InsightPortal Logo


Android manufacturers lying about security updates

A number of Android manufacturers have reportedly been lying to users regarding Android security updates.

Android has always had an issue with updates (except for Google of course) with most Android manufacturers struggling to roll out updates quickly whilst still maintaining full functionality of the update itself. However, when it comes to security, a very different story occurs, with security updates being pushed by manufacturers as soon as possible due to the large amount of devices that would remain vulnerable if the updates were delayed.

This is true on the most part, with a majority of manufacturers being nearly in sync with security researchers when it comes to security patches. Though in an interesting case, it was found that some manufacturers purposefully miss security patches yet inform their users that the security patch has been successfully installed. Essentially then you have users assuming they are up to date with security, when in reality the latest "security patch" didn't actually cover the issues stated in the patch information. This has been dubbed as a "patch gap" and even the likes of Samsung and Sony have been found to purposefully misinform their users regarding patches, with the stated security update making its way to the device months later or never at all. 

With three big names (Google, Samsung and Sony) all falling fault to this - admittedly in minor incidents - manufacturers have spoken out, with Google in particular taking a look into whether updates are rolling out correctly after they claimed to be unaware of this issue. At the moment though, it seems like the incident a deadline-reaching shortcut which is being exploited by a number of manufacturers in order to make security patch deadlines, at the cost of users' actual security.

All in all then, Android manufacturers as a whole need to ensure that security updates are rolled out according to their actual patch information, rather than falsely claiming to be up to date to meet deadline dates. For now, any users suspect of their devices security can download an app called SnoopSnitch which allows the user to check the firmware and security patches installed on their device to make sure they are actually what they say they are.


Impact Rating: 1