A team of German security researchers found that many Android smartphones may be missing critical security updates regardless of what vendors may tell buyers. Researchers found that most vendors claim that their handsets have the latest updates when they don’t.
This is because firmware upgrades can accidentally skip critical security patches.
Two researchers at Security Research Labs in Germany analyzed more than 1,000 firmware upgrades on dozens of Android phones. The models with the highest likelihood of getting all security updates were those from Samsung, Google, and Sony. The brands that were more likely to skip critical updates included ZTE, TCL, and Motorola.
Android phones usually get the latest security patches months after Google releases them. What’s more, some of these phones don’t get the updates at all. The main reason is the way Android is built.
Most carriers and phone makers tweak Android to make their products unique. However, in the process, some critical security patches are omitted.
Chinese Manufacturers More Likely to Skip Critical Security Updates
German researchers wanted to know which phones had installed the latest security updates. The team was especially interested on critical security updates that fixed major bugs in 2017.
The analysis revealed that Chinese phone makers ZTE and TCL have repeatedly failed to install the critical patches on their phones. On average, those two firms missed over 4 major updates in the handsets.
The greatest offenders, though, were the phones powered by MediaTek’s processors, with 9.7 missed security updates on average.
MediaTek, Qualcomm, and other chipset makers are testing and tweaking those patches before they hand them to Android phone makers. Phone makers have to tests the patches again across multiple phones. Meanwhile, security patches can be easily lost in the process, with barely anyone noticing it.
Image Source: Wikimedia