Researchers say some Android phone makers hide missed updates

Share

Researchers found Google, Samsung, and Sony phones to be the most complete in terms of security patches, with TCL and ZTE phones having the most missing patches.

Google told Wired, "some of the devices SRL analyzed may not have been Android certified devices, meaning they're not held to Google's standards of security". The main reason is the way Android is built.

Donald Trump, Obama not likely to attend Prince Harry, Meghan Markle wedding
The absence of dignitaries at the wedding also means President Donald Trump and senior British politicians will not be invited.

An undisclosed list of Android phone makers have been actively deceiving customers about their devices' security against malware and hacking vulnerabilities, according to Wired, which spoke with researchers at the Security Research Lab (SRL) based in Germany. The manufacturers have allegedly been found to be lying to consumers about missed security patches. While we hope to learn a bit more about exactly which phones are missing which fixes, there's also another concern beyond just knowing whether or not your phone is actually secure, and that involves the degree to which manufacturers have been misleading their users. "It's small for some devices and pretty significant for others".

Most carriers and phone makers tweak Android to make their products unique.

Ring smart doorbells get big price cuts on Amazon Canada
Not super insightful, but about as much as one can expect from the head of a company recently purchased by Amazon. Among other things, that means that existing customers shouldn't expect service interruptions with the product.

The study looked at all 2017 patches on a range of devices from Google, Sony, Samsung, Wiko, Xiaomi, OnePlus, Nokia, HTC, Huawei, LG, Motorola, TCL, and ZTE. For example, Samsung's 2016 J5 accurately reported what was and wasn't installed, but its 2016 J3 said all patches were up to date when 12 weren't actually installed. The good news is that Android's underlying security architecture does its best to mitigate the impact of malicious actors, and even if your OEM skipped one or two patches, so long as it's caught up with the bulk of them, you're probably in good shape. "Owing to this complexity, a few missing patches are usually not enough for a hacker to remotely compromise an Android device", the researchers wrote. This means that the latter two companies have missed at least 4 patches during a security update for one of their devices after October 2017. In other words, some device makers have been claiming that their phones meet a certain security patch level when in reality their software is missing required security patches. On some phones, the patch gaps numbered in the dozens. In particular, phones powered by a MediaTek chipset had 9.7 missed patches on average. However, does this excuse manufacturers who say their devices are fully updated when they are not? The company tried to do some damage control by listing its mechanisms like Google Play Protect which are being developed to ensure an extra security layer. In order to help users tackle the problem, SRL Labs will be releasing an update to its SnoopSnitch Android app that allows users to check their phone's code for the actual state of its security updates. "These layers of security-combined with the tremendous diversity of the Android ecosystem-contribute to the researchers' conclusions that remote exploitation of Android devices remains challenging".

Former Catholic priest jailed for historic child sex abuse
Police identified the suspect as Paul Edward Acton Bowen and said he is the founder of the Acton Bowen Outreach Ministries. More than 20 other offenders were arrested, mainly in the USA and the United Kingdom .

Share