It seems that some Android smartphone manufacturers have been repeatedly misleading the users about security updates by simply changing the dates of the security patches without actually changing anything within. When Google creates new security updates each month, it trickles them down to device makers that get the ultimate say on how and when to update their phones. Technically, there's nothing wrong with that but what's really happening is that in some cases, OEMs are changing the security update date on the device without actually installing the associated patches, effectively lying to customers.
Two well-known German researchers, Karsten Nohl and Jakob Lell of Berlin's Security Research Labs, plan to release a report today showing that many Android security updates are bogus. The results were shocking, with devices from industry giants such as Google, Samsung, Motorola, HTC and ZTE up on the list. Google told Wired some of the devices in the report weren't Android certified, and therefore aren't tested for security and performance. The Android security updates is an important aspect of an Android smartphone's security firewall.
Google pushes out Android security updates each month that is a collection of patches for a variety of security bugs. What they discovered was something they refer to as "patch gap". On many occasions, it was found that the OEMs were hiding as many as a dozen missed patches.
It is worth noting, though, that some manufacturers are apparently better at releasing updates than others. Basically Samsung created fake benchmarks, sent them to Android blogging sites who published them as facts. Though Google publishes updates monthly, device manufacturers are often late to deliver security updates by months at a time.
Boehner Latest Name in Republican Support of Cannabis Legalization
Announcing his decision to join the board of Acreage Holdings on Twitter, Boehner said that his thinking on cannabis has evolved. Statistics show that in states where marijuana is available in any form, opioid addiction, use and overdoses are greatly reduced.
The company also argued that some missing patches could be to do with a specific phone not offering an affected feature, or a feature being removed entirely as opposed to patching it.
The firm said: "We're working with them to improve their detection mechanisms to account for situations where a device uses an alternate security update instead of the Google suggested security update".
Bringing up the rear were ZTE and TCL, whose phones had an average of more than four missed Android security practices. "These layers of security-combined with the tremendous diversity of the Android ecosystem-contribute to the researchers' conclusions that remote exploitation of Android devices remains challenging".