Are hardware makers doing enough to keep Android phones secure?

Yolanda Curtis
Апреля 13, 2018

While the smartphones of Sony and Samsung were found to have missed few patches, ZTE and TCL lied about 4 or more updates. When Google realizes new software update, then vendors like Qualcomm and MediaTek test it and make some adjustment and hand it over to Android smartphone makers but they do not test out the Android software across the device. The companies like Google, Samsung, and Sony got a very good record of installing the patches but the companies like Lenovo's Motorola, TCL and ZTE have got the problem to roll out the updates. The manufacturers have allegedly been found to be lying to consumers about missed security patches. This is incredibly simple to fake-even you or I could do it on a rooted device by modifying ro.build.version.security_patch in build.prop. While the phone's software may claim to be fully up-to-date, the researchers found security patches missing in most devices. A German research firm, Security Research Labs have revealed that most of the smartphone makers fail to roll out security patches to their users and on many occasions they also skip it. HTC, Huawei, LG and Motorola all had between three and four skipped patches while Xiaomi, OnePlus and Nokia skipped, on average, between one and three security updates. The "patch gap" varies between device and manufacturer, but given Google's requirements as listed in the monthly security bulletins-it shouldn't exist at all.

It would be one thing if companies were outright telling us that an update contained X out of Y recent fixes (and better still if they briefly mentioned the reasons for skipping the others), but with the way things have been operating so far, users could easily have the impression that their phones are more patched than they actually are.

According to the researchers, some Android device makers even went as far as intentionally misrepresenting the security patch level of the device by simply changing the date shown in Settings without actually installing any patches. SRL checked out the firmware on 1,200 Android handsets and looked for every patch disseminated in 2017. And if a company making those chips isn't keeping up with patches, it becomes quite hard for the manufacturers of the phones running them to fully secure their devices. Some of the devices even lacked the official certification from Google's Android security in the first place.

Читайте также: Janice Dickinson Testifies Bill Cosby Drugged & Raped Her During Sexual Assault Retrial

The researchers noted that the SoCs that the smartphones use may be the cause of the issue. We're working with them to improve their detection mechanisms to account for situations where a device uses an alternate security update instead of the Google suggested security update.

SRL has updated its SnoopSnitch Android security app to detect whether a phone has missed security updates. All of the requisite permissions for the app and the need to access them can be viewed here.

При любом использовании материалов сайта и дочерних проектов, гиперссылка на обязательна.
«» 2007 - 2018 Copyright.
Автоматизированное извлечение информации сайта запрещено.

Код для вставки в блог

Other reports by

FOLLOW OUR NEWSPAPER

LATES NEWS

OTHER NEWS