Some Android phone manufacturers are lying to users about missed security updates

From The Verge: Android phones are infamously slow to get updates — as of Google’s last update in February, only 1.1 percent of Android users have access to the latest version of the software — but apparently, the problems with Android’s software updates go deeper than that. Research firm Security Research Labs is claiming that numerous Android manufacturers are lying to users about missed security patches, according to a report from Wired.

SRL researchers Karsten Nohl and Jakob Lell spent two years analyzing Android devices, checking to see if the phones actually had installed the security patches that the software said it had. The pair found that many devices had what they call a “patch gap,” where the phone’s software would claim it was up to date with security patches but was, in reality, missing up to a dozen of the patches.

The missed patches aren’t just an isolated incident, either. According to Wired, SRL tested firmware from 1,200 phones from companies like Google, Samsung, HTC, Motorola, LTE, and TCL for every Android patch released last year. They found that even major flagships from Samsung and Google occasionally missed a patch.

Obviously, this is bad. Whether it’s intentional or not, customers aren’t just being left vulnerable to hacks by not having the latest security updates. They’re also being lulled into a false sense of security by thinking that they are fully protected, which could lead to far more disastrous results down the line. To help with that, SRL is releasing a tool called SnoopSnitch on the Play Store that can analyze your phone’s firmware for installed or missing Android security patches to see if you’re really safe, but it really shouldn’t have had to come to this in the first place.

View: Article @ Source Site