Manufacturers of Android phones regularly mislead customers by pretending to have phone software that has had certain patches while it is not. That in theory leaves open the possibility to abuse these leaks.
The machines of the Chinese manufacturers TCL and ZTE miss most of the patches on average, reports Wired . HTC, LG, Huawei and Motorola also miss an average of three of the more than two hundred patches in recent years. Xiaomi, OnePlus and Nokia miss a few patches on average, while at Google, Samsung, Sony and Wiko the least missing patches occur.
Security researchers Karsten Nohl and Jakob Lell of Security Research Labs investigated whether phones missed patches by searching the software. In doing so, they took the date until the software said the phone should be up to date and checked if any solutions for security problems were available.
Nohl and Lell examined more than twelve hundred models of more than a dozen Android manufacturers -Phones. Users can check whether their phone has all claimed patches with SnoopSnitch . That app asks for root access for some tests.
Although the lack of some patches makes the phones vulnerable to attack, it is not very easy in practice. It is not widely known which patches are missing and exploits also require a lot of work. Those who want to access a phone can do so more easily in other ways.
In a comment, Google says that some of the tested phones do not have Google apps, so they do not have to comply with Google’s security standards. . Nohl and Lell present their findings Friday at the Hack in the Box congress in Amsterdam.