Researchers Karsten Nohl and Jakob Lell from Security Research Labs have spent the past two years reverse-engineering hundreds of Android devices in order to check if devices are really secure against the threats that they claim they are secure against.
KitGuru Says: Given the number of well-known attacks that can be leveraged against Android devices, keeping on top of security patches in important. The J5 did miss some security patches from 2017, but it didn't advertise that they were installed.
Google's Pixel devices are the only ones that contained every security patch that it advertised to its users.
The research spanned every Android security patch released in 2017, and utilised 1,200 different makes of device, including items from major manufacturers such as Samsung, Motorola and HTC, as well as Google's own devices.More news: Reliance Jio may launch laptops with cellular connectivity
As of Google's last update in February, only 1.1 per cent of Android users have access to the most recent version of the software, and a study in 2016 found that only 17 per cent of devices were operating on a recent patch level.
Other OEMs such as TCL and ZTE had missed four or more patches. In other words, some device makers have been claiming that their phones meet a certain security patch level when in reality their software is missing required security patches. On the other hand, in the OnePlus 5T the test result was inconclusive in the case of 5 patches but the handset has not missed any patch.
Updates and security patches on Android have always been a serious issue.
A possible source of missing patches is the chipset used in devices and the vulnerabilities specific to it. MediaTek chipsets, which are often used in cheaper handsets, were found to have 9.7 missing patches.
"We found several vendors that didn't install a single patch but changed the patch date forward by several months", Nohl further revealed.More news: Another threat for storms late Friday
Android P will allow cleartext connections to specific domains, but Google said developers should use these only for legacy cases to avoid traffic being tampered with.
Motorola was joined in the three-to-four-missed-patch purgatory by HTC, Huawei and LG.
Nohl said that this "deliberate deception" wasn't as common as vendors simply forgetting to update their devices. Google's phones seem to be safe, however, as the Pixel and Pixel 2 series did not misrepresent what security patches they had. The company tried to do some damage control by listing its mechanisms like Google Play Protect which are being developed to ensure an extra security layer.More news: World's most admired 2018