Some Android Manufacturers Reportedly Skipping Security Patches

Katie Ramirez
April 15, 2018

SRL noted that missed patches doesn't necessarily mean that hackers have an easy time breaking into Android phones.

The claim comes from technology analyst firm Security Research Labs, which has reason to believe that Android manufacturers are telling lies about security patches.

Xiaomi, Nokia, HTC, Motorola and LG all made the list, as well, while TCL and ZTE fared the worst in the study, with, on average, not having installed more than four of the patches they claimed to have installed on a given device. The report by Wired suggests that several Android OEMs who promise to deliver the latest security patches often mislead their customers by not delivering those patches at all. The duo focuses their investigation on patches for critical or high severity bugs which are released during the year 2017. Unfortunately, it looks like many manufacturers are doing a poor job of it, with security researchers this week saying that many vendors simply skip patches and tell users that they are up to date.

NOhl said in an interview on Thursday that, the patching problems that occur on smartphones can be blamed due to the complexity of the Android ecosystem and poor quality control.

The whole process that takes place during the test may result in omitting a security patch.

Sixers' Win Streak is Tainted by Tanking
The 76ers are arguably the hottest team in the league at the moment having ended the regular season with sixteen consecutive wins. The Sixers clearly need their big man if they're going to make a run in the Eastern Conference playoffs .

"We found several vendors that didn't install a single patch but changed the patch date forward by several months".

Security Research Labs looked at 1,200 firmware updates from over a dozen manufacturers and found that Google, Samsung, and Sony had the best record of releasing the latest security patches.

To coincide with the release of the report, SRL has launched an app called SnoopPitch, which it says helps Android users find out if their handsets are neglecting security.

The security vendor has a free app, Snoopsnitch, in Google's Play store that attempts to analyse how many patches are installed on Android devices. "Unfortunately they can not always decide on the type of device they have, or the kind of connection they are on", said Charles Murito, Google country manager, Kenya. "That's deliberate deception, and it's not very common".

The company added that it was working with the research authors to improve detection mechanisms when a device uses an alternate patch as opposed to a Google-endorsed update. "These layers of security-combined with the tremendous diversity of the Android ecosystem-contribute to the researchers' conclusions that remote exploitation of Android devices remains challenging".

Other reports by

Discuss This Article