If a phone made by either of those companies is your daily driver, you might want to trade up to something a little more secure.
Researchers from Security Research Labs examined around 1200 Android phones from Google, OnePlus, Samsung, HTC, LG etc., and found that some of these companies "modified" their security patch build numbers when updating their devices without actually updating them. Even worse is the fact that the manufacturers of these handsets are lying when they say that their firmware is fully updated. A German research firm, Security Research Labs have revealed that most of the smartphone makers fail to roll out security patches to their users and on many occasions they also skip it.
The patch gap issue is not an isolated case.More news: Jordin Canada selected fifth overall to Seattle Storm in WNBA draft
These are places in the code where updates should be but are not. Android has a lot of manufacturers, and hardly any OEM can keep up with Google's pace of releasing security patches. For example, Samsung's 2016 J5 accurately reported what was and wasn't installed, but its 2016 J3 said all patches were up to date when 12 weren't actually installed.
Some manufacturers fared better than others. The issue didn't extend to Google's devices, of course, so those with Pixel and Pixel XL, or Pixel 2 and Pixel 2 XL devices were safe, but the report claims that some OEMs, including Sony, Samsung, and Wiko had missed at least one security patch. Those with Samsung processors skipped over few patches while models using MediaTek chips missed nearly 10 patches, on average. But that number starts creeping up higher as we look at hardware from LG, HTC, Motorola, and ZTE - the latter's phones averaging four or more absent patches.
A Google spokesperson sent us the following statement.More news: Cops Fired After Blaming Mice for Missing Half-Ton of Weed
The researchers did find a correlation between skipped patches and chipsets, however. Compared to flagships, cheaper phones are found to be skipping more patches, which also tend to use cheaper chips. MediaTek chipsets, on the contrary, had an average of 9.7 missing security patches. Security updates are one of many layers used to protect Android devices and users. However, Google has tried to make some changes by putting in efforts and releasing security for its apps like the Google Play Protect which was rolled out previous year. The problem with Android is that while Google may push out regular software updates, it is left to these manufacturers to push them out to their devices.
The takeaway here is that even though a new phone might not have every single patch, the Android OS is still tough to hack. "Defense in depth means install all the patches".
As Nohl puts it, "You should never make it any easier for the attacker by leaving open bugs that in your view don't constitute a risk by themselves, but may be one of the pieces of someone else's puzzle".More news: The Factor Everyone Ignores: Diamondback Energy, Inc. (FANG), NXP Semiconductors NV (NXPI)