Researchers claim some Android vendors are hiding missed security patches from users

Pauline Obrien
April 15, 2018

Manufacturers tell users that phones are patched up to a certain month, the researchers said, but some months have been skipped, leaving security holes that can be exploited by hackers or Android malware. When Google creates new security updates each month, it trickles them down to device makers that get the ultimate say on how and when to update their phones. The Berlin-based team found that many Android phone manufacturers were far behind on updates, or even lying about the last security update applied to the phone.

Researchers found Google, Samsung, and Sony phones to be the most complete in terms of security patches, with TCL and ZTE phones having the most missing patches.

Bayern Appoint Niko Kovač as their Next Manager
Kovac will sign a three-year-contract while Ribery and Robben stay for one more season. The Bayern coach said it is not only a challenge for Bayern but Real as well.

In total, Nohl and Lell analysed the firmware of 1,200 phones developed by companies such as Samsung, Google, HTC, Motorola and ZTE. Google told Wired some of the devices in the report weren't Android certified, and therefore aren't tested for security and performance. "We're working with them to improve their detection mechanisms to account for situations where a device uses an alternate security update instead of the Google suggested security update". In order to shove sand over their mistakes, they simply mention that the devices are running on the latest updates, i.e. they lie about rolling out the patches in the first place. And, the company has made it easy for users to keep tabs on which security patch they're on.

Some manufacturers fared better than others. SRL notes that MediaTek was the biggest offender for chip-level patch omissions - those ended up going up the chain to the OEMs and, thus, were missing from the overall software updates.

Child's Body Found Along NorCal River In Search For Missing Family
Authorities believe Devonte, 15, Hannah, 16, and Sierra, 12, may have been in the vehicle and were swept out to sea. A Mendocino County Sheriff's Office spokesman didn't immediately respond to a message seeking information.

While many of these missed security patches may not be inherently risky in isolation, hackers typically chain together multiple security holes to reach their goal, taking over devices and stealing data.

Yet, with a growing amount of malicious code coming from more sophisticated actors, those involved in the Android software development chain shouldn't chance missing out on patches in the case that a string of holes leads to a flawless strike.

MSM Breathless over Non-Reporting of Unconfirmed Rumor About Trump Fathering Child
The Enquirer's Howard said the magazine released Sajudin from his exclusivity clause when he was approached by the other outlets. The contract stipulated that he would have to pay a $1 million penalty if he talked about the rumor or the deal to remain quiet.

Taking up less than 5 MB, the app is quick to download without using much data, and takes up minimal space on users' phones. Well, not only does that home bar look like a narrower version of the bar you'll find on the iPhone X, but we hear that the Android version may function in a quite similar way, with users swiping up to access their home screens. And Android's fragmentation is a problem that remains unsolved.

Other reports by

Discuss This Article

FOLLOW OUR NEWSPAPER