Published: Fri, April 13, 2018
Hi-Tech | By Grace Becker

Some Android OEMs lied about applying security updates

Some Android OEMs lied about applying security updates

Google is known for rolling out security updates from time to time for Android smartphones.

If we talk about smartphone processors, Taiwan's MediaTek company topped the chart on missing the patches. In a practical scenario, when you find that your device's firmware is fully updated, you get a false sense of security. It was discovered that the smartphones tested have missed or lacked the security patch which the company claims that they have rolled out. The J5 did miss some security patches from 2017, but it didn't advertise that they were installed. SRL notes that the chips the phones used could be part of the problem. Sony and Samsung devices were found to have only skipped 0-1 security update.

Of the 1,200 phones from over a dozen device makers that were tested by the researchers, the team found that even devices from top-tier device makers had "patch gaps", although smaller device makers tended to have even worse track records in this area.

Bringing up the rear were ZTE and TCL, whose phones had an average of more than four missed Android security practices. In some cases, these chipsets were found to include bugs and as a result, vendors had to rely on chipset makers to roll out patches before implementing OS software updates.

The Crypto Eroscoin (ERO) had 2.49% move up on April 11-12
The Reddit community for Ethereum Gold is /r/ethereum and the currency's Github account can be viewed here. WhaleCoin (WHL) traded 3.8% higher against the dollar and now trades at $0.0365 or 0.00000450 BTC .

Even more alarming than the number of missed patches is that Security Research Labs states that some vendors weren't just foregoing the patch updates, but going so far as to actively alter the date and version number of the patch to show as if the security update was applied even when it really wasn't. Presenting the results of SRLs finding at a security conference, researcher Karsten Nohl said, "We found several vendors that didn't install a single patch but changed the patch date forward by several months". In a somewhat better grouping, each Xiaomi, OnePlus and Nokia phone tested had between one and three missed patches.

The AI butler that is programmed inside Android 8.1 Oreo has gone through great lengths in improving its services but a bug has prevented it from executing one particular task - playing a song from your Google Music library. Besides manufacturers, SRL said some chip makers are to blame.

ZTE and TCL are among the worst offenders, followed by HTC, LG, Motorola, and Huawei. Android has a lot of manufacturers, and hardly any OEM can keep up with Google's pace of releasing security patches.

Android has typically been more vulnerable to attack that Apple's iOS platform, however Google has pumped a huge amount of resources into tackling security protection on its devices. Google also reportedly points out that some devices may have had updates skipped due to vendors simply removing a feature that had the vulnerability as opposed to sending out an update, which would likely be a quicker process. The company tried to do some damage control by listing its mechanisms like Google Play Protect which are being developed to ensure an extra security layer.

Like this: