tech2 News StaffApr 12, 2018 21:06:46 IST
Most smartphone manufacturers including the likes of players like Samsung and Xiaomi are unable to push out the latest Android updates. But it now seems that some manufacturers who claim to push out the latest updates may be lying about featuring the latest security patches.
After conducting a research that spanned two years on Android devices, Security Research Labs (SRL), a German security firm claims that many devices had what SRL call a “patch gap”. This refers to a scenario where the phone’s software would claim it was up to date with security patches but actually missed number of patches.
According to a report by Wired, such incidents were not one offs either. Out of the 1,200 phones tested by SRL, which included devices from Google, Samsung, HTC, Motorola and TCL, the firm found that even flagship devices from Samsung and Sony missed a patch. Lesser known manufacturers, on the other hand, missed out on many more.
While missing out on patches and claiming that they are present itself amounts to lying and is a breach of trust, the scenario seems far worse. Presenting the results of SRLs finding at a security conference, researcher Karsten Nohl said, "We found several vendors that didn’t install a single patch but changed the patch date forward by several months."
What makes it worse as Nohl points out is the fact that it is almost impossible for the user to know which patches are actually installed. SRL Labs is going to release an update to its Android app SnoopSnitch that will let users check their phone's code for the actual state of its security updates, but it is unlikely that users will manually check for patches.
Now, Google has responded to the publication saying that it has launched investigations into each instance brought up by SRL and is trying to get each OEM to bring their certified devices into compliance.
Tech2 is now on WhatsApp. For all the buzz on the latest tech and science, sign up for our WhatsApp services. Just go to Tech2.com/Whatsapp and hit the Subscribe button.