Android P might be called Popsicle, but probably not

Share

This is the claim from Germany's Security Research Labs (SRL), after its researchers conducted a two-year study into the state of Android security, focused around the monthly updates that Google issues.

Security Research Labs analysed a large number of devices running Google's Android operating system, and found that some vendors fail to apply critical and high severity security patches. "Probably for marketing reasons, they just set the patch level to nearly an arbitrary date, whatever looks best", Nohl is quoted as saying. Some phone vendors did better than others. What is more concerning is that in some cases, manufacturers intentionally misrepresented when the device had last been patched. Vendors whose devices had one to three missing patches include Nokia, Chinese giant Xiomi and fan-favorite OnePlus.

Though a variety of Android manufacturers have implemented navigation gestures over the years, Google might be considering the move in stock Android in response to the iPhone X and ever-shrinking bezels.

However, handsets from less known manufacturers like ZTE and TCL have a worse track record at pushing out security patches. When Google creates new security updates each month, it trickles them down to device makers that get the ultimate say on how and when to update their phones. Some brands even mislead their customers by releasing a renamed security patch which usually is not up to date.

The Kardashian Reactions To Tristan Thompson's Cheating Are Just Weird
Tristan made out with one of the women, while the other woman grabbed his head and snuggled it to her chest. "And the family is keeping them apart until she goes into labor", which could be sooner than expected now.

Unfortunately, they did not explain whether or not these missed updates are intentional. It also reassured that even with patches missing, it would be hard for a bad actor to hack an Android device. "Owing to this complexity, a few missing patches are usually not enough for a hacker to remotely compromise an Android device", the researchers wrote.

In the end, the researchers found that vendors like Google, Sony, Samsung and Wiko were missing 0-1 patches on average.

Because these hardware-level fixes are accounted for in the Android security bulletins, this created situations where OEMs delivered updates claiming to have a "security patch level" but they were actually missing some of the patches for that "level".

The app reported that the Sony devices missed one security update, but found that tests for five other patches were inconclusive. "That's deliberate deception, and it's not very common", SRL founder Karsten Nohl told Wired.

Share