Android phone makers are misleading customers with missing security patches

Android phone makers are misleading customers with missing security patches

Android phone makers are misleading customers with missing security patches

Security Research Labs stressed that exploiting Android handsets is still hard, but as hackers become incentivised to target smartphones, ensuring devices are kept current with patches is important.

What's The Story Of Android's Security Patches All About? At the bottom of the list were Chinese brands TCL and ZTE, all of whose phones had four or more missing updates.

SRL found that of the major smartphone manufacturers, Google, Sony and Samsung performed the best, missing up to one patch, OnePlus and Nokia missed between one and three patches, HTC, Huawei, LG and Motorola missed three to four patches, while Chinese manufacturers TCL and ZTE missed more than four.

Further complicating the matter is the pure inconsistency of which devices get what quality of treatment: the Galaxy J5 (2016) honestly told consumers about its hit-and-miss patch record while the Galaxy J3 (2016) claimed to have every patch it received, but actually lacked 12 of them - two of them were of "critical" importance.

In the worst cases, Nohl says, Android phone manufacturers intentionally misrepresented when the device had last been patched.

Technology giant Google has released a lighter version of its search app that uses less data and memory space on mobile phones.




Stay updated with latest technology news & gadget reviews.

These smartphone makers have created a false sense of security among their users.

"We find that there's a gap between patching claims and the actual patches installed on a device". Its open-source approach is positive in many ways, but it does mean that the onus to issue software updates falls on the multitudes of manufacturers building Android devices.

"We found several vendors that didn't install a single patch but changed the patch date forward by several months", Nohl said. Missing multiple patches can cause a series of vulnerabilities in a phone's software.

But not all missing patches can be attributed to lazy chipset vendors, and in some cases, the missing patches were specific to the OEM slacking off. "Probably for marketing reasons, they just set the patch level to nearly an arbitrary date, whatever looks best", Karsten Nohl, Security Research Labs founder, told the publication. The vendor has to primarily depend on the chipmaker to offer a security patch and not the OS.

And while it may be that some of the updates are missed by accident, the researchers feel that some smartphone vendors are deliberately misleading their customers over the patch status.

Recommended News

We are pleased to provide this opportunity to share information, experiences and observations about what's in the news.
Some of the comments may be reprinted elsewhere in the site or in the newspaper.
Thank you for taking the time to offer your thoughts.