The researchers found that, in many cases, Android smartphones that were said to have all Android security patches up to certain dates were really missing several updates, which leaves the devices open to a variety of hacking methods. Some devices would tell their users they had been updated to the latest version of software or firmware, but in reality were lacking up to a dozen vital patches.
The findings on this security patches come from Karsten Nohl and Jakob Lell at Security Research Labs in Berlin. According to a blogpost on the website of the firm, they conducted a large study of Android phones, and found "that most Android vendors regularly forget to include some patches", which they say expose the Android ecosystem to many risks. While we hope to learn a bit more about exactly which phones are missing which fixes, there's also another concern beyond just knowing whether or not your phone is actually secure, and that involves the degree to which manufacturers have been misleading their users.
SRL found that Samsung's budget J3 smartphone claimed to have every security patch from 2017 installed, but it was actually missing 12 of the patches released during that year. Google Pixel devices, on the other hand, didn't skip on any update and were the only devices to be on that list which were immune to this issue.
LG, Motorola, Huawei, and HTC missed 3-4 patches, and Nokia, OnePlus, and Xiaomi skipped 1-3 patches on an average. Over the past few years, Google has pushed its OEM partners like smartphone manufacturers to be more aggressive with their updates, but it's been an uphill battle.
The research spanned every Android security patch released in 2017, and utilised 1,200 different makes of device, including items from major manufacturers such as Samsung, Motorola and HTC, as well as Google's own devices.
For all the good of Android's open-source approach, one of the clear and consistent downsides is that the onus to issue software updates falls on the manufacturer.
CWG 2018 | Shooter Tejaswini Sawant wins gold, Anjum takes silver
In table tennis, Manika Batra cruised to the semi-finals of the women's singles as Mouma Das' campaign came to an end. While in athletics, Seema Punia and Navjeet Dhillon won silver and bronze respectively in discus throw .
One measure of security a user has when using an Android device is when you get the monthly security patches from Google.
While many of these missed security patches may not be inherently risky in isolation, hackers typically chain together multiple security holes to reach their goal, taking over devices and stealing data.
Not all Android devices are equal in terms of security.
The greatest offenders, though, were the phones powered by MediaTek's processors, with 9.7 missed security updates on average.
"Built-in platform protections, such as application sandboxing, and security services, such as Google Play Protect, are just as important", he said. However, does this excuse manufacturers who say their devices are fully updated when they are not? "These layers of security-combined with the tremendous diversity of the Android ecosystem-contribute to the researchers' conclusions that remote exploitation of Android devices remains challenging".