Android Smartphone Makers Have Been Misleading Users About Security Patches!

Some of the devices even lacked the official certification from Google’s Android security in the first place.

0

Manufacturers Missing Out On Android Security Patches

It seems that some Android smartphone manufacturers have been repeatedly misleading the users about security updates by simply changing the dates of the security patches without actually changing anything within. Android has a lot of manufacturers, and hardly any OEM can keep up with Google’s pace of releasing security patches.

Not only do some vendors fail to push these security patches, or delay their release, but sometimes they just let the users think that their smartphone’s security is fully up-to-date.

What’s The Story Of Android’s Security Patches All About?

In a recent report by a German security firm, it was found that several Android phones missed multiple security patches leaving these devices vulnerable to a broad collection of known hacking techniques.

In some of the cases, it was found that the Android phone manufacturers had intentionally misrepresented the dates when the device had last been patched.

The list includes major Android phone makers like Google, Samsung, Xiaomi, OnePlus, Sony, LG, Huawei, Nokia, Motorola, HTC, ZTE and TCL. Some of the devices even lacked the official certification from Google’s Android security in the first place.

Creating A False Sense Of Security

Missed Patches By Smartphone Makers
Missed Patches By Smartphone Makers – Source: SRL Labs

Several manufacturers have been pretending to stay on par with the latest updates without pushing any actual update. These OEMs have just been changing the date of the security patches on the device without actually installing the associated patches an have been misleading their users.

These smartphone makers have created a false sense of security among their users. At times it was found that vendors didn’t even install a single patch, but only changed the date of the update by forwarding it by several months.

On the user’s part, it’s almost impossible to know which patches are missing and which are actually installed.

Devices Are Vulnerable To Known Hacking Techniques

Over 1200 random devices were tested, and several devices were found to be lacking multiple security updates, which is critical for the phone’s security, making it vulnerable to multiple hacks. Missing multiple patches can cause a series of vulnerabilities in a phone’s software.

But hacking an Android device is harder than it seems, as Android phones come with a broader set of security measures like address space layout randomization and sandboxing. The randomization helps to alter the location of a program in memory and sandboxing limits the access to the rest of the device.

Missing an update or two may not end up in a device hack, but with a series of patches missing can cause some serious problems with the security of the device.

Chipmakers The Main Culprit

Missed Patches By Chipset Manufacturers
Missed Patches By Chipset Manufacturers – Source: SRL Labs

In several cases, the chip makers were found to be the main culprits. Compared to flagships, cheaper phones are found to be skipping more patches, which also tend to use cheaper chips.

The patch gaps and bugs are found in the chips rather than in its operating system. The vendor has to primarily depend on the chipmaker to offer a security patch and not the OS. Cheaper chips from the lower-end suppliers missed the most patches with a less well-maintained Android ecosystem.

Any type of update on Android, be it a security patch or a software update, Google and device manufacturers have failed badly in fragmenting devices with the latest features and updates. Nearly 90 percent of smartphones worldwide run Android, and Google needs to take the issue up seriously.

You can check your device’s level of security by downloading this app.

"Android Smartphone Makers Have Been Misleading Users About Security Patches!", 5 out of 5 based on 4 ratings.

Leave A Reply

Your email address will not be published.

who's online