April 26, 2018

Your Android Smartphone Maker Is Lying About Missed Security Updates

13 April 2018, 03:17 | Brandon Parsons

Report: Some Android phones are given credit for security patch updates they never received

Researchers say some Android phone makers hide missed updates

An undisclosed list of Android phone makers have been actively deceiving customers about their devices' security against malware and hacking vulnerabilities, according to Wired, which spoke with researchers at the Security Research Lab (SRL) based in Germany.

When presented with SRL's findings, Google noted that some of the devices analysed were not Android certified devices, meaning they are not held to Google's standards of security, and also mentioned that modern Android phones usually have security features that make them hard to hack, even when they have unpatched security vulnerabilities. "We find that there's a gap between patching claims and the actual patches installed on a device". Outside of the Google Pixel and Google Pixel 2, the tests revealed that even high-end flagship models made by the top manufacturers had Android security patch updates skipped over, even if the update was credited on the phone.

But for the Note 8, the SnoopSnitch identified several patches that were after the claimed patch level.

Some devices even lied to their users about being updated to the latest versions of software and firmware available, meaning users could have been left at risk of attack. The researchers looked into 1,200 handsets from companies like Samsung, Sony, Google, Huawei, Motorola, LG, HTC, and more and discovered that there is usually a "patch gap" between what the mobiles say have been updated and what patches have been installed.

Scott Roberts, Android's product security lead also noted that security patches are only one level of protection built into Android devices.

Argentinian officers claim mice ate 540kg of missing marijuana
The missing stash was then noticed by his successor, commissioner Emilio Portero , who informed internal affairs. According to the report, the policemen claimed that " mice have eaten" the enormous portion of the drug.

"Now that monthly patches are an accepted baseline for many phones, it's time to ask for each monthly update to cover all relevant patches".

Conversely, SRL also found that Samsung's mid-range J5 device contained all the advertised security patches. On many occasions, it was found that the OEMs were hiding as many as a dozen missed patches.

Here are some simple steps using which you can check the status of security patches received by the smartphone. At times it was found that vendors didn't even install a single patch, but only changed the date of the update by forwarding it by several months. The vendor has to primarily depend on the chipmaker to offer a security patch and not the OS. Other handset makers have to examine each update and, if necessary, tailor them to fit each of their own devices. "That's deliberate deception, and it's not very common", SRL founder Karsten Nohl told Wired.

Bringing up the rear were ZTE and TCL, whose phones had an average of more than four missed Android security practices.

In a statement provided to TechCrunch, Google pointed to the importance of various different means used to secure the Android ecosystem. The company tried to do some damage control by listing its mechanisms like Google Play Protect which are being developed to ensure an extra security layer.

Other News

Trending Now

Coutinho could receive Champions League winner's medal
However, it means that if Liverpool do win the competition, Coutinho would be entitled to his own winners medal. I have that in my house in a cabinet but I say wherever I go I've only two European Cup winners' medals.

Ethereum Movie Venture Market Cap Achieves $2.58 Million (CRYPTO:EMV)
Useless Ethereum Token's official Twitter account is @uetoken . "Eroscoin is an ERC20 token that is used as a payment currency". Investors can then use their newly-acquired Ethereum or Bitcoin to buy SpankChain using one of the exchanges listed above.

Fortnite Suffers Major Server Issues As New Content Is Released
In following updates though, it appears that Epic Games have gotten to the root of the issue. It looks like that comet was headed for Epic's servers and not Tilted Towers after all.

Hats off to Team South Africa at Commonwealth Games
This breakfast will give me the opportunity to congratulate numerous New Zealand athletes participating in the Games. Uganda sent 69 athletes to the Games to participate in 11 disciplines.

OPCW to release statement on spy poisoning
Russia lost a vote at the OPCW earlier this month to have a joint UK-Russian investigation into the Salisbury attack. Britain's Foreign Office said Wednesday that Yulia Skripal declined to speak to Russian officials.

'Newton' wins Best Hindi Film at 65th National Awards
With late Sridevi winning the National Award for the Best Actor (Female ) category, her fans have on Friday got emotional. Sridevi was one of the most decorated actors of all time with numerous awards and recognitions attached to her name.

Eintracht Frankfurt coach Niko Kovac set to join Bayern Munich
The ESPN FC crew weigh up Niko Kovac's credentials, amidst rumours that the Croatian will be the next Bayern Munich manager. He led them to the 2014 World Cup in Brazil but was then sacked after a disappointing qualifying campaign for Euro 2016.

Trump planning to pardon Scooter Libby
Libby was embroiled in an investigation into who leaked Central Intelligence Agency operative Valerie Plame's identity. Bush would later commute Libby's sentence, but did not pardon him.

PTI MNA quits party, joins PML-N
He urged to mainstream FATA by introducing local government system and devolve power to local people. He also predicted Shehbaz Sharif would be the next prime minister of Pakistan.

Sweden proposes United Nations team go to Syria to fix chemical weapons issue
Today's meeting marked the twelfth time Russian Federation has used its veto to block Council action on Syria. He also encouraged the council to redouble its efforts to agree on a dedicated mechanism for accountability.