www. O S N E W S .com
News Features Interviews
BlogContact Editorials

How Android phones hide missed security updates
By Thom Holwerda, submitted by emmzee on 2018-04-12 22:42:51

Google has long struggled with how best to get dozens of Android smartphone manufacturers - and hundreds of carriers - to regularly push out security-focused software updates. But when one German security firm looked under the hood of hundreds of Android phones, it found a troubling new wrinkle: Not only do many Android phone vendors fail to make patches available to their users, or delay their release for months; they sometimes also tell users their phone's firmware is fully up to date, even while they've secretly skipped patches.

On Friday at the Hack in the Box security conference in Amsterdam, researchers Karsten Nohl and Jakob Lell of the firm Security Research Labs plan to present the results of two years of reverse-engineering hundreds of Android phones' operating system code, painstakingly checking if each device actually contained the security patches indicated in its settings. They found what they call a "patch gap": In many cases, certain vendors' phones would tell users that they had all of Android's security patches up to a certain date, while in reality missing as many as a dozen patches from that period - leaving phones vulnerable to a broad collection of known hacking techniques.

Android is a mess.

20  Comments - Printer friendly - Related stories
Recent related stories
- Google Play Services no longer supports Android 4.0 - 2018-12-08
- Google makes a case to never buy a Pixel at launch again - 2018-11-29
- The good and bad of Samsung's One UI interface - 2018-11-13
- APEX furthers the Android modularization started by Treble - 2018-11-10
- Samsung shows off its smartphone with foldable display - 2018-11-08
- More related articles
 

Tell a friend
Your full name:
Your email address:
Your friend's email:
Anti-spam measure:
5+2=

News Features Interviews
BlogContact Editorials


WAP site - RSS feed
© OSNews LLC 1997-2007. All Rights Reserved.
The readers' comments are owned and a responsibility of whoever posted them.
Prefer the desktop version of OSNews?