we Return to talk about the security updates of Android devices. If yesterday we saw how to Google could separate the security patches from Android manufacturers now we see a security report says that manufacturers are jumping patches when you upgrade your mobile.
The signature of Security Research Labs claims to have been looking for two years, the source code of a great variety of Android devices of different ranges and brands to check if the manufacturers were applying all the security patches who claimed to have the date of your upgrade, and your study says that it does not.
Not all security patches are coming
Security Research Labs says that there are many manufacturers that inform their users that their device is up to date with all security patches up to a certain date, but when we analyze the source code during these years to have seen that there are patches that do not come. If the monthly update official includes 38 security patches that some manufacturers released the update with fewer patches.
also Have shown that some manufacturers directly change the date of the update security without installing any patch, perhaps for reasons of marketing shows LLC, for the user to think that their manufacturer updates their device regularly.
the study found the firmware of some 1,200 phones of more than a dozen vendors, including Google, Samsung, Sony, Motorola, Xiaomi, Sony, LG, Nokia, Huawei, TCL or ZTE.
the conclusions of their study concluded that the mobile low-end had the record of patches that claimed to have, and then it was all a lie, and that in the high range was also made, but were lost a few security patches. For example, in 2017, Xiaomi, OnePlus, or Nokia would have been omitted between one or three patches. TCL and ZTE are manufacturers with more patches to be skipped.
SRL discovered that a mobile phone of Samsung, the Galaxy J5 2016, he was honest to tell the user what patches you had installed and what was missing, while the Galaxy J3 2016 claimed to have all the patches released 2017 but lacked 12 of them, two of them deemed as “critical”.
One of the reasons that it is pointing to the study that the manufacturers have omitted some patches are the fault of the suppliers of chips. Here, according to the study the mobile processors Mediatek had an average of have been jumped by 9.7 patches, while the mobile with processor Samsung had barely jumped patches.
Google responds to the study
WIRED it asked Google for this study, and the company responded by pointing out that some of the devices analyzed by SRL could not have been certified devices with Android, so that would not be subject to the security standards of Google.
he Also mentioned that some patches may be missing on a device because the manufacturer deleted directly that vulnerable feature, instead of applying the patch, or because directly didn’t have that feature. Even so, Google reports that they are working with SRL Labs to further investigate their findings, since security is one of the main pillars of Android.
patches they might have missed in the devices, because the phone providers have responded by simply eliminating a vulnerable feature of the phone instead of applying a patch, or the phone didn’t have that feature in the first place
Via | Wired
Xataka Android | [The security on Android in 2017: the installation of malicious applications fell more than 60%](The security on Android in 2017: the installation of malicious applications fell more than 60%)
The news The Android device manufacturers are jumping security patches, according to a report by was originally published in Xataka Android by Cosmos.
Phoneia.com (April 12, 2018). The Android device manufacturers are jumping security patches, according to a report. Recovered from https://phoneia.com/en/the-android-device-manufacturers-are-jumping-security-patches-according-to-a-report/