Some Android Manufacturers Reportedly Skipping Security Patches

Some Android Manufacturers Reportedly Skipping Security Patches

Google provides Android security patches to AOSP once a month, which manufacturers pull from to integrate into the Android distributions on their devices.

Indeed, Google is the source of Android's security patches.

That's because crucial patches are commonly skipped over by some of the most prolific players in the smartphone market, according to in-depth findings from Security Research Labs (SRL). In some cases, a phone won't receive them at all.

Taking up less than 5 MB, the app is quick to download without using much data, and takes up minimal space on users' phones. This can be seen in the image of the table below which lists off what OEMs were missing patches and how many of them were missed. While Nohl and Lell found, on average, between zero to one missed patches since October 2017 on each Samsung, Google and Sony phone they tested, they found between three and four missed patches on the Motorola phones.

However, the devices with the most glaring issues were those built with processors from Taiwan's MediaTek. The more alarming detail is not that the security patches had been missed, but rather the number of times that the patches weren't applied. It's up to third parties, including smartphone manufacturer and network carriers, to supply Google's Android updates to their devices. It could come down to a lack of resources, the sheer difficulty of adapting the work across multiple devices, or the hope that the next Stagefright-scale attack won't happen again soon.

Janice Dickinson Tells Jury that Bill Cosby Raped Her in 1982
During cross examination, a defense attorney seized on inconsistencies in Dickinson's testimony and what she wrote in the book. The prosecution claims that these "prior bad acts" witnesses demonstrate a pattern of Cosby's behavior of misconduct.

"Patching is critically important to uphold the effectiveness of the different security layers already found in Android", the researchers wrote. "Vendors generally put in a real effort, but things can be forgotten, skipped, or the vendor will want to do it later", he said. That's deliberate deception, " says Nohl. But the Samsung J3 (2016) claimed to have every 2017 Android patch installed when in truth it had missed 12 updates, including a pair that were considered "critical" to keeping the handset safe and secure.

The pressure to patch can also create incentives for vendors to lie. Some phone vendors did better than others. However, the fact that manufacturers are deceiving customers regarding the level of protection that they are providing remains a worrying discovery.

"Sometimes these guys just change the date without installing any patches", Nohl was quoted as saying. He pointed to the French vendor behind the Wiko Freddy, a smartphone found to be missing 80 patches. The models with the highest likelihood of getting all security updates were those from Samsung, Google, and Sony. But, these companies should check out the android tool as well, specifically with a range of devices.

A pair of researchers at Security Research Labs recently shared a study with Wired highlighting some of these risks. Leaving any holes unpatched weakens the overall security of a device. The Berlin-based team found that many Android phone manufacturers were far behind on updates, or even lying about the last security update applied to the phone. The company is continually adding new safeguards to the Android OS that can isolate and detect malicious code before it gains a foothold.

To coincide with the release of the report, SRL has launched an app called SnoopPitch, which it says helps Android users find out if their handsets are neglecting security. However, it seems like their words can't be taken for granted.

Related Articles

  • Body found amid search for SoCal family after SUV swept into river

    Body found amid search for SoCal family after SUV swept into river

    In the latest case, the Thottapilly family had taken a road trip from their home in Santa Clarita, Calif., to OR for spring break. Sarah Hart pleaded guilty to charges of domestic assault in 2011, after police in Minnesota said she hit one of her daughters.
    Trump lawyer Michael Cohen under criminal investigation

    Trump lawyer Michael Cohen under criminal investigation

    The judge also heard from a new lawyer for Trump, Joanna Hendon, who said the president had "an acute interest" in the case. It was not immediately clear on Friday what specific issues the court hearing would address.
    Lost In Space — New To Netflix

    Lost In Space — New To Netflix

    Eashwar Krishnan upped its holdings by 43.44% in Netflix Inc (NFLX ), according to 2017Q4 Securities and Exchange filling. Baillie Gifford & has invested 1.66% in Netflix, Inc . (NASDAQ: NFLX ) on Tuesday, October 18 with "Outperform" rating.
  • Toy company CEO makes $890M bid for Toys

    Toy company CEO makes $890M bid for Toys"R"Us stores"

    If Larian does win the bid, he says he plans to remake the stores as a fun and engaging place where families can spend the day. Larian is the CEO of MGA Entertainment, the company behind products such as LOL Surprise and Bratz dolls.
    Nazem Kadri Suspended Three Games For Hit On Bruins' Tommy Wingels

    Nazem Kadri Suspended Three Games For Hit On Bruins' Tommy Wingels

    There should be no place in hockey for the risky hit that the Maple Leafs' Nazem Kadri laid on the Boston Bruins' Tommy Wingels during Game 1 on Thursday night.
    Los Angeles Police Department Articles, Photos, and Videos

    Los Angeles Police Department Articles, Photos, and Videos

    Court records show that the TV producer was deep in debt and filed for bankruptcy in 2012, three years before her sister's death. LAPD homicide detectives worked and Los Angeles Fire Department Arson investigators conducted independent investigations.
  • Potent system brings blizzards, thunderstorms to Midwest

    Potent system brings blizzards, thunderstorms to Midwest

    Sunday: There's a 50 percent chance of precipitation with new snow accumulation of less than a half inch possible. Saturday will be colder across the state, and the high in Wichita is expected to be 45.
    President Trump says military strike in Syria underway

    President Trump says military strike in Syria underway

    He said the United States' response would integrate "all instruments of our power", including diplomatic and economic avenues. The U.S. has about 2,000 troops in northeastern Syria where they have worked with Kurdish fighters against the Islamic State.
    Bearcats third at own doubles tourney

    Bearcats third at own doubles tourney

    A couple of those things are interesting. "You look at this past decade, this Pella High team has outscored us 45-0". The NBA playoff matchups are set, with games beginning Saturday. "It was a game of two halves", Byerley said.
  • Woman adopts baby after chance encounter with his mother at airport

    Woman adopts baby after chance encounter with his mother at airport

    The two exchanged numbers, and Phipps told Snipes to call her if she found herself in trouble or ever needed anything. - Shocking video has led to the arrest of a Detroit woman for violent child abuse on Thursday.
    Backpage.com co-founder likely to be released on Friday -- attorney

    Backpage.com co-founder likely to be released on Friday -- attorney

    The founders behind the classified ads site have since been charged with money laundering and facilitating prostitution. Ferrer stood with attorney Nanci Clarence for the brief hearing before Sacramento Superior Court Judge Lawrence Brown.
    Facts about the green

    Facts about the green "mohawk" turtle keep getting weirder and weirder

    Unfortunately, like all good things, it is now one of the most endangered species on Earth. Australian Mary River Turtle which has been categorised as an ‪endangered species‬‬.