Android manufacturers are lying to us about security updates

Researchers from Security Research Labs examined around 1200 Android phones from Google, OnePlus, Samsung, HTC, LG etc., and found that some of these companies "modified" their security patch build numbers when updating their devices without actually updating them.

In response to Google's statement, SRL's Karsten Nohl said that while it's unlikely that OEMs have gone as far as circumventing a patch to cover a vulnerability, he agrees that it most hackers will find it hard to hack an Android phone because of the OS's base security features like the randomization of file addresses and app sandboxing.

Speaking at the Hack in the Box security conference in Amsterdam, Karsten Nohl and Jakob Lell from Security Research Labs gave details of their findings after two years of research. "Probably for marketing reasons, they just set the patch level to nearly an arbitrary date, whatever looks best", Nohl said.

One of the biggest issues with the Android operating system is the fragmentation problem, as Google has struggled to have smartphone manufacturers and carriers push out updates for Android smartphones. The Korean vendor generally had a strong record on the software updates, according to Nohl, but it did drop the ball when it came to its Samsung J3 handset, which was found missing 12 patches. In the worst cases, Nohl says that phone manufacturers intentionally misrepresented when the device had last been patched.

Other OEMs such as TCL and ZTE had missed four or more patches. While the smartphones of Sony and Samsung were found to have missed few patches, ZTE and TCL lied about 4 or more updates. "Consumers can take comfort in the thought that an Android phone with a few patch gaps is still more secure than the average Windows computer".

And while it may be that some of the updates are missed by accident, the researchers feel that some smartphone vendors are deliberately misleading their customers over the patch status.


"Security updates are one of many layers used to protect Android devices and users", said Scott Roberts, security lead for Android products, in a statement to Wired.

Currently, Google is working with the researchers at SRL to dig deeper into the research findings.

If we talk about smartphone processors, Taiwan's MediaTek company topped the chart on missing the patches. Built-in platform protections, such as application sandboxing, and security services, such as Google Play Protect, are just as important.

Even the brands that seem most attentive and diligent have been found to not fulfill their duty properly, even lying about the level of security patches of the devices. And Android's fragmentation is a problem that remains unsolved.

For all the good of Android's open-source approach, one of the clear and consistent downsides is that the onus to issue software updates falls on the manufacturer.

Related Articles

  • Skyworks Solutions, Inc. (SWKS) Stock Formed Bearish Multiple Bottom Chart Pattern

    The Stock has market cap of $18527.01M and relative volume of 0.49. 14,000 are held by Yorktown Mngmt And Rech Incorporated. Creative Planning accumulated 43,265 shares or 0.02% of the stock. 867 are owned by Hanson Mcclain.

    Genworth Financial Inc (GNW) Buy, Hold or Sell? What Analysts Recommend

    The business had revenue of $1.69 billion during the quarter, compared to analysts' expectations of $2.16 billion. (NYSE:GNW). If a buyer buys one share of stock from a seller, then that one share is added to the total volume of that particular stock.

    Simple Moving Averages under Review - Taiwan Semiconductor Manufacturing Company Limited (NYSE: TSM)

    The firm has "Buy" rating by Argus Research given on Monday, May 9. ( NYSE :MRK) earned "Buy" rating by UBS on Monday, July 31. For the second quarter of this years, the performance is calculated at 6.17%, and for the first half of the year stands at.
  • Gong Li, Jet Li join Disney's 'Mulan'

    Gong Li, Jet Li join Disney's 'Mulan'

    By now, one begins to notice a pattern: aside from the Emperor (a small but important role), these are all new characters. Loosely based on a Chinese story, Mulan is set during Imperial China during an invasion by the Huns.
    Arab Fashion Week commences for the first time in Saudi Arabia

    Arab Fashion Week commences for the first time in Saudi Arabia

    Many models and artists confessed that they were surprised that the event was happening in the conservative Muslim nation. Crown Prince Mohammed bin Salman has reined in the religious police and brought in a lot of changes.
    Michael Cohen facilitated $1.6 million agreement on behalf of GOP fundraiser

    Michael Cohen facilitated $1.6 million agreement on behalf of GOP fundraiser

    The source says it allows the woman to speak about and take legal action concerning her alleged pregnancy if she so chooses. Daniels sued Trump on the grounds that the non-disclosure agreement she signed regarding the affair was invalid.
  • Is Gmail Testing Self-Destructing Messages?

    Is Gmail Testing Self-Destructing Messages?

    It is also still unconfirmed if these features will work with non-Gmail accounts or if they will only apply to Gmail users. The compact view will be similar to the current Gmail design, something that current users should be happy about.
    NFL Mock Draft: Oakland Raiders 3-round mock 6.0

    NFL Mock Draft: Oakland Raiders 3-round mock 6.0

    To complete a almost ideal month in Pittsburgh, the Steelers are looking to round off the city's success with one of the NFL's best drafts.
    Federal Bureau of Investigation  agents seized Trump lawyer's recordings of conversations in raid

    Federal Bureau of Investigation agents seized Trump lawyer's recordings of conversations in raid

    President Donald Trump spoke to Michael Cohen over the phone on Friday, a source with knowledge of the matter confirmed to CNN . Clifford and our legal efforts brought considerable attention and pressure to bear", he told USA TODAY on Tuesday via email.
  • Historic wildfires raging in Oklahoma

    Historic wildfires raging in Oklahoma

    A wildfire in northwestern Oklahoma has burned more than 120,000 acres and forced hundreds of people to evacuate their homes. Firefighters are facing tough weather conditions that will make controlling the critical situation even tougher.
    IRS, Summit Partners warn about tax deadline scams

    IRS, Summit Partners warn about tax deadline scams

    Some groups of US citizen are automatically given more time to file their taxes without asking for it or filling out paperwork. Federal and state tax extension forms are also available locally and online, which allows filing returns by October 15.
    Commodities@Moneycontrol: Crude oil prices likely to firm up further

    Commodities@Moneycontrol: Crude oil prices likely to firm up further

    The market is also keeping an eye on developments out of Syria, after reports an air base near Homs was struck by missiles. Prices were also impacted by reports that Saudi Arabia intercepted missiles over Riyadh fired by Yemeni Houthi rebels.