Android phones may have hidden missed security patches from you

SnoopSnitch - Android Apps on Google Play

SnoopSnitch - Android Apps on Google Play

Some Android OEMs are have reportedly been skipping security patches according to a security research firm called Security Research Labs, which mentioned the issue last week on Friday, April 6 at a conference in Amsterdam. Google dates the monthly security updates so that users can see if their smartphones have been updated with the latest fixes. And it's time to start verifying vendor claims about the security of our devices. While Google's Pixel devices have a flawless record with security patches, the researchers found that even top-tier phone makers claimed to have security patches installed, when they were actually missing. What they discovered was something they refer to as "patch gap". Yes and no. While it's disgraceful for the companies to misrepresent a security patch level, SRL points out that often chip vendors are to blame: devices sold with MediaTek chips often lack many critical security patches because MediaTek fails to provide the necessary patches to device makers.

TLS has no or a negligible performance impact when used on modern devices with up-to-date software implementations, and greatly improves user experience and security. For some features, the app needs to be run on rooted Android phones, but the security patch analysis will work on all phones using a Qualcomm chipset.

Every now and then Android comes with its new updates or patches that is said to secure your smartphone. Also, manufacturers like TCL and ZTE even skipped more than four. According to a blogpost on the website of the firm, they conducted a large study of Android phones, and found "that most Android vendors regularly forget to include some patches", which they say expose the Android ecosystem to many risks.

The decision to choose one smartphone brand over the other is also influenced by how soon the manufacturer is rolling out regular security and software updates. "Probably for marketing reasons, they just set the patch level to nearly an arbitrary date, whatever looks best", Karsten Nohl, Security Research Labs founder, told the publication.

Indeed, Google is the source of Android's security patches.


Nohl and researcher Jakob Lell found that companies like Sony and Samsung missed a few patches on average, but HTC, Huawei, LG, and Motorola had between three and four skipped patches. "That's deliberate deception, and it's not very common", SRL founder Karsten Nohl told Wired. SRL Labs is going to release an update to its Android app SnoopSnitch that will let users check their phone's code for the actual state of its security updates, but it is unlikely that users will manually check for patches.

A Google spokesperson sent us the following statement.

Nohl agrees that exploiting missing patches remains hard for hackers, who are more likely to use methods like rogue apps snuck onto the Google Play Store or less secure third party sources.

"Built-in platform protections, such as application sandboxing, and security services, such as Google Play Protect, are just as important", he said.

Recommended News

  • Strong weekend storms possible with cool front

    Strong weekend storms possible with cool front

    For tonight , winds will stay a bit elevated out of the south-southeast around 7-14MPH and a few more clouds will move in. As of right now the Storm Prediction Center has all counties/parishes in the "enhanced risk" zone for severe weather.
    Fortnite is back, and Epic is apologizing with in-game gifts

    Fortnite is back, and Epic is apologizing with in-game gifts

    Identified - The initial fix was unable to handle returning traffic, and we're again experiencing issues with login success . So hop on, let us take a look at some of the locations you need to head to for those precious Battle Stars.
    OPCW confirms United Kingdom  conclusion that Skripals were poisoned by nerve agent

    OPCW confirms United Kingdom conclusion that Skripals were poisoned by nerve agent

    It says British authorities "must urgently provide tangible evidence that Yulia is alright and not deprived of her freedom". The OPCW report states that the chemical the toxic substance was of high purity and contained nearly no impurities.
  • Nerve agent victim Yulia Skripal rebuffs cousin, Russian offers of help

    Nerve agent victim Yulia Skripal rebuffs cousin, Russian offers of help

    Britain has said the use of such an obscure poison indicates Moscow was either to blame or had lost control over its nerve agents. The inspectors said that the nerve agent was of "high purity" with "the nearly complete absence of impurities".
    Line-ups: RB Salzburg-Lazio

    Line-ups: RB Salzburg-Lazio

    Atletico Madrid's trip to Lisbon was a little more tame; losing 1-0 to Sporting, Diego Simeone's side nonetheless go through 2-1 on aggregate.
    Trump Considering Another Controversial Pardon

    Trump Considering Another Controversial Pardon

    According to ABC News, the president has already signed off on a pardon for Libby and has been considering it for several months. Add Donald Trump as an interest to stay up to date on the latest Donald Trump news, video, and analysis from ABC News .
  • Maple Leafs-Bruins Sum

    Maple Leafs-Bruins Sum

    Pastrnak put the Bruins up 3-1 with just 38 seconds remaining in the second period after unleashing a wrist shot past Andersen. Babcock is hoping for more evenly spread out ice time for all four lines so he can reduce the strain on his top players.

    "Jessica Jones" Renewed for Season 3 by Netflix

    Hopefully, it won't take as long as it did - over two years between first and second season - last time around. There's sure to be news on this in the future, but for now at least, Jessica Jones' home is still on Netflix .
    EIA forecasts a almost  14% rise in summer retail gasoline prices

    EIA forecasts a almost 14% rise in summer retail gasoline prices

    Through February, southbound border crossings into Whatcom County are up 10.8 percent compared to the same period a year ago. Other factors behind the higher spring gas prices include the rising price of crude oil, which is up to around $67 a barrel.
  • Amazon Com INC (AMZN) Shareholder Northern Trust Corp Decreased Stake

    Amazon Com INC (AMZN) Shareholder Northern Trust Corp Decreased Stake

    As it's announced in Securities and Exchange form the stake in Amgen Inc (NASDAQ:AMGN) is upped by 44,671 shares to 9.79M shares. Therefore 97% are positive. 74 are the (NASDAQ: AMZN)'s ratings reports on April 12, 2018 according to StockzIntelligence Inc.
    West weighs attack on Syria that could prompt confrontation with Russian Federation

    West weighs attack on Syria that could prompt confrontation with Russian Federation

    The imminent arrival of the global chemical watchdog comes as rebels in Douma surrendered their weapons and left the town. National security experts anxious whether strikes would actually serve to deter Assad.
    Hats off to Team South Africa at Commonwealth Games

    Hats off to Team South Africa at Commonwealth Games

    Peter Beattie said that it is a common thing for athletes to disappear at events like this one. Team attache Simon Molombe said he did not expect them to return.

We are pleased to provide this opportunity to share information, experiences and observations about what's in the news.
Some of the comments may be reprinted elsewhere in the site or in the newspaper.
Thank you for taking the time to offer your thoughts.