Several phone makers have been allegedly misleading consumers regarding their device’s protection. A study spearheaded by Karsten Nohl and Jakob Lell of Security Research Labs revealed OEMs have been making users think their phone is up to date while never having applied the supposed security patches.
The following breaks down missing patches by vendor:
- Google, Sony, Samsung, Wiko (0-1 missed patches)
- Xiaomi, OnePlus, Nokia (1-3 missed patches)
- HTC, Huawei, LG, Motorola (3-4 missed patches)
- TCL, ZTE (4+ missed patches)
This type of neglect would seem to greatly increase vulnerabilities, however, Google refutes this notion in a statement to Wired.
Security updates are one of many layers used to protect Android devices and users. Built-in platform protections, such as application sandboxing, and security services, such as Google Play Protect, are just as important. These layers of security—combined with the tremendous diversity of the Android ecosystem—contribute to the researchers’ conclusions that remote exploitation of Android devices remains challenging.
— Scott Roberts, Android product security lead
The report adds to an already tarnished reputation as the Android OEMs haven’t always been timely with security provisions and have track records of lagging behind on overall updates.
There will certainly be more information in the days ahead as Google plans to independently investigate the parties named and will also team with SRL for further analysis.
As a consumer, has your trust taken a hit or could we be sensationalizing this?