Sketchy phone manufacturers pretending to update phones?

Discussion in 'Android News' started by PereDroid, Apr 13, 2018.

  1. PereDroid

    PereDroid DF News Team Reporter

    Joined:
    Jan 25, 2010
    Messages:
    5,685
    Likes Received:
    3,460
    Trophy Points:
    1,563
    Location:
    Cleveland, Ohio
    Ratings:
    +4,045
    Current Phone Model:
    Moto Turbo 2
    [​IMG]

    Security Research Labs in Germany has just completed a 2 year study on Android security and the monthly patches released by Google. They claim that several companies, none actually named (yet), are telling users they've got an update but in reality doing nothing more then just updating the date! Others release real updates but since they skipped 2, 3 or 4 (or more!) any cumulative effects of the patches may not get installed leaving security holes.
    The lying about the date thing isn't common by any means as SRL founder Karsten Nohl said "We found several vendors that didn’t install a single patch but changed the patch date forward by several months. That’s deliberate deception, and it’s not very common”.
    They are presenting at a security conference today, so I wonder if they will come out and say who's guilty of this. They should, right?

    Security Research Labs also released a list of who performed the best at security updates:
    • Samsung, Sony and Google were the best followed by
    • OnePlus and Nokia
    • Huawei, HTC, LG and Motorola coming in 3rd
    • ZTE and TCL coming in a dismal last place missing on average more then 4 security updates.

    Source: The Guardian
    Picture from XDA
     
  2. me just sayin

    me just sayin Diamond Member

    Top Poster Of Month

    Joined:
    Jun 7, 2017
    Messages:
    4,991
    Likes Received:
    3,278
    Trophy Points:
    1,578
    Location:
    35.7051° N, 89.9695° W
    Ratings:
    +3,396
    Current Phone Model:
    Note 8
    surprised to see Samsung as one of the best.
     
  3. xeene

    xeene Gold Member

    Joined:
    Jun 28, 2010
    Messages:
    3,221
    Likes Received:
    941
    Trophy Points:
    208
    Location:
    detroit, usa
    Ratings:
    +1,085
    Samsung must be combining monthly security updates into one big annual update. Surprised Motorola isn't up there with Google because I get updates every month on a dot. Sometimes more then once a month.
     
  4. Sajo

    Sajo Diamond Member

    Joined:
    Jan 25, 2013
    Messages:
    12,848
    Likes Received:
    8,345
    Trophy Points:
    1,863
    Location:
    Tennessee
    Ratings:
    +8,872
    Current Phone Model:
    Moto Z Force - The Last Droid
    I read a few articles about this at lunchtime yesterday. There seems to be a slight difference in the way that Security Research Labs data is being reported between some of the popular tech news websites (about who misses more patches and who is best vs worst). To answer the original question asked by the OP, Yes...they should release their full report and name the companies that are providing false updates just to look like security patches.

    But, as many of us have said on this Forum numerous times, security patches are a good thing, but not a guarantee that your phone is safe. As Google & Security Research Labs both agreed, and was reported with this information:

    "...Google's other major point: Hacking Android phones by exploiting their missing patches is far harder than it sounds. Even Android phones that don't have solid patching records still benefit from Android's broader security measures, like address space layout randomization (which since Android 4.0 - Lollipop) has randomized the location of a program in memory to make it harder for malware to exploit other parts of the phone—and sandboxing, which limits a malicious program's access to the rest of the device.

    That means most hacking techniques, known as exploits, that can gain full control of a target Android phone requires taking advantage of a series of vulnerabilities in a phone's software, not just one missed patch...


    As a result, he says, Android phones are far more often hacked with simpler schemes, namely rogue apps that find their way into the Google Play Store or that trick users into installing them from other sources outside of the Play Store. "Criminals will most likely stick with social engineering as long as humans are gullible and install free or pirated software that comes packaged with malware,"...
     
  5. Miller6386

    Miller6386 Developer
    Developer

    Joined:
    Oct 22, 2011
    Messages:
    2,619
    Likes Received:
    1,868
    Trophy Points:
    1,683
    Location:
    Beer Tent Capital of The World
    Ratings:
    +2,015
    Current Phone Model:
    Note 8
    Twitter:
    CoreyFMiller
    To my knowledge unlocked devices straight from Samsung get timely updates. Carriers in the US hold up our updates.

    Sent from my SM-P550 using Tapatalk
     
  6. me just sayin

    me just sayin Diamond Member

    Top Poster Of Month

    Joined:
    Jun 7, 2017
    Messages:
    4,991
    Likes Received:
    3,278
    Trophy Points:
    1,578
    Location:
    35.7051° N, 89.9695° W
    Ratings:
    +3,396
    Current Phone Model:
    Note 8
    but is the update the current month or the previous month :)
     
  7. me just sayin

    me just sayin Diamond Member

    Top Poster Of Month

    Joined:
    Jun 7, 2017
    Messages:
    4,991
    Likes Received:
    3,278
    Trophy Points:
    1,578
    Location:
    35.7051° N, 89.9695° W
    Ratings:
    +3,396
    Current Phone Model:
    Note 8
    got the latest update with the oreo upgrade. generally the times I have noticed, samsung usually runs about half a month behind.
     
  8. me just sayin

    me just sayin Diamond Member

    Top Poster Of Month

    Joined:
    Jun 7, 2017
    Messages:
    4,991
    Likes Received:
    3,278
    Trophy Points:
    1,578
    Location:
    35.7051° N, 89.9695° W
    Ratings:
    +3,396
    Current Phone Model:
    Note 8
    no such thing as a guarantee. :)
     
  9. RyanPm40

    RyanPm40 Active Member

    Joined:
    May 3, 2010
    Messages:
    922
    Likes Received:
    99
    Trophy Points:
    43
    Ratings:
    +139
    I mean, I definitely get a security update on my S8 monthly from Verizon. It's impressive to me.
     
  10. xeene

    xeene Gold Member

    Joined:
    Jun 28, 2010
    Messages:
    3,221
    Likes Received:
    941
    Trophy Points:
    208
    Location:
    detroit, usa
    Ratings:
    +1,085
    Looks like current month. [​IMG]
     
  11. PereDroid

    PereDroid DF News Team Reporter

    Joined:
    Jan 25, 2010
    Messages:
    5,685
    Likes Received:
    3,460
    Trophy Points:
    1,563
    Location:
    Cleveland, Ohio
    Ratings:
    +4,045
    Current Phone Model:
    Moto Turbo 2
    Follow Up: they did not name names. ;)