Slashdot Mirror

← Back to Stories (view on slashdot.org)

Some Android Device Makers Are Lying About Security Patch Updates (phonedog.com)

Posted by msmash on from the closer-look dept.

An anonymous reader shares a report: Security patches for smartphones are extremely important because many people store personal data on their devices. Lots of Android phones out there get regularly security patches, but according to a new report, some of them are lying about the patches that they've actually gotten. According to a study by Security Research Labs, some Android phones are missing patches that they claim to have. Wired explains that SRL tested 1,200 phones from more than a dozen phone makers for every Android security patch released in 2017. The devices tested include ones from Google, Samsung, Motorola, LG, HTC, Xiaomi, OnePlus, Nokia, TCL, and ZTE. The study found that outside of Google and its Pixel phones, well-known phone makers had devices that were missing patches that they claimed to have. "We found several vendors that didn't install a single patch but changed the patch date forward by several months," says SRL founder Karsten Nohl.

6 of 116 comments (clear)

  1. Missing info from summary by Bob+the+Super+Hamste · · Score: 5, Informative

    Some missing info from the sumamry about the average number of missing patches per device from each manufacturer
    Average missing patches per device from each manufacturer
    0 or 1 - Google, Samsung, and Sony
    1 to 3 - Xiaomi, OnePlus, and Nokia
    3 to 4 - HTC, Huawei, LG, and Motorola
    4 or more - TCL and ZTE

    --
    Time to offend someone
    1. Re:Missing info from summary by ctilsie242 · · Score: 4, Informative

      I am surprised that HTC is on the 3-4 list. I've had very good luck with them ensuring that patches come out on time. Even though they are not a "tier 1" maker like Samsung, they produce decent phones that may not have the latest bells and whistles... but they do the job and do it well. They also allow for bootloader unlocking, which is a make or break thing, as a root firewall is a must these days.

    2. Re:Missing info from summary by tlhIngan · · Score: 5, Informative

      I am surprised that HTC is on the 3-4 list. I've had very good luck with them ensuring that patches come out on time. Even though they are not a "tier 1" maker like Samsung, they produce decent phones that may not have the latest bells and whistles... but they do the job and do it well. They also allow for bootloader unlocking, which is a make or break thing, as a root firewall is a must these days.

      The article is not about patches coming out on time. It's about patches that come out missing.

      It's easy to make a security patch that patches nothing other than updating the date you see in the about screen.

      That's what the article is about - just because your device is "up to date", doesn't mean it has all the patches. They basically took a patched phone and re-ran the vulnerability tests on them, only to find the patches were not applied despite claims they were by having the patches up to date.

  2. Re:Lying to the public? by crunchygranola · · Score: 3, Informative

    And the article has exactly that information in it:

    A review of a CFPB database obtained by the AP through a Freedom of Information request shows that the bureau issued an average of two to four enforcement actions a month under former Director Richard Cordray, President Obama’s appointee. But the database shows zero enforcement actions have been taken since Nov. 21, 2017, three days before Cordray resigned.

    Yeah, curse the news a bullshit when you didn't bother to even take a single peek at it.

    --
    Second class citizen of the New Gilded Age
  3. Re: Planned Obsolescence by Pax_Europa · · Score: 4, Informative

    I've inherited a hand-me-down Note 4 and am currently running the wonderful Resurrection Remix ROM (7.1),undervolted and underclocked, rooted with Magisk, and it's a fantastic phone IME.

    I've just noticed yesterday that Resurrection Remix has just released a new Oreo version for phones that include the Note 4,so it looks like it's still got some life left in this model yet.

  4. Re:No shit .... by farble1670 · · Score: 4, Informative

    Even Google stopped supporting their Pixel phones, when almost their only selling point was getting proper updates.

    Google guarantees 3 years of updates (OS updates, not just patches) on the Pixel 2, and the Pixel 1 is guaranteed 3 years of patches (but I think only 2 years of OS updates):
      https://www.theverge.com/circu...