Android ecosystem is highly broken when it comes to security, and device manufacturers (better known as OEMs) make it even worse by not providing critical patches in time.
According to a new study, most Android vendors have been lying to users about security updates and telling customers that their smartphones are running the latest updates.
In other words, most smartphone manufacturers including big players like Samsung, Xiaomi, OnePlus, Sony, HTC, LG, and Huawei are not delivering you every critical security patch they’re supposed to, a study by Karsten Nohl and Jakob Lell of German security firm Security Research Labs (SRL) revealed.
Nohl and Lell examined the firmware of 1,200 smartphones from over a dozen vendors, for every Android patch released last year, and found that many devices have a “patch gap,” leaving parts of the Android ecosystem exposed to hackers.
“Sometimes these guys just change the date without installing any patches. Probably for marketing reasons, they just set the patch level to almost an arbitrary date, whatever looks best,” Nohl says in an interview with Wired.
Google releases security patches every month to keep its Android ecosystem safe and secure from the underlying risks, but since every manufacturer and mobile carrier modify the operating system to make their smartphone unique, they often fail to apply all those patches in time.
SRL researchers investigated smartphones that had supposedly received and installed the latest Android updates and released the following breakdown of their findings:
0-1 missed patches—Google, Sony, Samsung, Wiko Mobile
1-3 missed patches—Xiaomi, OnePlus, Nokia
3-4 missed patches—HTC, Huawei, LG, Motorola
4+ missed patches—TCL, ZTE
Specifically, the above result focused on security patches for Critical and High severity vulnerabilities that were released in 2017.
As shown above, Google, Samsung, Wiko Mobile and Sony are still doing great in installing patches, but others, specifically Chinese vendors like Xiaomi and OnePlus are worse in protecting their customers against latest security flaws.