Android smartphone makers and their security patches

Share

According to the firm there have been almost a dozen patches that were skipped by certain OEMs, which means that some users, and likely a large number of them considering how many Android phones are out there and how many vendors weren't applying the patches as regularly as Google intended, were continuing to use phones that weren't up to date and weren't able to protect their users from current (at the time) security risks that Google was pushing out these patches for.

Google told Wired, "some of the devices SRL analyzed may not have been Android certified devices, meaning they're not held to Google's standards of security". Sony and Samsung were both flagged as having missed some security patches - in some cases in spite of reporting that they were up to date.

Indeed, not for nothing does Android have a reputation for being a Wild West of security patches and OS versions.

Eight Cameroon athletes reported missing at Commonwealth Games
The needle was found in a cup in the bedroom occupied by the two Indian athletes by an Incognitus cleaners operations manager. Dutton said if any of the missing athletes claimed protection status, Border Force would test each case.

Android handset manufacturers may not be telling the whole truth about security updates, according to two well-known German researchers. Researchers Karsten Nohl and Jakob Lell from Security Research Labs have spent the past two years reverse-engineering hundreds of Android devices in order to check if devices are really secure against the threats that they claim they are secure against. Nohl said, "The lesson is that if you go for a cheaper device, you end up in a less well-maintained part to this ecosystem". In other cases, there was no reasonable explanation for why some phones claimed to patch certain vulnerabilities when in fact they were missing multiple critical patches.

Clearly, Google, Sony, Samsung, and the lesser-known Wiko are at the top of the list, while TCL and ZTE are at the bottom.

The team at SRL labs put together a chart that categorizes major device makers according to how many patches they missed from October 2017 onwards.

Gasoline prices likely to rise by summer
Through February, southbound border crossings into Whatcom County are up 10.8 percent compared to the same period a year ago. You're eyes are not deceiving you, gas prices are in fact getting higher and are not expected to get better anytime soon.

The decision to choose one smartphone brand over the other is also influenced by how soon the manufacturer is rolling out regular security and software updates. Does that necessarily mean that TCL and ZTE are at fault? Besides manufacturers, SRL said some chip makers are to blame.

As for Google's response to this research, the company acknowledges its importance and has launched an investigation into each device with a noted "patch gap".

An issue with the Android ecosystem is that it is sprawled across many devices and chipsets, often requiring manufacturers to test and integrate firmware updates and release dozens of patches for their devices every month.

Republican amendment brings special counsel protection bill to temporary halt
Trump how anything that causes him to lose support from congressional Republicans could further imperil his presidency. Trump has criticized Rosenstein in recent days, suggesting that he was too conflicted in the ongoing investigation.

SRL has updated its SnoopSnitch Android security app to detect whether a phone has missed security updates. We're working with them to improve their detection mechanisms to account for situations where a device uses an alternate security update instead of the Google suggested security update. Enter your email to be subscribed to our newsletter.

Share