Published: Fri, April 13, 2018
Hi-Tech | By Grace Becker

Researchers say some Android phone makers hide missed updates

Researchers say some Android phone makers hide missed updates

Android handset manufacturers may not be telling the whole truth about security updates, according to two well-known German researchers.

Researcher Karsten Nohl said, "We find that there's a gap between patching claims and the actual patches installed on a device".

Clearly, Google, Sony, Samsung, and the lesser-known Wiko are at the top of the list, while TCL and ZTE are at the bottom. Most other major Android phone makers fall somewhere in between. "The lessons is that if you go for a cheaper device, you end up in a less well-maintained part to this ecosystem", a researcher was quoted as saying by the Wired. "Sometimes these guys just change the date without installing any patches", Nohl says. "We found several vendors that didn't install a single patch but changed the patch date forward by several months". It was discovered that the smartphones tested have missed or lacked the security patch which the company claims that they have rolled out.

Nohl and Lell plan to present their findings at the Hack in the Box security conference in Amsterdam tomorrow, and post their full paper online after their presentation. "These layers of security-combined with the tremendous diversity of the Android ecosystem-contribute to the researchers' conclusions that remote exploitation of Android devices remains challenging".

Pa. school district gives teachers mini baseball bats to ward off shooters
Additional bats - about $1,800 was spent on 600 bats total - will be placed in offices and other school locations. Now another district in the state has another wacky idea: Arm teachers with mini baseball bats.

This OnePlus phone seems to be in decent, if outdated, security shape. The research firm reveals that many a times the smartphone maker informs the users that their device has the latest security patch but that is not the case often they are lying about it. However, does this excuse manufacturers who say their devices are fully updated when they are not? Now it is being reported that Google might be rolling out the monthly security patches in a different way to increase the efficiency of these updates. Over the past few years, Google has pushed its OEM partners like smartphone manufacturers to be more aggressive with their updates, but it's been an uphill battle.

Or so you'd think.

They looked into the smartphones from makers like Google, Samsung, Nokia, Sony, HTC, LG, Motorola, TCL, and ZTE. It appears Motorola may not be living up to its promises. One theory points to the chipsets these handsets are running, as there seems to be a correlation between particular SoCs and the availability of security updates: Snapdragon-based phones and those running Samsung's Exynos chips may only have one recent fix missing, while those built with MediaTek chips average almost ten. While we hope to learn a bit more about exactly which phones are missing which fixes, there's also another concern beyond just knowing whether or not your phone is actually secure, and that involves the degree to which manufacturers have been misleading their users.

Like this: