Android phones are unusually slow to get updates, since the last update of Google in February, only 1.1 percent of Android users have access to the latest version of the software, but apparently the problems with software updates of Android go further. Research firm Security Research Labs says numerous Android vendors are licking users about lost security patches, according to a Wired report.
The researchers of SRL, Karsten Nohl and Jakob Lell, spent two years analyzing Android devices, verifying if the telephones really had installed the security patches that the software claimed to have. The couple discovered that many devices had what they call a "patch space," where the phone software said it was updated with security patches, but did not actually have up to a dozen patches.
Lost patches are not just an isolated incident, either. According to Wired, SRL tested the firmware of 1,200 phones from companies such as Google, Samsung, HTC, Motorola, LTE and TCL for each Android patch released last year. They discovered that even the main flagships of Samsung and Google occasionally missed a patch.
Even the flagships of Samsung and Google occasionally failed security patches
Obviously, this is bad. Whether intentional or not, clients are not only vulnerable to attacks because they do not have the latest security updates. They are also being lulled by a false sense of security in thinking that they are fully protected, which could lead to much more disastrous results in the future. To help with that, SRL is launching a tool called SnoopSnitch in the Play Store that can scan your phone's firmware to see if there are Android security patches installed or missing to see if it's really secure, but you really should not have had to get there to this. first.
To be clear, not all phone manufacturers are the same when it comes to missing security patches. On average, phones from Google, Samsung and Sony only used to lose the occasional patch. But companies like ZTE and TCL worked much worse, with devices claiming to have installed an average of four or more security patches of what they actually had.
On behalf of Google, the company told Wired: "We have launched investigations on each instance and each OEM to comply with their certified devices," and said that they would continue investigating the problem. Google also tried to explain some of the SRL findings with the manufacturers omitting patches for the features they just completely removed from the device or that, in the first place, some of the phones lacked the official Google Android security certification. But it is clear that there is still more work to be done.
After all, if the makers of Android devices fail to update their phones, the least they can do is be honest about it.