Smartphone Android Manufacturers Skipping Security Patches and Not Informing Users

Follow Us

Some Android phone vendors are skipping security patches without notifying users, and instead hoodwinking their customers into believing their smartphone software is up to date with Google’s monthly security releases, according to a new research. Researchers with Germany’s Security Research Labs (SRL) tested the firmware of 1,200 phones from manufacturers like Google, Samsung, Sony, Nokia, Huawei, Motorola, LG, HTC, ZTE and TCL for every patch released in 2017.

Android Manufacturers

The results they found were quite interesting. Researchers Karsten Nohl and Jakob Lell said that there's often a hidden “patch gap” between what the phones manufacturers tell the users about their software patch and what patches have actually been installed.

"Our large study of Android phones finds that most Android vendors regularly forget to include some patches, leaving parts of the ecosystem exposed to the underlying risks," the SRL report notes.

Google pushes out Android security updates each month that is a collection of patches for a variety of security bugs. But while manufacturers may install some of the fixes, changing the security update date to the latest, they can fail to install all the patches included in any particular month’s update.

Failing to update their smartphones with the latest security updates is one thing, but SRL found that many phone makers simply lied without installing any patches at all.

"We found several vendors that didn’t install a single patch but changed the patch date forward by several months," SRL founder Nohl said. For example, Samsung's 2016 J3 claimed to have every 2017 Android patch installed but in fact when 12 weren't actually installed.

Still, SRL says that major handset makers, Google, Samsung and Sony have the most secure Android phones missing on an average from zero to one update. Then there are companies like Nokia, OnePlus and Xiaomi which miss between one and three patches, while phones sold by HTC, Huawei, LG and Motorola are missing three to four patches. Bringing up the rear are ZTE and TCL, whose phones on average have missed more than four Android security patches.

In response, Security Research Labs has updated its SnoopSnitch app, where Android phone users can get an accurate breakdown of which security updates have and haven't been installed.

Recent Comments

Faraz :

Nice advertisement ( but very misleading ) When does Airtel offer 7% interest on savings to customers you should mention…

Airtel Payments Bank Savings Account Offers up to 7% Interest…

Faraz :

True.. they have enough spectrum but most of them is not deployed/used. Vi should complete 3G shut down fast now.…

Vodafone Idea Needs ARPU to Reach Rs 320 for Meeting…

. :

Me too getting fiber like speeds on Vi.

Vodafone Idea Needs ARPU to Reach Rs 320 for Meeting…

. :

After leaving airtel and joining Vi I save a lot on data topups and also enjoy congestion free network, airtel…

Vodafone Idea Needs ARPU to Reach Rs 320 for Meeting…

TheAndroidFreak :

If they activate 1+3+8+41, 1+3+41,1+3+8, PAN India, it will solve all their problems immediately. No need to deploy 5G as…

Vodafone Idea Needs ARPU to Reach Rs 320 for Meeting…

Load More
Notify of
oldest most voted
Inline Feedbacks
View all comments