Some Android smartphone manufacturers have been caught lying about security updates, which means that your device might not be as safe as you think.
Over recent years, it appeared that the security of Android smartphones was improving. However, after the discovery, owners of the devices should now be more vigilant in making sure that their Android smartphones are safe to use.
Missing Security Updates For Android Smartphones
One of the biggest issues with the Android operating system is the fragmentation problem, as Google has struggled to have smartphone manufacturers and carriers push out updates for Android smartphones. To illustrate, Android Oreo took six months to finally reach usage of 1 percent among Android devices.
However, it looks like there is another major issue regarding Android security updates. Karsten Nohl and Jakob Lell from Germany's Security Research Labs, discovered that Android smartphone manufacturers are not only guilty of failing to provide customers with security patches and rolling out the updates on time. The researchers also found out that the phone makers also sometimes tell customers that the devices are fully updated even though they skipped some security patches.
Nohl and Lell reverse engineered the operating system code of about 1,200 Android smartphones to check if the devices really contained the security patches that companies said they did. The researchers found that, in many cases, Android smartphones that were said to have all Android security patches up to certain dates were really missing several updates, which leaves the devices open to a variety of hacking methods.
Only Google's own Pixel and Pixel 2 smartphones contained all the necessary security updates. Even major companies such as Samsung and Sony were guilty of skipping one patch in some of their devices. Smartphones from Nokia, OnePlus, and Xiaomi skipped up to three updates, while devices from Huawei, Motorola, LG, and HTC skipped up to four patches. The worst offenders were said to be ZTE and TCL, which skipped over four patches in their smartphones.
Why Android Phone Makers Skipped Security Updates
Skipping security updates may be related to the chipsets used by the smartphones, according to Security Research Labs. This may be because there are bugs found in the chips, and the smartphone manufacturers will not be able to apply patches unless the chipmakers fix the problems in their products.
Google added that some devices may be skipping updates because they are uncertified, which means that they are not required to meet certain security standards. Some smartphones, meanwhile, may be skipping patches because their contents may be for features not offered by the devices.
The reason behind the skipped security updates, however, is not important. The issue here is that Android smartphone manufacturers are lying to their customers, even if the devices remain hard to crack.