The security updates Android manufacturers regularly roll out aren’t what they seem, according to a report from Wired. Apparently, companies are lying to their users, saying their phone’s firmware is fully up to date, when in fact it’s not.
Karsten Nohl and Jakob Lell of Security Research Labs revealed two years’ worth of research, in which the duo reverse-engineered operating system code from 1,200 Android devices. What they found was troubling, per Wired’s report:
In many cases, certain vendors’ phones would tell users that they had all of Android’s security patches up to a certain date, while in reality missing as many as a dozen patches from that period—leaving phones vulnerable to a broad collection of known hacking techniques.
Even some of today’s biggest manufacturers, including Samsung, Motorola, Sony, and HTC, misrepresented what security patches were available on its devices. The only company that hasn’t misled users is Google, which is another reason to own a Pixel 2 or Pixel 2 XL.
Other lesser-known companies like TCL and ZTE were particularly deceptive, missing more than four patches they’d claimed to have rolled out to users, according to Wired. In a few rare cases, Sony and Samsung missed a patch or two “by accident.”
“We found vendors that didn’t install a single patch but changed the patch date forward by several months,” said Nohl. “That’s deliberate deception, and it’s not very common.”
The problem isn’t just the deception, but the position it puts users in. There are over two billion Android devices on the market right now, which means millions are vulnerable to hacks without the latest security updates. And even when users think they do have the latest security update, there’s a chance they’re being lied to.
In response to the research by Nohl and Lell, Google released a statement, which you can read below:
We would like to thank Karsten Nohl and Jakob Kell for their continued efforts to reinforce the security of the Android ecosystem. We’re working with them to improve their detection mechanisms to account for situations where a device uses an alternate security update instead of the Google suggested security update. Security updates are one of many layers used to protect Android devices and users. Built-in platform protections, such as application sandboxing, and security services, such as Google Play Protect, are just as important. These layers of security—combined with the tremendous diversity of the Android ecosystem—contribute to the researchers’ conclusions that remote exploitation of Android devices remains challenging.
Disguise your little one with the help of a themed costume
From avocado halves to hoppy bunnies, costumes speak to every child's unique spirit. And we've collected our favorite options.
Add magic to your living space with these string lights
String lights add personality and soft light to your living space. Here are some of the best.
The Galaxy S20 Ultra's Space Zoom camera is amazing and a bit creepy
The Galaxy S20 Ultra supports up to 100X zoom, which Samsung calls Space Zoom, but is it any good? Can a phone really product usable photos at 100x zoom? We've got our Galaxy S20 Ultra already so join us to find out!
These are the best Galaxy S10 screen protectors
The Galaxy S10 comes equipped with the most beautiful smartphone display on the market. Make sure it remains that way with a screen protector. Here's a roundup of the best Galaxy S10 screen protectors available right now.