Published: Sun, April 15, 2018
Tech | By Anita Cain

Google's spring wallpapers may also be a hint for Android P

Google's spring wallpapers may also be a hint for Android P

Some of the largest Android smartphone makers are thought to be misleading users about important security updates, according to a report from Wired. These security updates are distinct from Android OS updates, and are listed by "Security patch level" dates, which can generally be found in the "System About phone" dialog in the Settings menu on Android devices.

According to a two-year study conducted by Security Research Labs (SRL) on more than 1,200 Android phones, many are missing security patches. That can mean frustration for those waiting for the latest and greatest feature updates - and in some cases, it can put your phone at risk with delayed or missed security updates. Researchers with Germany's Security Research Labs (SRL) tested the firmware of 1,200 phones from manufacturers like Google, Samsung, Sony, Nokia, Huawei, Motorola, LG, HTC, ZTE and TCL for every patch released in 2017.

All in all, while things remain a mystery, speculation is starting to stir up surrounding what exactly Google has in store for the next version of Android. The post was about a security patch in which the company has demonstrated the updated DNS settings via a screenshot.

What's The Story Of Android's Security Patches All About? With this kind of inconsistency in place, it is harder for users to actually know if their device is secure or not. Usually, Google's stock Android builds are slated to get the fastest updates, followed by other manufacturers who ship with extensively customised interfaces. Some phone vendors did better than others.

In particular, the results for Wiko are interesting.

The researchers did find a correlation between skipped patches and chipsets, however.

Bringing up the rear were ZTE and TCL, whose phones had an average of more than four missed Android security practices. Google also reportedly points out that some devices may have had updates skipped due to vendors simply removing a feature that had the vulnerability as opposed to sending out an update, which would likely be a quicker process.

The company wrote (via The Verge): "We're working with them [SRL] to improve their detection mechanisms to account for situations where a device uses an alternate security update instead of the Google suggested security update. These layers of security-combined with the tremendous diversity of the Android ecosystem-contribute to the researchers' conclusions that remote exploitation of Android devices remains challenging".

Like this: