Android Phone Makers Caught Fibbing About Security Patches

Share
Android Phone Makers Caught Fibbing About Security Patches

In a recent report by a German security firm, it was found that several Android phones missed multiple security patches leaving these devices vulnerable to a broad collection of known hacking techniques.

Android phones usually get the latest security patches months after Google releases them.

In the findings due to be presented at the Hack in the Box security conference in Amsterdam on Friday, the researchers said of the 1,200 smartphones tested, some manufacturers may miss one or two patches from the monthly security updates, but others may miss many more.

Security patches for Android phones have been historically hard for Google to deploy, due to the plethora of smartphone manufacturers using the OS. "Probably for marketing reasons, they just set the patch level to nearly an arbitrary date, whatever looks best".

Google's Pixel devices are the only ones that contained every security patch that it advertised to its users.

Motorola was joined in the three-to-four-missed-patch purgatory by HTC, Huawei and LG.

Because these hardware-level fixes are accounted for in the Android security bulletins, this created situations where OEMs delivered updates claiming to have a "security patch level" but they were actually missing some of the patches for that "level". For one, Nohl believes companies like Sony or Samsung may have missed a few patches by accident. Chinese manufacturers TCL and ZTE were among the biggest offenders and on average had more than 4 patches missing in their phones.

"Patching is critically important to uphold the effectiveness of the different security layers already found in Android", the researchers wrote.

"Security updates are one of many layers used to protect Android devices and users", said Scott Roberts, security lead for Android products, in a statement to Wired.

Researchers working at Security Research Labs (SRL), a security firm based in Germany, has found that Android phone manufacturers have been fooling their customers about security patches. But even so, Android has other stop-gap measures to keep users safe, including application sandboxing (this limits an application from running within a larger code environment) and the relatively new Google Play Protect feature that debuted in 2017. The companies like Google, Samsung, and Sony got a very good record of installing the patches but the companies like Lenovo's Motorola, TCL and ZTE have got the problem to roll out the updates.

In some of the cases, it was found that the Android phone manufacturers had intentionally misrepresented the dates when the device had last been patched. And Android's fragmentation is a problem that remains unsolved. Each time Google introduces a software update, chipset vendors like Qualcomm and MediaTek test it out, make adjustments, and then hand off the software to Android smartphone makers for integration.

Share

Advertisement

Related Posts

NBA Playoffs: Breaking down the Raptors-Wizards series
The Wizards finished off their disappointing season as the 8 seed after finishing 4th in the Eastern Conference past year . But will this series be a clean four-game sweep or could the Wizard's give the top-seed Raptors some problems?

Cauvery protest: BCCI thinking of shifting IPL matches from Chennai
The Watch'NPlay is a game used to test the viewer's cricket smarts as they watch a match. "Sad to be leaving Chennai today". Chennai were supposed to play six games at home in the cash-rich tournament.

Ken Worzel Sells 13703 Shares of Nordstrom, Inc
It dived, as 68 investors sold JWN shares while 144 reduced holdings. 160 funds opened positions while 346 raised stakes. The classification of companies into different caps also allows investors to gauge the growth versus risk potential.

Alliancebernstein LP Buys 28950 Shares of Preferred Apartment (NYSE:APTS)
Huntington National Bank increased its stake in shares of Mid-America Apartment Communities by 3.9% in the third quarter. The Capital International Ltd holds 15,951 shares with $2.28 million value, down from 132,400 last quarter.

Travel arm drives WH Smith performance
WH Smith continues to cut costs to offset flagging high street sales, with full-year savings of £12 million expected. RBC Capital Markets's target suggests a potential upside of 16.16 % from the company's previous close.

Cosby lawyers try to discredit accuser's story
The young hopefuls who come to Hollywood are desperate for people like Bill Cosby to offer help with their careers, Mesereau said. It wasn't until she began feeling groggy that she knew something was wrong. "I passed out after he entered me".

Pence to meet Canada's Trudeau at Americas summit in Lima: White House
The International Organization for Migration says almost one million Venezuelans have left the country over the past two years. That decision was condemned last week by Pena Nieto and opposing candidates for this year's Mexican presidential election.

Jeter won't join Marlins for 'awkward situation' at Yankee Stadium
The Bombers legend will not accompany his new team, the Marlins, to NY for a two-game series at Yankee Stadium beginning Monday. Jeter confirmed that the organization has changed its counting method and running the team with "honesty".

Ricciardo struggling to get ultrasofts working
The lap time didn't really improve after the first three or four corners. "I obviously know what doesn't feel right in the auto . We'll make some adjustments and be stronger tomorrow".

Cavium Inc (NASDAQ:CAVM) Institutional Investor Sentiment Is 1.03
Finally, BidaskClub lowered shares of Cavium from a "hold" rating to a "sell" rating in a research report on Wednesday, April 4th. It is positive, as 50 investors sold AAPL shares while 1023 reduced holdings. 151 funds opened positions while 383 raised stakes.

© 2015 ExpressNewsline. All Rights reserved.