Published: Fri, April 13, 2018
Technology | By Christopher Mann

Android Phone manufacturers could be lying about Security Updates

Android Phone manufacturers could be lying about Security Updates

Researchers Karsten Nohl and Jakob Lell from Security Research Labs have spent the past two years reverse-engineering hundreds of Android devices in order to check if devices are really secure against the threats that they claim they are secure against.

Google is known for rolling out security updates from time to time for Android smartphones.

That is still a long time away from now and such an outcome will only make it more certain that Google does not care for post-release user experience. Outside of the Google Pixel and Google Pixel 2, the tests revealed that even high-end flagship models made by the top manufacturers had Android security patch updates skipped over, even if the update was credited on the phone.

The patch gaps and bugs are found in the chips rather than in its operating system.

More news: Xander Bogaerts: DL decision looming

The takeaway here is that even though a new phone might not have every single patch, the Android OS is still tough to hack.

Google's Pixel devices are the only ones that contained every security patch that it advertised to its users.

SRL tested 1,200 devices from over a dozen Android smartphone makers and found that Google smartphones were the only ones that contained all the security patches that were advertized in software updates released in 2017.

One measure of security a user has when using an Android device is when you get the monthly security patches from Google.

More news: Who are the world's most admired people in 2018?

Other OEMs such as TCL and ZTE had missed four or more patches. Missed patches refer to those that companies claimed to have installed but were found to be missing. "These layers of security-combined with the tremendous diversity of the Android ecosystem-contribute to the researchers' conclusions that remote exploitation of Android devices remains challenging".

NOhl said in an interview on Thursday that, the patching problems that occur on smartphones can be blamed due to the complexity of the Android ecosystem and poor quality control. After the release of an update, chipset makers adjust the updates as per their requirements and then pushes it to smartphone manufacturers. Google says that some of the devices in the study may not have been Android certified devices, which means that Google's standards of security would not apply to them.

Business Insider requested comment from all the Android phone makers in Wired's story, including Samsung, Sony, Wiko, Xiaomi, OnePlus, Nokia, HTC, Huawei, LG, Motorola, TCL, and ZTE. Security updates are one of many layers used to protect Android devices and users.

While criminals typically rely on social engineering to attempt to steal data from users, through malicious apps and the like, state-sponsored actors are more likely to exploit missed patches as part of their attacks using previously unknown methods, the researchers say. The company tried to do some damage control by listing its mechanisms like Google Play Protect which are being developed to ensure an extra security layer.

More news: Indian wrestler Sushil bags gold at Commonwealth Games!

Like this: