Is your Android phone hiding security updates from you?

null

Android smartphone users may be being left at risk of attack due to a lack of security protection - despite thinking they were properly protected.

Security researchers have claimed that many Android devices could be lacking proper security protection due to vendors not making the right security updates available to users of their smartphones.

Karsten Nohl and Jakob Lell from Security Research Labs carried out two years of research across a wide range of Android smartphones, finding that many were not provided with the latest vital security updates as soon as they became available.

Some devices even lied to their users about being updated to the latest versions of software and firmware available, meaning users could have been left at risk of attack.

False

Device fragmentation has long been a challenge for Google when releasing updates for its Android platform, which is by far and away the most popular mobile software on the planet.

The company typically makes the latest Android updates available to users with its own Pixel and older Nexus devices first, before then later rolling them out to third-party manufacturers.

However, the researchers found that many vendors did not make patches avilable to their customers for months, creating what they call a "patch gap". Some devices would tell their users they had been updated to the latest version of software or firmware, but in reality were lacking up to a dozen vital patches.

"We found several vendors that didn’t install a single patch but changed the patch date forward by several months," Nohl told WIRED. "That’s deliberate deception, and it's not very common."

The research spanned every Android security patch released in 2017, and utilised 1,200 different makes of device, including items from major manufacturers such as Samsung, Motorola and HTC, as well as Google's own devices.

Android has typically been more vulnerable to attack that Apple's iOS platform, however Google has pumped a huge amount of resources into tackling security protection on its devices.