Smartphone Android Manufacturers Skipping Security Patches and Not Informing Users

Some Android phone vendors are skipping security patches without notifying users, and instead hoodwinking their customers into believing their smartphone software is up to date with Google’s monthly security releases, according to a new research. Researchers with Germany’s Security Research Labs (SRL) tested the firmware of 1,200 phones from manufacturers like Google, Samsung, Sony, Nokia, Huawei, Motorola, LG, HTC, ZTE and TCL for every patch released in 2017.

Android Manufacturers

The results they found were quite interesting. Researchers Karsten Nohl and Jakob Lell said that there’s often a hidden “patch gap” between what the phones manufacturers tell the users about their software patch and what patches have actually been installed.

“Our large study of Android phones finds that most Android vendors regularly forget to include some patches, leaving parts of the ecosystem exposed to the underlying risks,” the SRL report notes.

Google pushes out Android security updates each month that is a collection of patches for a variety of security bugs. But while manufacturers may install some of the fixes, changing the security update date to the latest, they can fail to install all the patches included in any particular month’s update.

Failing to update their smartphones with the latest security updates is one thing, but SRL found that many phone makers simply lied without installing any patches at all.

“We found several vendors that didn’t install a single patch but changed the patch date forward by several months,” SRL founder Nohl said. For example, Samsung’s 2016 J3 claimed to have every 2017 Android patch installed but in fact when 12 weren’t actually installed.

Still, SRL says that major handset makers, Google, Samsung and Sony have the most secure Android phones missing on an average from zero to one update. Then there are companies like Nokia, OnePlus and Xiaomi which miss between one and three patches, while phones sold by HTC, Huawei, LG and Motorola are missing three to four patches. Bringing up the rear are ZTE and TCL, whose phones on average have missed more than four Android security patches.

In response, Security Research Labs has updated its SnoopSnitch app, where Android phone users can get an accurate breakdown of which security updates have and haven’t been installed.

Reported By

Leave a Reply

34 Comments on "Smartphone Android Manufacturers Skipping Security Patches and Not Informing Users"


Sort by:   newest | oldest
Girish Gowda | BengaLuru
April 14, 2018 12:01 am 12:01 AM

Shame on samsungakar.

Airtel User
April 14, 2018 5:19 pm 5:19 PM

+1 GG

April 13, 2018 9:40 pm 9:40 PM


Airtel User
April 14, 2018 5:22 pm 5:22 PM

GG, its still more secure then android any day. No app can take data from iOS like android does. Also if you see FBI case, they werent able to hack into the device on there own so they hired 3rd party which also wasnt able to hack fullly but partially for approx 100crores for one single iPhone.
Even apps like truecaller dont get permissions in iOS loke it get in android.
Security wise iOS is much much secure then android.

Girish Gowda | BengaLuru
April 14, 2018 12:00 am 12:00 AM


April 14, 2018 12:06 pm 12:06 PM

Remember the day when apple rejected to unlock an iphone of a criminal when FBI asked it??

Kiran Fernandes | Goa
April 14, 2018 4:21 am 4:21 AM

hahahahahahahahahahah the fappenning was awesome lol

Girish Gowda | BengaLuru
April 14, 2018 2:51 pm 2:51 PM

Not if you were the victim. Lol. Those poor people trusting greedy Apple.
Anyway I will stay away from that folder. Or atleast try to. LOL.

Kiran Fernandes | Goa
April 14, 2018 8:07 pm 8:07 PM

haha only the hollywood stars were the victims. Well, most of them. There’s a rule they should follow. Use a Samsung galaxy S series, and don’t use cloud storage.

Ruchit Shah (Gujarat)
April 16, 2018 9:56 am 9:56 AM

Well there is something called two step verification. Can you prove that gmail is never hacked?? All stars whose accounts were been hacked were not using two step verification kindly check how these accounts were hacked. Also in ios no apps can mine data as in Android. In Android few apps wont even start if I dont provide the permission to use my call logs and sms. If you are using Android, all your data will be provided for free to FBi. They wont even need to go to a third party.

April 13, 2018 9:00 pm 9:00 PM

Motorola – Please pay attention !! Good article.

Proxima Midnight
April 14, 2018 1:23 pm 1:23 PM

What? last time i checked most of the Moto phones were 5 March 2018 security patched.

Are you taking about Xiaomi?

Kiran Fernandes | Goa
April 14, 2018 8:08 pm 8:08 PM

Lol Kirti, I’m using Xiaomi with AEX rom. Xiaomi’s MIUI sucks. Don’t wanna use it at all.

Proxima Midnight
April 15, 2018 1:27 am 1:27 AM
Yea, miui really behind 2 years even from AOSP, yet it doesn’t even has features like in notifications reply, mark as read etc. & their setting app is confusing like hell, some important things are buried in the deep corners. My P2 also got many ROMs but only 2-3 currently are in official state. I’m using Lineage OS which is getting weekly OTAs & hell better than stock. though i was also fan of RR but since MM all the custom ROM based on AOSP & CM are same with a little section of over the top feature under setting.… Read more »
Proxima Midnight
April 15, 2018 1:23 am 1:23 AM

My P2 got many ROMs but only 2-3 currently are in official state.

I’m using Lineage OS which is getting weekly OTAs & hell better than stock.

though i was also fan of RR but since MM all the custom ROM based on AOSP & CM are same with a little section of over the top feature under setting.

i feel LOS simple & good to use as daily driver.

April 14, 2018 10:33 pm 10:33 PM

Which Custom ROM has in built call recording function for RN4???

Proxima Midnight
April 15, 2018 1:19 am 1:19 AM

custom ROMs are meant for advance features over the AOSP, so i’d say many ROMs support that.
But to be precise I use LOS 14.1 which has call recording feature in its dialler app. but it will only work if you skip Google dialer during GAPPs installation after flashing ROM.

April 15, 2018 10:47 pm 10:47 PM

Thanks a lot for reply.
But how to skip Google Dialer, I think there is no option to uncheck installation???

Nikhil Mumbai-Pune
April 13, 2018 11:04 pm 11:04 PM

Most disgraceful company in last two years!!!!! Worst product ever in last two years!!!!!

April 14, 2018 1:48 am 1:48 AM

My xiaomi mi Max2 on December 17 security patch… Xiaomi most of the time skipp security patches update

Kaushik IMA
April 15, 2018 3:50 am 3:50 AM

MIUI is not just an android skin, it’s an extensive modification. I expect there are additional, undisclosed bugs and exploits there.

China does not allow disclosure of security threats of its systems outside China in some new law….so one has to think how secure the phones are.

MIUI encourages ignorance of several APIs and replaces them with its own. Huge security tinderbox right there.

The task scheduling is tweaked, memory management is changed….. I am not even sure if project treble makes any difference to Xiaomi because such changes often need kernel level tweaks….

Airtel User
April 14, 2018 12:29 am 12:29 AM

So you meant to say with security updates with nokia and chaomi android data cant be hacked or accessed without you knowing ? LoL

Nikhil Mumbai-Pune
April 14, 2018 11:40 am 11:40 AM

I was talking about Major Android Updates!!!!! Moto G5 Plus and Moto G5s plus are still not on Oreo after One year of Release!!!!! Isn’t it big reason to worry which was a big smartphone brand once upon a time!!!!!

April 14, 2018 11:52 pm 11:52 PM

I have redmi note 3 2016 model. Have 2018 security patch.