Tuesday , 17 July 2018
Home >> H >> Hardware >> Android OEMs are allegedly lying about missed security patches

Android OEMs are allegedly lying about missed security patches

ANDROID PHONE MAKERS are allegedly telling fibs to their users about missed software updates pushed out by Google, according to Wired.

Researchers Karsten Nohl and Jakob Lell, from cybersecurity firm Security Research Labs, are due to reveal the results of two years worth of Android code reverse-engineering, during which they will claim that many Android OEMs have a “patch gap”.

This is where the companies have missed patches rolled out by Google, despite telling their customers that their phone’s version of Android was up to date

The researchers tested some 1,200 phones from the likes of Samsung, HTC, Motorola and TCL for every patch released for Android last year and found that even major flagship handsets had patches missing.

Such a situation is pretty bad, as it not only leaves customers vulnerable to mobile hack attacks but is also misleading and lulls people into literally a false sense of security.

The researchers are set to release a tool called SnoopSnitch on the Google Play Store that will allow Android users to test their device’s firmware to sniff out any missed patches and check if their handset is really as secure as they’ve been lead to believe. 

Such problems don’t blight all Android phones. Google, Sony and Samsung only missed the occasional patch, according to the researchers, while other such as ZTE and TCL have more patch gaps.

“We’ve launched investigations into each instance and each OEM to bring their certified devices into compliance,” Google told Wired in response to the situation.

Google did note that part of the issue could be down to phone makers skipping patches that are for features they don’t have on their handsets.

Such a situation is not great but, given the fragmentation in the world of Android devices, it’s arguably not surprising. But it does give Apple iOS fans more smug ammo to throw at the Android army, aside from simply spouting “it just works”. µ

<!–

–>

  • <!–

  • Save this article

  • –>

close
==[ Click Here 1X ] [ Close ]==