Smartphone Android Manufacturers Skipping Security Patches and Not Informing Users

Smartphone Android Manufacturers Skipping Security Patches and Not Informing Users

It's hard to exactly pin down why some companies don't include patches for each bug in a security update.

The security group reportedly tested 1,200 Android devices from more than a dozen manufacturers for every security patch released in 2017. What they discovered is that many Android OEMs have a "patch gap" and simply update the date shown on firmware to make it look like users are up to date. In some cases, a phone won't receive them at all.

There's no confirmation if this is true and we're guessing the only reason why this name could cause some controversy is that the Popsicle brand is mainly targeted at a USA and Canada market.

But if you just want to just not worry about it (we feel you), the tail-end of Google's statement asserts that you can do just that: "These layers of security-combined with the tremendous diversity of the Android ecosystem-contribute to the researchers' conclusions that remote exploitation of Android devices remains challenging".

They call this "patch gaps".

The two researchers have released a breakdown of their findings. Cheaper chips from the lower-end suppliers missed the most patches with a less well-maintained Android ecosystem.

However, the devices with the most glaring issues were those built with processors from Taiwan's MediaTek. However, the company also chipped some discount to the data, suggesting that some devices tested were not made to certified standards and that some patches weren't included because the vendor found another solution to fix a vulnerability such as removing a feature.

Russian Federation calls Syrian 'chemical attack' staged
Earlier this week he had tweeted that US missile strikes against Syria could happen "very soon or not so soon at all". The Trump administration, he said, has not yet made any decision to launch military attacks into Syria .

Indeed, Google is the source of Android's security patches. For example, Samsung's 2016 J5 accurately reported what was and wasn't installed, but its 2016 J3 said all patches were up to date when 12 weren't actually installed. Nohl has observed a few cases, in which a vendor tried to deceive consumers about the security of their phone.

However, those patch level dates do not paint a complete picture, according to Security Research Labs.

Nohl declined to name the vendor, but he's been trying to hold smartphone makers accountable.

However, new images that have just been released online may give fans their biggest hint yet at what's to come.

Skipping security updates may be related to the chipsets used by the smartphones, according to Security Research Labs. In a practical scenario, when you find that your device's firmware is fully updated, you get a false sense of security. "Skipping a single patch does not usually expose risk", Nohl said.

Nevertheless, each patch on an Android smartphone is like a layer of protection.

Google pushes out Android security updates at the beginning of each month, but only Google's own Pixel and late-model Nexus phones will get them right away. The company is continually adding new safeguards to the Android OS that can isolate and detect malicious code before it gains a foothold. However, it seems like their words can't be taken for granted.