Android Phone Makers Caught Fibbing About Security Patches

Share
Android Phone Makers Caught Fibbing About Security Patches

In a recent report by a German security firm, it was found that several Android phones missed multiple security patches leaving these devices vulnerable to a broad collection of known hacking techniques.

Android phones usually get the latest security patches months after Google releases them.

In the findings due to be presented at the Hack in the Box security conference in Amsterdam on Friday, the researchers said of the 1,200 smartphones tested, some manufacturers may miss one or two patches from the monthly security updates, but others may miss many more.

Security patches for Android phones have been historically hard for Google to deploy, due to the plethora of smartphone manufacturers using the OS. "Probably for marketing reasons, they just set the patch level to nearly an arbitrary date, whatever looks best".

Google's Pixel devices are the only ones that contained every security patch that it advertised to its users.

Motorola was joined in the three-to-four-missed-patch purgatory by HTC, Huawei and LG.

Because these hardware-level fixes are accounted for in the Android security bulletins, this created situations where OEMs delivered updates claiming to have a "security patch level" but they were actually missing some of the patches for that "level". For one, Nohl believes companies like Sony or Samsung may have missed a few patches by accident. Chinese manufacturers TCL and ZTE were among the biggest offenders and on average had more than 4 patches missing in their phones.

"Patching is critically important to uphold the effectiveness of the different security layers already found in Android", the researchers wrote.

"Security updates are one of many layers used to protect Android devices and users", said Scott Roberts, security lead for Android products, in a statement to Wired.

Researchers working at Security Research Labs (SRL), a security firm based in Germany, has found that Android phone manufacturers have been fooling their customers about security patches. But even so, Android has other stop-gap measures to keep users safe, including application sandboxing (this limits an application from running within a larger code environment) and the relatively new Google Play Protect feature that debuted in 2017. The companies like Google, Samsung, and Sony got a very good record of installing the patches but the companies like Lenovo's Motorola, TCL and ZTE have got the problem to roll out the updates.

In some of the cases, it was found that the Android phone manufacturers had intentionally misrepresented the dates when the device had last been patched. And Android's fragmentation is a problem that remains unsolved. Each time Google introduces a software update, chipset vendors like Qualcomm and MediaTek test it out, make adjustments, and then hand off the software to Android smartphone makers for integration.

Share

Advertisement

Related Posts

Jeter won't join Marlins for 'awkward situation' at Yankee Stadium
The Bombers legend will not accompany his new team, the Marlins, to NY for a two-game series at Yankee Stadium beginning Monday. Jeter confirmed that the organization has changed its counting method and running the team with "honesty".

Ken Worzel Sells 13703 Shares of Nordstrom, Inc
It dived, as 68 investors sold JWN shares while 144 reduced holdings. 160 funds opened positions while 346 raised stakes. The classification of companies into different caps also allows investors to gauge the growth versus risk potential.

NBA Playoffs: Breaking down the Raptors-Wizards series
The Wizards finished off their disappointing season as the 8 seed after finishing 4th in the Eastern Conference past year . But will this series be a clean four-game sweep or could the Wizard's give the top-seed Raptors some problems?

Pence to meet Canada's Trudeau at Americas summit in Lima: White House
The International Organization for Migration says almost one million Venezuelans have left the country over the past two years. That decision was condemned last week by Pena Nieto and opposing candidates for this year's Mexican presidential election.

Honeywell (NYSE:HON) Stake Lessened by Columbia Partners LLC Investment Management
Douglass Winthrop Advisors LLC's holdings in Honeywell International were worth $1,188,000 at the end of the most recent quarter. Given its global presence, Honeywell also faces unfavorable foreign currency movements, making an impact on its top-line growth.

Cauvery protest: BCCI thinking of shifting IPL matches from Chennai
The Watch'NPlay is a game used to test the viewer's cricket smarts as they watch a match. "Sad to be leaving Chennai today". Chennai were supposed to play six games at home in the cash-rich tournament.

Check Out the Mega Drive Mini in First Teaser Trailer
The new mini-console, apparently quite similar to the SNES and NES Classic Mini from Nintendo is still partly shrouded in mystery. The system is slated to release sometime this year in celebration of the original console's 30 anniversary.

Gong Li, Jet Li join Disney's 'Mulan'
Donnie Yen was one of Rogue One's highlights, so I'm looking forward to seeing him as one of Mulan's principal characters. Disney is doing just that by ensuring they acquire the services of the biggest and best Chinese stars in the industry.

Sabbatini seizes early lead, Johnson in the hunt
Hampered by a green-side tree on the par-three seventh, Johnson decided there was only one thing for it. Marc Leishman , Geoff Ogilvy and Greg Chalmers will all also have the weekend off.

Cavium Inc (NASDAQ:CAVM) Institutional Investor Sentiment Is 1.03
Finally, BidaskClub lowered shares of Cavium from a "hold" rating to a "sell" rating in a research report on Wednesday, April 4th. It is positive, as 50 investors sold AAPL shares while 1023 reduced holdings. 151 funds opened positions while 383 raised stakes.

© 2015 ExpressNewsline. All Rights reserved.