Android phone makers are misleading customers with missing security patches

Google might split Android security patches to deliver fast updates

Android phone makers are misleading customers with missing security patches

For those curious about their own devices, Security Research Labs is releasing an update to its Android app, Snoopsnitch, which checks to ensure your device has been patched as many times as it should have been. On average, these phones had 9.7 missing patches.

While top-tier vendors such as Google, Sony, and Samsung miss no or very few patches, budget Chinese smartphone makers TCL and ZTE failed to install more than four, despite claiming to have fully updated devices, the researchers reported.

Even the brands that seem most attentive and diligent have been found to not fulfill their duty properly, even lying about the level of security patches of the devices.

While criminals typically rely on social engineering to attempt to steal data from users, through malicious apps and the like, state-sponsored actors are more likely to exploit missed patches as part of their attacks using previously unknown methods, the researchers say.

The patch gap issue is not an isolated case.

The differences vary from model to manufacturer but since the patches are indicated in the monthly Security bulletins published by Google, this should not happen under any circumstances. While it agrees that the area needs greater attention, it also points out that some of the devices in the study may not have been Android certified, meaning the standards of security they're held to are different. HTC, Huawei, LG and Motorola missed between 3-4 patches whereas TCL and ZTE missed more than 4 patches.

This Is What The New Gmail Looks Like
Gogge also outlined some other features (a few of which you may be familiar with as they are already in the Gmail app). Further, Google is reportedly creating plugins for the " Gmail Add-ons " feature, launched in October of 2017.

Jets take playoff opener in tight game with Wild
With a blast into the top corner, the 19-year-old Laine tied the game 53 seconds after Parise's goal gave the Wild its first lead. The " whiteout " crowd of more than 15,000 were chanting "Go Jets Go" and waving white towels before the puck even dropped.

Texas governor excuses military deployment to border, citing rise in apprehensions
It says troops can not guard anyone in custody for immigration violations or participate in construction of border barriers. The governor plans to send 338 Arizona National Guard troops to help with border security, the Associated press reported.

There is also the possibility that instead of patching through updates, phone makers simply remove or alter the feature that might have caused the security vulnerability. The entry segment devices on the other hand hardly receive any regular security update let alone the OS updates.

Every now and then Android comes with its new updates or patches that is said to secure your smartphone.

Our binary-only analysis technique applies to Android and many other domains where patch levels need to be measured without access to source code.

Further complicating the matter is the pure inconsistency of which devices get what quality of treatment: the Galaxy J5 (2016) honestly told consumers about its hit-and-miss patch record while the Galaxy J3 (2016) claimed to have every patch it received, but actually lacked 12 of them - two of them were of "critical" importance. Security updates are one of many layers used to protect Android devices and users. Besides manufacturers, SRL said some chip makers are to blame.

When presented with SRL's findings, Google noted that some of the devices analysed were not Android certified devices, meaning they are not held to Google's standards of security, and also mentioned that modern Android phones usually have security features that make them hard to hack, even when they have unpatched security vulnerabilities.

Latest News