Android smartphone makers and their security patches

Share

According to the firm there have been almost a dozen patches that were skipped by certain OEMs, which means that some users, and likely a large number of them considering how many Android phones are out there and how many vendors weren't applying the patches as regularly as Google intended, were continuing to use phones that weren't up to date and weren't able to protect their users from current (at the time) security risks that Google was pushing out these patches for.

Google told Wired, "some of the devices SRL analyzed may not have been Android certified devices, meaning they're not held to Google's standards of security". Sony and Samsung were both flagged as having missed some security patches - in some cases in spite of reporting that they were up to date.

Indeed, not for nothing does Android have a reputation for being a Wild West of security patches and OS versions.

Former Catholic priest jailed for historic child sex abuse
Police identified the suspect as Paul Edward Acton Bowen and said he is the founder of the Acton Bowen Outreach Ministries. More than 20 other offenders were arrested, mainly in the USA and the United Kingdom .

Android handset manufacturers may not be telling the whole truth about security updates, according to two well-known German researchers. Researchers Karsten Nohl and Jakob Lell from Security Research Labs have spent the past two years reverse-engineering hundreds of Android devices in order to check if devices are really secure against the threats that they claim they are secure against. Nohl said, "The lesson is that if you go for a cheaper device, you end up in a less well-maintained part to this ecosystem". In other cases, there was no reasonable explanation for why some phones claimed to patch certain vulnerabilities when in fact they were missing multiple critical patches.

Clearly, Google, Sony, Samsung, and the lesser-known Wiko are at the top of the list, while TCL and ZTE are at the bottom.

The team at SRL labs put together a chart that categorizes major device makers according to how many patches they missed from October 2017 onwards.

Four Big Ten Students Chosen in WNBA Draft
Goodwin led the Big 12 in points and steals, propelling her to All-Big 12 First Team and Big 12 Newcomer of the Year. When the Aces open their season on May 20 against the Connecticut Sun , Wilson will have a chance to do just that.

The decision to choose one smartphone brand over the other is also influenced by how soon the manufacturer is rolling out regular security and software updates. Does that necessarily mean that TCL and ZTE are at fault? Besides manufacturers, SRL said some chip makers are to blame.

As for Google's response to this research, the company acknowledges its importance and has launched an investigation into each device with a noted "patch gap".

An issue with the Android ecosystem is that it is sprawled across many devices and chipsets, often requiring manufacturers to test and integrate firmware updates and release dozens of patches for their devices every month.

New strikes pound Ghouta after alleged gas attack
President Donald Trump is condemning what he calls a "mindless CHEMICAL attack " in Syria that has killed women and children. Hundreds of civilians have been killed in Eastern Ghouta since the Syrian army began new air strikes on February 18.

SRL has updated its SnoopSnitch Android security app to detect whether a phone has missed security updates. We're working with them to improve their detection mechanisms to account for situations where a device uses an alternate security update instead of the Google suggested security update. Enter your email to be subscribed to our newsletter.

Share