Android Smartphone Makers Have Been Misleading Users About Security Patches!

Android Smartphone Makers Have Been Misleading Users About Security Patches!

Android Smartphone Makers Have Been Misleading Users About Security Patches!

That's according to a two-year-long study by Security Research Labs (SRL), finding a so-called "patch gap", Wired reports. It further argued that modern Android phones come with security features that make them hard to hack even when they do have unpatched security vulnerabilities.

These smartphone makers have created a false sense of security among their users.

KitGuru Says: Given the number of well-known attacks that can be leveraged against Android devices, keeping on top of security patches in important.

Karsten Nohl and Jakob Lell of Berlin's Security Research Labs plan to release a report tomorrow (April 13) showing that many Android security updates are bogus, according to a report in Wired and a preview of the "Android Patch Gap" the researchers put online. Yes and no. While it's disgraceful for the companies to misrepresent a security patch level, SRL points out that often chip vendors are to blame: devices sold with MediaTek chips often lack many critical security patches because MediaTek fails to provide the necessary patches to device makers.

For their research, SRL tested firmware from 1,200 phones from manufacturers including Samsung, HTC, Motorola, Huawei and even Google itself, checking for every Android patch released in 2017.

Billie Joe Armstrong releases debut EP with new project, The Longshot
Billie Joe Armstrong's new band, The Longshot , have released three brand-new songs - and they're definitely worth the wait. Meanwhile, Green Day dropped their last album " Revolution Radio " in 2016, featuring the lead single "Bang Bang".

Ripple Invests $25M in Blockchain Capital
And even more fascinating is that Ripple is not making this fund investment in USA dollars but in the XRP currency itself. Bart made known that it saw opportunities for distributed ledger technology in healthcare and identity management.

Overheated compressor caused Parksville house fire: PVFD
Peter and Joy had only just completed a £2k refurbishment, and have since been forced to live with relatives and at a hotel. St Audreys Green residents watched on in horror as a blaze ripped through the house at around 3.30pm on Saturday, March 24.

As of Google's last update in February, only 1.1 per cent of Android users have access to the most recent version of the software, and a study in 2016 found that only 17 per cent of devices were operating on a recent patch level.

SRL has updated its SnoopSnitch Android security app to detect whether a phone has missed security updates. In our test results we found that the Redmi 5 has missed 5 claimed patches and the test result in inconclusive in 48 patches. The tech giants like Samsung and Sony were found to have missed on one patch on an average basis, whereas other brands like TCL and ZTE were reported to have missed on an average of four more security patches. "Owing to this complexity, a few missing patches are usually not enough for a hacker to remotely compromise an Android device", the researchers wrote.

Phones from TCL and ZTE were missing four or more of the advertised security patches. The company further stated that in some cases, patches might have been missing because the phone vendors responded by simply removing the vulnerable feature from the phone rather than patch it.

Google, Sony, Samsung, and Wiko were missing up to one patch, while Xiaomi, OnePlus and Nokia were missing between one and three. However, does this excuse manufacturers who say their devices are fully updated when they are not?

The firm said: "We're working with them to improve their detection mechanisms to account for situations where a device uses an alternate security update instead of the Google suggested security update". Other protections include app sandboxing, Google Play Protect, and the Android ecosystem's diversity.

Latest News