Android phones are slow at getting updates. Since the last update of Google in February, only about 1.1% of Android users can access the latest version of the software. However, more importantly, problems with Android software are much deeper than that. Our sources report that Research firm; Security Research Labs (SRL) claims that numerous Android manufacturers are insincere to users about missed security patches.
Researchers from the SRL Karsten Nohl and Jakob Lell analyzed Android devices for 2years to check if the phones had installed in actuality the security patches it said it would install. Both of them found out that many devices had what they referred to as a “patch gap,” where the phone’s software claimed an up-to-date security patches but was in actual fact missing about a dozen of the patches.
It was also observed that the missed patches were not isolated. SRL tested firmware from 1,200 phones from companies such as Google, Samsung, HTC, Motorola, LTE, and TCL for all patches released last year. It was found that major flagships from Samsung and Sony missed a patch seldomly.
It is terrible to discover that customers are being left at the mercy of hackers by not having the latest security updates. They are also being deceived into thinking they have are fully protected. To aid in this predicament, SRL is releasing a tool “SnoopSnitch” on the Play Store which according to them analyzes a phone’s firmware for installed or missing Android security patches.
Not all phone manufacturers are equal in line with missing security patches, just to be clear. By average, phones from Google, Samsung, and Sony only seemed to miss the occasional patch. Companies like ZTE and TCL had a far worse performance with devices that claimed installation of four or more security patches than they actually did.
Google on its own part stated that, “We’ve launched investigations into each instance and each OEM to bring their certified devices into compliance,” and that it would further investigate the issue. Google also attempted to explain some of SRL’s findings with manufacturers skipping patches for features that they may have just totally removed from the device or that some of the phones lacked Google’s official Android Security Certification in the first instance.
In conclusion, it would be best that manufacturers are honest about not being able to update their phones rather than giving false hope to users.