Some Android manufacturers haven’t told the full truth about security patches

Each month Google comes out with new Android security patches to fix vulnerabilities and bugs as they pop up. Usually, these patches hit Google’s Nexus and Pixel devices right away, while delivery takes longer for other manufacturers.

However, new research makes it clear that some Android manufacturers have claimed to update their devices when they haven’t, giving users a false sense of security.

Karsten Nohl and Jakob Lell from Security Research Labs made this discovery after examining 1,200 Android phones from Google, Samsung, OnePlus, ZTE and others.

“We find that there’s a gap between patching claims and the actual patches installed on a device. It’s small for some devices and pretty significant for others,” said Nohl. “Sometimes these guys just change the date without installing any patches. Probably for marketing reasons, they just set the patch level to almost an arbitrary date, whatever looks best.”

For example, the 2016 Samsung J3 appeared to have every single patch in 2017, despite actually missing 12.

The research indicates that processor type matters when it comes to delivering security patches. According to the research, devices with Samsung’s Exynos chips have skipped very few patches, while MediaTek chipsets averaged out with 9.7 missing patches.

This could partially be because the less expensive devices that MediaTek chips usually grace are more likely to skip patches, but it’s also sometimes because bugs are found in the phone’s chips rather than in its operating system, necessitating a patch from the chipmaker.

Nohl and Lell created a chart showcasing which manufacturers claimed to have installed their patches.

  • 0-1 missed patches (Google, Sony, Samsung, Wiko)
  • 1-3 missed patches (Xiaomi, OnePlus, Nokia)
  • 3-4 missed patches (HTC, Huawei, LG, Motorola)
  • 4+ missed patches (TCL, ZTE)

After these findings were presented at the Hack in the Box security conference in Amsterdam, Google said it would launch investigations into each of the guilty manufacturers to figure out what exactly is going on, reports Wired.

Unfortunately for those with missed patches, your phone is more vulnerable than devices that are updated. However, all Android devices do have some level of security.

Either way, does this make you want to get rid of your BlackBerry phones in exchange for a Samsung? Let us know in the comments below.

Source: Wired

MobileSyrup may earn a commission from purchases made via our links, which helps fund the journalism we provide free on our website. These links do not influence our editorial content. Support us here.

Related Articles