March 27, 2019

Research claims Android manufacturers dishonest about security

13 April 2018, 10:07 | Cameron Gross

Some Android OEMs have been caught lying about security patches

Smartphone manufacturers caught lying to consumers about having the latest Android Security patches

SRL has updated its SnoopSnitch Android security app to detect whether a phone has missed security updates.

ZTE and TCL are among the worst offenders, followed by HTC, LG, Motorola, and Huawei.

Scott Roberts, Android's product security lead also noted that security patches are only one level of protection built into Android devices. While the smartphones of Sony and Samsung were found to have missed few patches, ZTE and TCL lied about 4 or more updates. Researchers Karsten Nohl and Jakob Lell from Security Research Labs have spent the past two years reverse-engineering hundreds of Android devices in order to check if devices are really secure against the threats that they claim they are secure against.

Not only do some vendors fail to push these security patches, or delay their release, but sometimes they just let the users think that their smartphone's security is fully up-to-date. This can be seen in the image of the table below which lists off what OEMs were missing patches and how many of them were missed. "The lesson is that if you go for a cheaper device, you end up in a less well maintained part to this ecosystem", said Nohl. The team cited the Samsung J5 2016 as being honest about the lack of patches, while the J3 2016 lacked 12 patches (including two deemed "critical") despite claiming to receive every security update in 2017.

This OnePlus phone seems to be in decent, if outdated, security shape. For some features, the app needs to be run on rooted Android phones, but the security patch analysis will work on all phones using a Qualcomm chipset. Other handset makers have to examine each update and, if necessary, tailor them to fit each of their own devices.

That all said, it's not necessarily a disaster that your phone might not have every single last possible security patch installed, and it often takes more than one unpatched bug to leave your phone open and vulnerable to attackers.

The issue has bugged a large number of Android smartphone users that are actively on Google Music and Google has been notified of it more than 6 months ago.

To sum up the findings, vendors such as Google, Sony, Samsung, Wiki on an average missed between 0-1 patches.

One of the interesting revelations from the research is that even major vendors such as Xiaomi and Nokia (which promise swifter updates) had on an average between one and three missing patches, whereas HTC, Motorola, and LG had missed between three and four patches. One theory points to the chipsets these handsets are running, as there seems to be a correlation between particular SoCs and the availability of security updates: Snapdragon-based phones and those running Samsung's Exynos chips may only have one recent fix missing, while those built with MediaTek chips average almost ten. If a phone made by either of those companies is your daily driver, you might want to trade up to something a little more secure.

Other News

Trending Now

Twittersphere reacts to Caster Semenya's gold win
I've had a few races where I've trailed at the back and walked away extremely disappointed in my performance. With 51.08, Jamaica's Anastasia Le Roy was fastest overall to progress to what could be an open final.

Over 40 people seek right to stay in Australia after Commonwealth Games
Botha nevertheless walked away with a silver medal to give South Africa's its first wrestling gong at the Gold Coast Games. Ms Martin said an investigation into the incident had found denials by the two athletes to be " unreliable and evasive ".

Janice Dickinson testifies Bill Cosby raped her
Dickinson claimed she told the writer the "entire horrific" experience, but was told it "would never get past Cosby's legal team". Constand was expected to testify Friday - the second time she will face a jury after Cosby's first trial ended without a verdict.

Coli infections in seven states
Marler Clark has been retained by E. coli victims from New Jersey, Pennsylvania, Missouri and Idaho . Restaurants and retailers are not now advised to avoid serving or selling any particular food.

Twitter Reactions: SRH bowlers hurt Mumbai Indians with regular strikes
But it was 20-year old Mayank Markande again, inspiring Mumbai to a comeback of great proportions with a four-wicket spell. Double blow for Sunrisers and Bumrah has got the Paltans back in the game with wickets of Yusuf Pathan and Rashid Khan .

Netflix, Inc. (NFLX) has current market capitalization of $131.64 Billion
The firm operates through four divisions: Business Solutions, Entertainment Group, Consumer Mobility, and worldwide . Subscriber gains are the real key to Netflix's quarterly report on Monday, and the company's financial longevity.

'Spelling error' gets banned Dublin mayor Michael Mac Donncha into Israel
Speaking this morning on Newstalk Breakfast , he said "the Israeli strategic affairs minister did allow me in". The timing of the conference on the 20th anniversary of the Good Friday Agreement was also apt, he said.

China defends military buildup in South China Sea
China lays claim to a number of disputed islands and territories, which often results in touchy situations during routine drills. On Monday, WSJ described the move as "a significant step in [China's] creeping militarization of the South China Sea".

Jarvis Landry Finalizing Five-Year, $75.5 Million Extension With Browns
Without a new contract, Landry would play the 2018 season on the franchise tag, which the Dolphins used on him before the trade. They didn't create all that space by paying out huge contracts to players who aren't the number one option at their position.

High winds, dry weather bring Red Flag warnings
It will be mostly sunny on the weekend, with temperatures reaching the low 50s on Saturday and the low 60s on Sunday. Because of this, we also have High Wind Watch has been issued for Thursday afternoon and evening.