Android phone makers skip Google security updates without telling users

Adjust Comment Print

Some Android phone vendors are skipping security patches without notifying users, and instead hoodwinking their customers into believing their smartphone software is up to date with Google's monthly security releases, according to a new research. When Google creates new security updates each month, it trickles them down to device makers that get the ultimate say on how and when to update their phones.

Researchers Jakob Kell and Karsten Nohl from Security Research Labs highlighted the problem with relying on manufacturers to issue patches promptly.Wired reported that the team tested 1,200 Android handsets from all the major manufacturers over a two-year period, checking if the manufacturers had issued the patches as advertised. All that said, Google has reportedly pointed out some details which are worth considering - some of the devices may not have been Android certified devices which means they wouldn't be offering the same standard of security updates as Google and other more trusted OEMs. Researchers with Germany's Security Research Labs (SRL) tested the firmware of 1,200 phones from manufacturers like Google, Samsung, Sony, Nokia, Huawei, Motorola, LG, HTC, ZTE and TCL for every patch released in 2017. Some of the devices even lacked the official certification from Google's Android security in the first place. It also reassured that even with patches missing, it would be hard for a bad actor to hack an Android device. Usually, Google's stock Android builds are slated to get the fastest updates, followed by other manufacturers who ship with extensively customised interfaces.

What's The Story Of Android's Security Patches All About?

Because of the structure of Android, security updates are dependent on device manufacturers, which can make the update process tricky.

More news: Chelsea legend urges club to keep Conte and sell players instead
More news: Could one drink a day shorten your life?
More news: Milos Forman, 'One Flew Over The Cuckoo's Nest' director, dies at 86

It is still a huge problem, as it makes it almost impossible for users to tell the level of security on a device. On some phones, the patch gaps numbered in the dozens. So skipping on one update could be a threat to device's security and the users might not feel safe while using their devices.

While many of these missed security patches may not be inherently unsafe in isolation, hackers typically chain together multiple security holes to reach their goal, taking over devices and stealing data.

"Built-in platform protections, such as application sandboxing, and security services, such as Google Play Protect, are just as important", he said.