Android smartphone makers and their security patches

Compartir

The vendors of the Android Phones claims that if you are updating your phones regularly then you are having all the latest security patches.

That's according to a two-year-long study by Security Research Labs (SRL), finding a so-called "patch gap", Wired reports.

Researchers found Google, Samsung, and Sony phones to be the most complete in terms of security patches, with TCL and ZTE phones having the most missing patches.

The decision to choose one smartphone brand over the other is also influenced by how soon the manufacturer is rolling out regular security and software updates. The duo focuses their investigation on patches for critical or high severity bugs which are released during the year 2017. But the researchers found there is often a hidden "patch gap" between what the manufacturers tell the users and what they actually do to the software - some simply tell people they have updated the phones without actually patching anything. "Now that monthly patches are an accepted baseline for many phones, it's time to ask for each monthly update to cover all relevant patches". However, SRL researchers Karsten Nohl and Jakob Lell believe that several manufacturers are informing users that their devices have been updated, when they are actually missing important patches pushed out by Google.

Fossil finger bone could challenge modern migration theory
The bone, 3.2 centimetres long, is thought to be the middle bone of a middle finger, and is likely to have belonged to an adult. However, even though the finger bone is much younger than the jawbone, it's still a momentous find, Groucutt said.

In some of the cases, it was found that the Android phone manufacturers had intentionally misrepresented the dates when the device had last been patched.

Google said it is investigating the claims and will push any vendor to bring their devices into compliance. By skipping patches, some devices may still be vulnerable to Android attacks, despite the firmware date showing that it shouldn't be an issue. But while manufacturers may install some of the fixes, changing the security update date to the latest, they can fail to install all the patches included in any particular month's update.

Search results are also cached on the device, enabling Internet users to quickly re-access previous searches, even when offline, without incurring further data costs. Nevertheless, the security company plans to update its SnoopSnitch app to show users the actual patch status of their handset.

The firm said: "We're working with them to improve their detection mechanisms to account for situations where a device uses an alternate security update instead of the Google suggested security update".

Compartir