised to its users.

Motorola was joined in the three-to-four-missed-patch purgatory by HTC, Huawei and LG.

Because these hardware-level fixes are accounted for in the Android security bulletins, this created situations where OEMs delivered updates claiming to have a "security patch level" but they were actually missing some of the patches for that "level". For one, Nohl believes companies like Sony or Samsung may have missed a few patches by accident. Chinese manufacturers TCL and ZTE were among the biggest offenders and on average had more than 4 patches missing in their phones.

"Patching is critically important to uphold the effectiveness of the different security layers already found in Android", the researchers wrote.

"Security updates are one of many layers used to protect Android devices and users", said Scott Roberts, security lead for Android products, in a statement to Wired.

Researchers working at Security Research Labs (SRL), a security firm based in Germany, has found that Android phone manufacturers have been fooling their customers about security patches. But even so, Android has other stop-gap measures to keep users safe, including application sandboxing (this limits an application from running within a larger code environment) and the relatively new Google Play Protect feature that debuted in 2017. The companies like Google, Samsung, and Sony got a very good record of installing the patches but the companies like Lenovo's Motorola, TCL and ZTE have got the problem to roll out the updates.

In some of the cases, it was found that the Android phone manufacturers had intentionally misrepresented the dates when the device had last been patched. And Android's fragmentation is a problem that remains unsolved. Each time Google introduces a software update, chipset vendors like Qualcomm and MediaTek test it out, make adjustments, and then hand off the software to Android smartphone makers for integration.

Share

Advertisement

Related Posts

Icici Bank (IBN) Shareholder Marshall Wace Llp Increased Stake
Finally, ValuEngine lowered ICICI Bank from a "buy" rating to a "hold" rating in a report on Wednesday, March 7th. Paul Marshall upped its stake by 72.6% in Icici Bank (IBN), according to 2017Q4 SEC form.

NBA Playoffs: Breaking down the Raptors-Wizards series
The Wizards finished off their disappointing season as the 8 seed after finishing 4th in the Eastern Conference past year . But will this series be a clean four-game sweep or could the Wizard's give the top-seed Raptors some problems?

Travel arm drives WH Smith performance
WH Smith continues to cut costs to offset flagging high street sales, with full-year savings of £12 million expected. RBC Capital Markets's target suggests a potential upside of 16.16 % from the company's previous close.

Gong Li, Jet Li join Disney's 'Mulan'
Donnie Yen was one of Rogue One's highlights, so I'm looking forward to seeing him as one of Mulan's principal characters. Disney is doing just that by ensuring they acquire the services of the biggest and best Chinese stars in the industry.

Ricciardo struggling to get ultrasofts working
The lap time didn't really improve after the first three or four corners. "I obviously know what doesn't feel right in the auto . We'll make some adjustments and be stronger tomorrow".

From April 12-13 Unify (UNIFY) has increased more than 7.51%
Investors can then use their newly-acquired Ethereum or Bitcoin to buy Unity Ingot using one of the exchanges listed above. Confido (CURRENCY:CFD) traded flat against the dollar during the 1-day period ending at 10:00 AM Eastern on March 21st.

Padres' Lamet to undergo Tommy John surgery
Lamet made his big league debut past year , going 7-8 with a 4.57 ERA in 21 starts, with 139 strikeouts and 54 walks. A follow-up MRI told a different story.The Padres stayed mum on the results of that MRI until Friday afternoon.

EPS for Camtek Ltd. (CAMT) Expected At $0.11 as of May, 8
Riley reissued a "buy" rating and issued a $4.50 target price on shares of Camtek in a research report on Wednesday. Analysts at Wall Street see Camtek Ltd.'s 22.22 % EPS growth compared to $0.09 earnings per share for last quarter.

Cauvery protest: BCCI thinking of shifting IPL matches from Chennai
The Watch'NPlay is a game used to test the viewer's cricket smarts as they watch a match. "Sad to be leaving Chennai today". Chennai were supposed to play six games at home in the cash-rich tournament.

Jeter won't join Marlins for 'awkward situation' at Yankee Stadium
The Bombers legend will not accompany his new team, the Marlins, to NY for a two-game series at Yankee Stadium beginning Monday. Jeter confirmed that the organization has changed its counting method and running the team with "honesty".

© 2015 ExpressNewsline. All Rights reserved.