By skipping patches, some devices may still be vulnerable to Android attacks, despite the firmware date showing that it shouldn't be an issue. What they discovered is that many Android OEMs have a "patch gap" and simply update the date shown on firmware to make it look like users are up to date.
Further code changes are required for developers whose apps create Transmission Control Protocol datagram sockets, using the SSLSocketFactory class for the Java programming language.
The findings on this security patches come from Karsten Nohl and Jakob Lell at Security Research Labs in Berlin. The problem with Android is that while Google may push out regular software updates, it is left to these manufacturers to push them out to their devices. "Probably for marketing reasons, they just set the patch level to nearly an arbitrary date, whatever looks best", Nohl said. This is incredibly simple to fake-even you or I could do it on a rooted device by modifying ro.build.version.security_patch in build.prop.
Russian Federation blocks United Nations resolution on Syria as U.S. military action looms large
Nebenzia blamed some council members for voting against the text, as he claimed, simply because it was a Russian draft. Five countries - Bolivia, China, Ethiopia, Kazakhstan, Russia - voted in favor, failing to pass the threshold of nine.
The research firm tested about 1200 smartphones from makers like Google, Samsung, HTC, TCL and tested their flagship devices. Huawei, HTC, Motorola, and LG were found to be lacking as many as four, and ZTE and TCL were missing more than four updates in many cases.
So, if you are wondering about the security of your smartphone or want to check on the patch you received last, then here is an app for that as well. In other cases, there was no reasonable explanation for why some phones claimed to patch certain vulnerabilities when in fact they were missing multiple critical patches. The results are categorised as Patched, Patch missing, After claimed patch level, Test inconclusive. Those with Samsung processors skipped over few patches while models using MediaTek chips missed nearly 10 patches, on average. The issue didn't extend to Google's devices, of course, so those with Pixel and Pixel XL, or Pixel 2 and Pixel 2 XL devices were safe, but the report claims that some OEMs, including Sony, Samsung, and Wiko had missed at least one security patch. And if a company making those chips isn't keeping up with patches, it becomes quite hard for the manufacturers of the phones running them to fully secure their devices. Cheaper chips from the lower-end suppliers missed the most patches with a less well-maintained Android ecosystem.
As for Google's response to this research, the company acknowledges its importance and has launched an investigation into each device with a noted "patch gap". Nevertheless it still remains that according to SRL, patch updates were still listed as being up to date when they weren't, which might lead some users to wonder going forward if their device has actually been updated with the latest security fixes. We're working with them to improve their detection mechanisms to account for situations where a device uses an alternate security update instead of the Google suggested security update. All of the requisite permissions for the app and the need to access them can be viewed here. Enter your email to be subscribed to our newsletter.