Android mobile makers have been deceiving users about their smartphones' security against malware and hacking vulnerabilities. The manufacturers have allegedly been found to be lying to consumers about missed security patches. Researchers looked at companies like Google, Samsung, Motorola, OnePlus, Xiaomi, and others, and found some of them say their handsets have been updated with the latest security patches, but neglect to mention that there are several updates that were in fact missed.
Research firm Security Research Labs has claimed that several mobile manufacturers are lying to their customers about missed Android security patches, as per a report by Wired. The researchers looked into 1,200 handsets from companies like Samsung, Sony, Google, Huawei, Motorola, LG, HTC, and more and discovered that there is usually a 'patch gap' between what the mobiles say have been updated and what patches have been installed. "It's small for some devices and pretty significant for others," SRL founder Karsten Nohl was quoted as saying.
Nohl and researcher Jakob Lell found that companies like Sony and Samsung missed a few patches on average, but HTC, Huawei, LG, and Motorola had between three and four skipped patches. Other manufacturers like Xiaomi, OnePlus, and Nokia skipped between one and three security updates, on average. Also, manufacturers like TCL and ZTE even skipped more than four.
The researchers noted that the SoCs that the smartphones use may be the cause of the issue. Phones with Samsung processors skipped over few patches while handsets with MediaTek SoCs missed roughly around 10 patches, on average. Nohl said, "The lesson is that if you go for a cheaper device, you end up in a less well-maintained part to this ecosystem."
Notably, SRL Labs has released an update to its Android app called SnoopSnitch, which enables users to check their smartphone's code for the actual state of its security updates.
Meanwhile, Google has responded to the report saying it is working with SRL Labs to further investigate its findings.Google responded to the issue, in an emailed statement to Gadgets 360, "We would like to thank Karsten Nohl and Jakob Kell for their continued efforts to reinforce the security of the Android ecosystem. We're working with them to improve their detection mechanisms to account for situations where a device uses an alternate security update instead of the Google suggested security update. Security updates are one of many layers used to protect Android devices and users. Built-in platform protections, such as application sandboxing, and security services, such as Google Play Protect, are just as important. These layers of security-combined with the tremendous diversity of the Android ecosystem - contribute to the researchers' conclusions that remote exploitation of Android devices remains challenging."