Sketchy phone manufacturers pretending to update phones?

PereDroid

PereDroid

Diamond Member
Joined
Jan 25, 2010
Messages
5,908
Reaction score
3,681
Location
Cleveland, Ohio
Current Phone Model
Moto Turbo 2
best-android-privacy-security-apps-810x298_c.jpg


Security Research Labs in Germany has just completed a 2 year study on Android security and the monthly patches released by Google. They claim that several companies, none actually named (yet), are telling users they've got an update but in reality doing nothing more then just updating the date! Others release real updates but since they skipped 2, 3 or 4 (or more!) any cumulative effects of the patches may not get installed leaving security holes.
The lying about the date thing isn't common by any means as SRL founder Karsten Nohl said "We found several vendors that didn’t install a single patch but changed the patch date forward by several months. That’s deliberate deception, and it’s not very common”.
They are presenting at a security conference today, so I wonder if they will come out and say who's guilty of this. They should, right?

Security Research Labs also released a list of who performed the best at security updates:
  • Samsung, Sony and Google were the best followed by
  • OnePlus and Nokia
  • Huawei, HTC, LG and Motorola coming in 3rd
  • ZTE and TCL coming in a dismal last place missing on average more then 4 security updates.

Source: The Guardian
Picture from XDA
 
xeene

xeene

Gold Member
Joined
Jun 28, 2010
Messages
3,479
Reaction score
1,004
Location
detroit, usa
Samsung must be combining monthly security updates into one big annual update. Surprised Motorola isn't up there with Google because I get updates every month on a dot. Sometimes more then once a month.
 
Sajo

Sajo

Diamond Member
Joined
Jan 25, 2013
Messages
20,735
Reaction score
16,874
Location
Tennessee
Current Phone Model
Pixel 7 Pro
I read a few articles about this at lunchtime yesterday. There seems to be a slight difference in the way that Security Research Labs data is being reported between some of the popular tech news websites (about who misses more patches and who is best vs worst). To answer the original question asked by the OP, Yes...they should release their full report and name the companies that are providing false updates just to look like security patches.

But, as many of us have said on this Forum numerous times, security patches are a good thing, but not a guarantee that your phone is safe. As Google & Security Research Labs both agreed, and was reported with this information:

"...Google's other major point: Hacking Android phones by exploiting their missing patches is far harder than it sounds. Even Android phones that don't have solid patching records still benefit from Android's broader security measures, like address space layout randomization (which since Android 4.0 - Lollipop) has randomized the location of a program in memory to make it harder for malware to exploit other parts of the phone—and sandboxing, which limits a malicious program's access to the rest of the device.

That means most hacking techniques, known as exploits, that can gain full control of a target Android phone requires taking advantage of a series of vulnerabilities in a phone's software, not just one missed patch...

As a result, he says, Android phones are far more often hacked with simpler schemes, namely rogue apps that find their way into the Google Play Store or that trick users into installing them from other sources outside of the Play Store. "Criminals will most likely stick with social engineering as long as humans are gullible and install free or pirated software that comes packaged with malware,"...
 
me just sayin

me just sayin

Diamond Member
Joined
Jun 7, 2017
Messages
5,029
Reaction score
4,456
Location
35.7051° N, 89.9695° W
Current Phone Model
Note 8
xeene said:
Samsung must be combining monthly security updates into one big annual update. Surprised Motorola isn't up there with Google because I get updates every month on a dot. Sometimes more then once a month.
Click to expand...

but is the update the current month or the previous month :)
 
me just sayin

me just sayin

Diamond Member
Joined
Jun 7, 2017
Messages
5,029
Reaction score
4,456
Location
35.7051° N, 89.9695° W
Current Phone Model
Note 8
Miller6386 said:
To my knowledge unlocked devices straight from Samsung get timely updates. Carriers in the US hold up our updates.

Sent from my SM-P550 using Tapatalk
Click to expand...

got the latest update with the oreo upgrade. generally the times I have noticed, samsung usually runs about half a month behind.
 
me just sayin

me just sayin

Diamond Member
Joined
Jun 7, 2017
Messages
5,029
Reaction score
4,456
Location
35.7051° N, 89.9695° W
Current Phone Model
Note 8
Sajo said:
I read a few articles about this at lunchtime yesterday. There seems to be a slight difference in the way that Security Research Labs data is being reported between some of the popular tech news websites (about who misses more patches and who is best vs worst). To answer the original question asked by the OP, Yes...they should release their full report and name the companies that are providing false updates just to look like security patches.

But, as many of us have said on this Forum numerous times, security patches are a good thing, but not a guarantee that your phone is safe. As Google & Security Research Labs both agreed, and was reported with this information:

"...Google's other major point: Hacking Android phones by exploiting their missing patches is far harder than it sounds. Even Android phones that don't have solid patching records still benefit from Android's broader security measures, like address space layout randomization (which since Android 4.0 - Lollipop) has randomized the location of a program in memory to make it harder for malware to exploit other parts of the phone—and sandboxing, which limits a malicious program's access to the rest of the device.

That means most hacking techniques, known as exploits, that can gain full control of a target Android phone requires taking advantage of a series of vulnerabilities in a phone's software, not just one missed patch...

As a result, he says, Android phones are far more often hacked with simpler schemes, namely rogue apps that find their way into the Google Play Store or that trick users into installing them from other sources outside of the Play Store. "Criminals will most likely stick with social engineering as long as humans are gullible and install free or pirated software that comes packaged with malware,"...
Click to expand...

no such thing as a guarantee. :)
 
You must log in or register to reply here.

Most reactions - Past 7 days

Similar threads

Jeffrey
Google fixes two serious Android security flaws
Replies
0
Views
2K
Jeffrey
Jeffrey
DroidModderX
Samsung Rolls Out February Security Patch For The S5 In Europe.
Replies
3
Views
3K
Sajo
Sajo
DroidModderX
Samsung Releases December Security Patch For The Note 5.
Replies
0
Views
2K
DroidModderX
DroidModderX
dgstorm
Samsung Announces Intention to Offer Android Security Patches Monthly
Replies
9
Views
3K
Ollie
Ollie
DroidModderX
Security Patches Included In New Nexus Factory Images
Replies
1
Views
1K
thunderbolt_nick
thunderbolt_nick
Top