Scott Roberts, Android's product security lead also noted that security patches are only one level of protection built into Android devices. While the smartphones of Sony and Samsung were found to have missed few patches, ZTE and TCL lied about 4 or more updates. Researchers Karsten Nohl and Jakob Lell from Security Research Labs have spent the past two years reverse-engineering hundreds of Android devices in order to check if devices are really secure against the threats that they claim they are secure against.
Not only do some vendors fail to push these security patches, or delay their release, but sometimes they just let the users think that their smartphone's security is fully up-to-date. This can be seen in the image of the table below which lists off what OEMs were missing patches and how many of them were missed. "The lesson is that if you go for a cheaper device, you end up in a less well maintained part to this ecosystem", said Nohl. The team cited the Samsung J5 2016 as being honest about the lack of patches, while the J3 2016 lacked 12 patches (including two deemed "critical") despite claiming to receive every security update in 2017.
This OnePlus phone seems to be in decent, if outdated, security shape. For some features, the app needs to be run on rooted Android phones, but the security patch analysis will work on all phones using a Qualcomm chipset. Other handset makers have to examine each update and, if necessary, tailor them to fit each of their own devices.
That all said, it's not necessarily a disaster that your phone might not have every single last possible security patch installed, and it often takes more than one unpatched bug to leave your phone open and vulnerable to attackers.
The issue has bugged a large number of Android smartphone users that are actively on Google Music and Google has been notified of it more than 6 months ago.
To sum up the findings, vendors such as Google, Sony, Samsung, Wiki on an average missed between 0-1 patches.
One of the interesting revelations from the research is that even major vendors such as Xiaomi and Nokia (which promise swifter updates) had on an average between one and three missing patches, whereas HTC, Motorola, and LG had missed between three and four patches. One theory points to the chipsets these handsets are running, as there seems to be a correlation between particular SoCs and the availability of security updates: Snapdragon-based phones and those running Samsung's Exynos chips may only have one recent fix missing, while those built with MediaTek chips average almost ten. If a phone made by either of those companies is your daily driver, you might want to trade up to something a little more secure.
Twittersphere reacts to Caster Semenya's gold win
I've had a few races where I've trailed at the back and walked away extremely disappointed in my performance. With 51.08, Jamaica's Anastasia Le Roy was fastest overall to progress to what could be an open final.
Janice Dickinson testifies Bill Cosby raped her
Dickinson claimed she told the writer the "entire horrific" experience, but was told it "would never get past Cosby's legal team". Constand was expected to testify Friday - the second time she will face a jury after Cosby's first trial ended without a verdict.
Coli infections in seven states
Marler Clark has been retained by E. coli victims from New Jersey, Pennsylvania, Missouri and Idaho . Restaurants and retailers are not now advised to avoid serving or selling any particular food.
China defends military buildup in South China Sea
China lays claim to a number of disputed islands and territories, which often results in touchy situations during routine drills. On Monday, WSJ described the move as "a significant step in [China's] creeping militarization of the South China Sea".
High winds, dry weather bring Red Flag warnings
It will be mostly sunny on the weekend, with temperatures reaching the low 50s on Saturday and the low 60s on Sunday. Because of this, we also have High Wind Watch has been issued for Thursday afternoon and evening.