Android Smartphone Makers Have Been Misleading Users About Security Patches!

Google might split Android security patches to deliver fast updates

Android Smartphone Makers Have Been Misleading Users About Security Patches!

That's according to a two-year-long study by Security Research Labs (SRL), finding a so-called "patch gap", Wired reports. It further argued that modern Android phones come with security features that make them hard to hack even when they do have unpatched security vulnerabilities.

These smartphone makers have created a false sense of security among their users.

KitGuru Says: Given the number of well-known attacks that can be leveraged against Android devices, keeping on top of security patches in important.

Karsten Nohl and Jakob Lell of Berlin's Security Research Labs plan to release a report tomorrow (April 13) showing that many Android security updates are bogus, according to a report in Wired and a preview of the "Android Patch Gap" the researchers put online. Yes and no. While it's disgraceful for the companies to misrepresent a security patch level, SRL points out that often chip vendors are to blame: devices sold with MediaTek chips often lack many critical security patches because MediaTek fails to provide the necessary patches to device makers.

For their research, SRL tested firmware from 1,200 phones from manufacturers including Samsung, HTC, Motorola, Huawei and even Google itself, checking for every Android patch released in 2017.

National Film Awards to be announced today; Kerala in high hopes
Riddhi Sen and Sridevi got the award for the Best Actor (movie- Nagarkirtan) and Best Actress award (movie- Mom ) respectively. Jury member and noted film director Shekhar Kapur said, the jury is stunned at the quality of films in the regional cinema.

Pakistan bars ex-PM Nawaz Sharif from holding office for life
Sharif denied receiving any money from his son and termed the apex court decision a conspiracy to de-seat him. Sharif has already nominated his brother and Chief Minister Punjab Shahbaz Sharif as the new party chief.

Ripple Invests $25M in Blockchain Capital
And even more fascinating is that Ripple is not making this fund investment in USA dollars but in the XRP currency itself. Bart made known that it saw opportunities for distributed ledger technology in healthcare and identity management.

As of Google's last update in February, only 1.1 per cent of Android users have access to the most recent version of the software, and a study in 2016 found that only 17 per cent of devices were operating on a recent patch level.

SRL has updated its SnoopSnitch Android security app to detect whether a phone has missed security updates. In our test results we found that the Redmi 5 has missed 5 claimed patches and the test result in inconclusive in 48 patches. The tech giants like Samsung and Sony were found to have missed on one patch on an average basis, whereas other brands like TCL and ZTE were reported to have missed on an average of four more security patches. "Owing to this complexity, a few missing patches are usually not enough for a hacker to remotely compromise an Android device", the researchers wrote.

Phones from TCL and ZTE were missing four or more of the advertised security patches. The company further stated that in some cases, patches might have been missing because the phone vendors responded by simply removing the vulnerable feature from the phone rather than patch it.

Google, Sony, Samsung, and Wiko were missing up to one patch, while Xiaomi, OnePlus and Nokia were missing between one and three. However, does this excuse manufacturers who say their devices are fully updated when they are not?

The firm said: "We're working with them to improve their detection mechanisms to account for situations where a device uses an alternate security update instead of the Google suggested security update". Other protections include app sandboxing, Google Play Protect, and the Android ecosystem's diversity.

Latest News