That's according to a two-year-long study by Security Research Labs (SRL), finding a so-called "patch gap", Wired reports. It further argued that modern Android phones come with security features that make them hard to hack even when they do have unpatched security vulnerabilities.
These smartphone makers have created a false sense of security among their users.
KitGuru Says: Given the number of well-known attacks that can be leveraged against Android devices, keeping on top of security patches in important.
Karsten Nohl and Jakob Lell of Berlin's Security Research Labs plan to release a report tomorrow (April 13) showing that many Android security updates are bogus, according to a report in Wired and a preview of the "Android Patch Gap" the researchers put online. Yes and no. While it's disgraceful for the companies to misrepresent a security patch level, SRL points out that often chip vendors are to blame: devices sold with MediaTek chips often lack many critical security patches because MediaTek fails to provide the necessary patches to device makers.
National Film Awards to be announced today; Kerala in high hopes
Riddhi Sen and Sridevi got the award for the Best Actor (movie- Nagarkirtan) and Best Actress award (movie- Mom ) respectively. Jury member and noted film director Shekhar Kapur said, the jury is stunned at the quality of films in the regional cinema.
Overheated compressor caused Parksville house fire: PVFD
Peter and Joy had only just completed a £2k refurbishment, and have since been forced to live with relatives and at a hotel. St Audreys Green residents watched on in horror as a blaze ripped through the house at around 3.30pm on Saturday, March 24.
A devastating 2017 hurricane season leads to four retired names
Irma then slammed into the Florida Keys as a Category 4 on September 10 and again as a Category 3 near southwestern Florida. Storm names are retired if they were so deadly or destructive that the future use of the name would be insensitive .
As of Google's last update in February, only 1.1 per cent of Android users have access to the most recent version of the software, and a study in 2016 found that only 17 per cent of devices were operating on a recent patch level.
SRL has updated its SnoopSnitch Android security app to detect whether a phone has missed security updates. In our test results we found that the Redmi 5 has missed 5 claimed patches and the test result in inconclusive in 48 patches. The tech giants like Samsung and Sony were found to have missed on one patch on an average basis, whereas other brands like TCL and ZTE were reported to have missed on an average of four more security patches. "Owing to this complexity, a few missing patches are usually not enough for a hacker to remotely compromise an Android device", the researchers wrote.
Phones from TCL and ZTE were missing four or more of the advertised security patches. The company further stated that in some cases, patches might have been missing because the phone vendors responded by simply removing the vulnerable feature from the phone rather than patch it.
Google, Sony, Samsung, and Wiko were missing up to one patch, while Xiaomi, OnePlus and Nokia were missing between one and three. However, does this excuse manufacturers who say their devices are fully updated when they are not?
The firm said: "We're working with them to improve their detection mechanisms to account for situations where a device uses an alternate security update instead of the Google suggested security update". Other protections include app sandboxing, Google Play Protect, and the Android ecosystem's diversity.