Great Moto G Stylus deal on Amazon!

Report: Some Android phones are given credit for security patch updates they never received

By
20comments
Samsung HTC Sony Software updates Google Xiaomi
Even though the phone showed it received all updates from 2017, the Samsung J3 actually missed 12 of them - Report: Some Android phones are given credit for security patch updates they never received
Even though the phone showed it received all updates from 2017, the Samsung J3 actually missed 12 of them
A security outfit located in German says that some Android phone manufacturers are pulling the wool over their customers' eyes. Researchers working for Security Research Labs (SRL) discovered that companies like Google, HTC, Samsung, Sony, Motorola, ZTE, TCL and others are skipping over some Android security patch updates even though the phones show that they were installed.

SRL checked out the firmware on 1,200 Android handsets and looked for every patch disseminated in 2017. The results were interesting. Outside of the Google Pixel and Google Pixel 2, the tests revealed that even high-end flagship models made by the top manufacturers had Android security patch updates skipped over, even if the update was credited on the phone. By showing users that these patches were installed when they weren't, owners believe that their handsets are safer than they really are.

SRL founder Karsten Nohl says that in some cases, a manufacturer might accidentally miss a security patch update, or even two. But the Samsung J3 (2016) claimed to have every 2017 Android patch installed when in truth it had missed 12 updates, including a pair that were considered "critical" to keeping the handset safe and secure.

Besides manufacturers, SRL said some chip makers are to blame. In particular, phones powered by a MediaTek chipset had 9.7 missed patches on average. That could be due to the fact that some cheaper phones using less expensive chips are more likely to miss updates. SRL founder Nohl says, "The lesson is that if you go for a cheaper device, you end up in a less well maintained part to this ecosystem."

Recommended Stories
Google says that some of the devices in the study may not have been Android certified devices, which means that Google's standards of security would not apply to them. And some patches may have been missed, says Google, because the manufacturer removed the offending feature instead of fixing it with the patch. Google is working with SRL to delve deeper into its test results.

In Amsterdam this Friday, Nohl and fellow SRL researcher Jakob Lell will present at the Hack in the Box security conference, the results of their two-year test that revealed what they call the "patch gap."


source: Wired
https://m-cdn.phonearena.com/images/users/39-200/Alan-F.jpg
Alan Friedman Mobile Tech News Journalist
Alan, an ardent smartphone enthusiast and a veteran writer at PhoneArena since 2009, has witnessed and chronicled the transformative years of mobile technology. Owning iconic phones from the original iPhone to the iPhone 15 Pro Max, he has seen smartphones evolve into a global phenomenon. Beyond smartphones, Alan has covered the emergence of tablets, smartwatches, and smart speakers.

Recommended Stories

Loading Comments...

Popular stories

T-Mobile is now going to dictate where you can use its 5G internet
T-Mobile is now going to dictate where you can use its 5G internet
Samsung's killer Galaxy Watch 6 Classic trade-in deal comes just in time for Mother's Day
Samsung's killer Galaxy Watch 6 Classic trade-in deal comes just in time for Mother's Day
Apple signals the imminent release of the iPad Air (2024) and iPad Pro (2024)
Apple signals the imminent release of the iPad Air (2024) and iPad Pro (2024)
The speedy iPad Mini 2021 is even sweeter than usual after a lovely discount on Amazon
The speedy iPad Mini 2021 is even sweeter than usual after a lovely discount on Amazon
Apple Watch X render shows new magnetic band mechanism that could lead to longer battery life
Apple Watch X render shows new magnetic band mechanism that could lead to longer battery life
Text message from AT&T about a free device offer may look like a scam or spam but it is legitimate
Text message from AT&T about a free device offer may look like a scam or spam but it is legitimate

Latest News

T-Mobile confirms major 5G network upgrades in Louisiana
T-Mobile confirms major 5G network upgrades in Louisiana
Apple needs a $250 iPhone to boost sales but it doesn't want to make "stripped-down, lousy products"
Apple needs a $250 iPhone to boost sales but it doesn't want to make "stripped-down, lousy products"
Grab the smaller-sized Galaxy Watch 6 at bargain prices through Amazon's deal
Grab the smaller-sized Galaxy Watch 6 at bargain prices through Amazon's deal
Galaxy S21 and S22 owners facing green line issue will get free screen replacement in one country
Galaxy S21 and S22 owners facing green line issue will get free screen replacement in one country
AT&T's first kid-friendly tablet is here with a fun design and great price
AT&T's first kid-friendly tablet is here with a fun design and great price
LeBron James may have leaked Apple's next big Beats product
LeBron James may have leaked Apple's next big Beats product
FCC OKs Cingular\'s purchase of AT&T Wireless