How Android phones hide missed security updates

  By Thom Holwerda, based on submission by emmzee - Posted on 2018-04-12 22:42:51 UTC at http://OSNews.com

Google has long struggled with how best to get dozens of Android smartphone manufacturers - and hundreds of carriers - to regularly push out security-focused software updates. But when one German security firm looked under the hood of hundreds of Android phones, it found a troubling new wrinkle: Not only do many Android phone vendors fail to make patches available to their users, or delay their release for months; they sometimes also tell users their phone's firmware is fully up to date, even while they've secretly skipped patches [https://www.wired.com/story/android-phones-hide-missed-security-updates-from-you/].

On Friday at the Hack in the Box security conference in Amsterdam, researchers Karsten Nohl and Jakob Lell of the firm Security Research Labs plan to present the results of two years of reverse-engineering hundreds of Android phones' operating system code, painstakingly checking if each device actually contained the security patches indicated in its settings. They found what they call a "patch gap": In many cases, certain vendors' phones would tell users that they had all of Android's security patches up to a certain date, while in reality missing as many as a dozen patches from that period - leaving phones vulnerable to a broad collection of known hacking techniques.

Android is a mess.

Original story page here.

Copyright OSNews.com 1997-2006. All Rights Reserved. OSNews and the OSNews logo are trademarks of OSNews.
All trademarks, icons, and logos, shown or mentioned in this web site, are the property of their respective owners.
Reproduction of OSNews stories is granted only by explicitly receiving authorization from OSNews and if credit is given to OSNews.
Privacy statement   -   Notice to Bulk Emailers